Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

[SID 23621] System Infected: Tidserv Activity Detected


  • This topic is locked This topic is locked

#16
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes it is, does this occur in Firefox, IE or both ?

Lets do a fresh OTL run as I have found another place where it likes to hide

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    C:\Windows\assembly\tmp\U /s
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

Advertisements


#17
Devonasa

Devonasa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
It seems to only happen in Firefox, which is generally the only browser I use. I checked IE, and there has been no redirects.

OTL.txt


OTL logfile created on: 9/6/2011 2:33:24 PM - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\Devonasa\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.38 Mb Total Physical Memory | 261.80 Mb Available Physical Memory | 25.83% Memory free
2.24 Gb Paging File | 1.15 Gb Available in Paging File | 51.40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 101.64 Gb Total Space | 34.20 Gb Free Space | 33.65% Space Free | Partition Type: NTFS
Drive D: | 10.15 Gb Total Space | 0.09 Gb Free Space | 0.89% Space Free | Partition Type: NTFS

Computer Name: DEVONASA-PC | User Name: Devonasa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/06 14:26:36 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Devonasa\Desktop\OTL.exe
PRC - [2011/09/06 13:30:14 | 000,007,680 | ---- | M] () -- C:\Windows\system\svchost.exe
PRC - [2011/09/01 01:25:06 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/08/17 03:29:20 | 004,527,424 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Pro\DTAgent.exe
PRC - [2010/12/09 15:28:24 | 001,226,608 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/10/29 15:00:00 | 000,612,168 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2010/07/27 10:31:51 | 000,174,432 | ---- | M] (Impulse Point, LLC) -- C:\Program Files\SafeConnect\scManager.sys
PRC - [2010/07/17 14:04:33 | 000,297,240 | ---- | M] (Impulse Point, LLC) -- C:\Program Files\SafeConnect\SCClient.exe
PRC - [2009/12/16 16:44:36 | 003,750,400 | ---- | M] (SafeNet Inc.) -- C:\Windows\System32\hasplms.exe
PRC - [2009/09/17 18:56:58 | 002,477,304 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2009/09/17 18:38:02 | 001,864,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2009/09/17 18:27:26 | 001,455,432 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2009/07/08 20:14:40 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2009/07/08 20:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2006/11/15 22:03:36 | 000,109,344 | ---- | M] (Logitech Inc.) -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
PRC - [2006/11/15 22:01:52 | 000,244,512 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
PRC - [2006/11/15 21:58:40 | 000,746,520 | ---- | M] () -- C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
PRC - [2006/11/15 21:57:20 | 000,171,544 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
PRC - [2006/10/31 01:03:48 | 000,284,184 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/01 01:25:07 | 001,001,432 | ---- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll
MOD - [2010/12/09 15:29:16 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2010/12/09 15:28:24 | 001,226,608 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/01/26 21:07:32 | 003,884,312 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2009/12/22 00:09:26 | 000,016,832 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\ViewerPS.dll
MOD - [2009/11/03 19:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2006/11/15 22:01:08 | 001,058,328 | ---- | M] () -- C:\Program Files\Logitech\QuickCam10\LAppRes.DLL
MOD - [2006/11/15 21:58:40 | 000,746,520 | ---- | M] () -- C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
MOD - [2006/11/02 05:46:05 | 000,061,440 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll
MOD - [2006/10/31 01:04:12 | 000,022,040 | ---- | M] () -- C:\Program Files\Common Files\Logitech\LComMgr\LCMServerPS.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)
SRV - [2011/09/04 01:18:41 | 000,218,624 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Windows\System32\itnetw32.dll -- (itlperf)
SRV - [2010/07/27 10:31:51 | 000,174,432 | ---- | M] (Impulse Point, LLC) [Auto | Running] -- C:\Program Files\SafeConnect\scManager.sys -- (SCManager)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/02/05 01:31:56 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/12/16 16:44:36 | 003,750,400 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\Windows\System32\hasplms.exe -- (hasplms)
SRV - [2009/09/17 18:56:58 | 002,477,304 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2009/09/17 18:38:02 | 001,864,888 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2009/09/17 17:21:10 | 000,341,320 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2009/07/13 12:06:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2009/07/08 20:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2009/07/08 20:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2006/11/15 22:05:40 | 000,101,152 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2006/11/15 22:03:36 | 000,109,344 | ---- | M] (Logitech Inc.) [Auto | Running] -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)


========== Driver Services (SafeList) ==========

DRV - [2011/08/22 20:23:04 | 000,443,448 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2011/08/03 04:00:00 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110904.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/08/03 04:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110904.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/07/27 04:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/07/27 04:00:00 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/03/21 20:33:42 | 000,015,408 | ---- | M] (Windows ® Codename Longhorn DDK provider) [File_System | Auto | Running] -- C:\Windows\System32\drivers\SymAFR.sys -- (SymAFR)
DRV - [2010/09/10 22:32:20 | 000,167,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wpshelper.sys -- (WpsHelper)
DRV - [2010/06/24 12:01:36 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/12/09 21:27:18 | 000,588,800 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (hardlock)
DRV - [2009/11/04 20:53:40 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/09/17 18:38:10 | 000,092,488 | ---- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SYSTEM32\Drivers\SysPlant.sys -- (SysPlant)
DRV - [2009/09/17 18:31:50 | 000,042,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2009/09/03 16:03:48 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/09/03 16:03:48 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2009/08/26 11:54:38 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2009/08/25 20:05:44 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2009/08/25 20:05:42 | 000,320,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2009/08/25 20:05:42 | 000,281,648 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2009/08/20 07:01:50 | 000,356,864 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2009/07/14 12:51:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2009/06/10 09:52:58 | 000,347,648 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2009/05/27 14:31:18 | 000,050,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Teefer2.sys -- (Teefer2)
DRV - [2006/11/15 22:03:12 | 000,024,736 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2006/11/15 22:02:50 | 001,962,912 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2006/11/15 22:00:56 | 001,678,368 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2006/11/10 23:48:11 | 001,083,680 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam Ultra Vision(UVC)
DRV - [2006/11/10 23:48:00 | 000,040,352 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2006/11/10 23:46:29 | 001,512,224 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2006/11/02 03:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 3D AD 68 0E 67 47 12 47 9E 0B CA 82 C4 53 F8 42 [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 3D AD 68 0E 67 47 12 47 9E 0B CA 82 C4 53 F8 42 [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....ponse/index.jsp
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 3D AD 68 0E 67 47 12 47 9E 0B CA 82 C4 53 F8 42 [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....ponse/index.jsp
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 3D AD 68 0E 67 47 12 47 9E 0B CA 82 C4 53 F8 42 [binary data]

IE - HKU\S-1-5-21-1663229470-2338449591-2720500769-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKU\S-1-5-21-1663229470-2338449591-2720500769-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1663229470-2338449591-2720500769-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1663229470-2338449591-2720500769-1000\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = F1 51 CD 08 DB A2 BC 48 A7 29 D1 CF F4 45 D4 13 [binary data]
IE - HKU\S-1-5-21-1663229470-2338449591-2720500769-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1663229470-2338449591-2720500769-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..extensions.enabledItems: {99210d54-6321-41e8-bd1b-2b4c55874efb}:1.16
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {3c5b4e3e-6c55-4bd6-920d-a559fadeba48}:1.0
FF - prefs.js..extensions.enabledItems: {b424dafe-4966-4855-a2a8-6567daf2b9a7}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}:6.0.27

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Devonasa\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Devonasa\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Devonasa\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Devonasa\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.21\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/01 01:25:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.21\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/05 16:24:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{6B05BDE5-EBAC-4D82-ABE7-1A6F070E09C0}: C:\Users\Devonasa\AppData\Local\{6B05BDE5-EBAC-4D82-ABE7-1A6F070E09C0}

[2010/03/24 11:50:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Devonasa\AppData\Roaming\Mozilla\Extensions
[2011/09/06 02:01:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Devonasa\AppData\Roaming\Mozilla\Firefox\Profiles\m0xqq5lg.default\extensions
[2011/08/17 01:23:36 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\Devonasa\AppData\Roaming\Mozilla\Firefox\Profiles\m0xqq5lg.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2010/07/08 21:13:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Devonasa\AppData\Roaming\Mozilla\Firefox\Profiles\m0xqq5lg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/09/06 14:27:37 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Devonasa\AppData\Roaming\Mozilla\Firefox\Profiles\m0xqq5lg.default\extensions\{3c5b4e3e-6c55-4bd6-920d-a559fadeba48}
[2010/12/20 17:29:50 | 000,000,000 | ---D | M] ("Tumblr Post") -- C:\Users\Devonasa\AppData\Roaming\Mozilla\Firefox\Profiles\m0xqq5lg.default\extensions\{99210d54-6321-41e8-bd1b-2b4c55874efb}
[2011/09/05 15:57:33 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Devonasa\AppData\Roaming\Mozilla\Firefox\Profiles\m0xqq5lg.default\extensions\{b424dafe-4966-4855-a2a8-6567daf2b9a7}
[2011/08/31 15:26:26 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Devonasa\AppData\Roaming\Mozilla\Firefox\Profiles\m0xqq5lg.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/09/06 01:17:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/09/05 16:24:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/09/06 01:17:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2008/11/07 00:35:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\App\Photoshop\Plug-ins\Extensions
[2011/07/19 05:05:25 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/09/06 01:54:19 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {08CD51F1-A2DB-48BC-A729-D1CFF445D413} - C:\Windows\System32\wscui32.dll (Creative Technology Ltd)
O2 - BHO: (no name) - {0E68AD3D-4767-4712-9E0B-CA82C453F842} - C:\Windows\System32\wscui32.dll (Creative Technology Ltd)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] File not found
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam10\QuickCam10.exe ()
O4 - HKLM..\Run: [LVCOMSX] C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe (Logitech Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [JavaBackupVerifier] C:\ProgramData\JavaBackupVerifier.dll (Creative Technology Ltd)
O4 - HKU\.DEFAULT..\Run: [Qdupadava] C:\Windows\System32\config\systemprofile\AppData\Local\wuincap.dll (Mylex Corporation)
O4 - HKU\S-1-5-18..\Run: [JavaBackupVerifier] C:\ProgramData\JavaBackupVerifier.dll (Creative Technology Ltd)
O4 - HKU\S-1-5-18..\Run: [Qdupadava] C:\Windows\System32\config\systemprofile\AppData\Local\wuincap.dll (Mylex Corporation)
O4 - HKU\S-1-5-19..\Run: [MicrosoftUpdate] File not found
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [MicrosoftUpdate] File not found
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1663229470-2338449591-2720500769-1000..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-1663229470-2338449591-2720500769-1000..\Run: [DAEMON Tools Pro Agent] C:\Program Files\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10d.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10d.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FB3AA8F6-0159-4F70-994A-780FCEE470F9}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop BackupWallPaper: C:\Users\Devonasa\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/09/06 14:26:26 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Users\Devonasa\Desktop\OTL.exe
[2011/09/06 13:15:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2011/09/06 13:15:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2011/09/06 13:15:33 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2011/09/06 12:08:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011/09/05 16:47:16 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/09/05 16:47:09 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/09/05 16:26:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/09/05 15:19:40 | 000,000,000 | ---D | C] -- C:\Users\Devonasa\AppData\Roaming\Malwarebytes
[2011/09/05 15:18:16 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/09/05 15:18:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/09/05 15:18:13 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/09/05 15:18:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/09/05 15:05:06 | 009,466,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Devonasa\Desktop\mbam-setup-1.51.1.1800.exe
[2011/09/04 18:29:32 | 000,135,360 | ---- | C] (Symantec Corporation) -- C:\Users\Devonasa\Desktop\FixBlast.exe
[2011/09/03 17:55:54 | 000,068,608 | ---- | C] (Creative Technology Ltd) -- C:\ProgramData\JavaBackupVerifier.dll
[2011/09/03 16:52:50 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Devonasa\Desktop\aswMBR.exe
[2011/09/02 12:35:34 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Devonasa\Desktop\dds(2).scr
[2011/08/23 18:27:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CEP for The Sims 2
[2011/08/23 17:37:57 | 000,000,000 | ---D | C] -- C:\Users\Devonasa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sims2Pack Clean Installer
[2011/08/23 17:37:57 | 000,000,000 | ---D | C] -- C:\Program Files\Sims2Pack Clean Installer
[2011/08/22 20:55:43 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\EA Games
[2011/08/22 20:23:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Pro
[2011/08/22 20:21:25 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Pro
[2011/08/22 18:01:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES
[2011/08/22 17:59:20 | 000,000,000 | ---D | C] -- C:\Users\Devonasa\Documents\EA Games
[2011/08/17 13:44:30 | 000,000,000 | ---D | C] -- C:\Users\Devonasa\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/08/17 12:53:55 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2011/08/17 02:48:46 | 000,000,000 | ---D | C] -- C:\Users\Devonasa\Adobe Photoshop CS5.1
[2011/08/17 02:45:18 | 000,000,000 | ---D | C] -- C:\Users\Devonasa\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011/08/17 02:44:13 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Download Assistant
[2011/08/17 02:43:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/08/15 00:20:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/08/15 00:20:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/08/10 18:26:46 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/08/10 18:10:53 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Softwrap
[2011/08/10 18:10:53 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Fonts
[2011/08/10 18:10:53 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Config
[2011/08/10 18:10:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Ulead Systems
[2011/08/10 18:10:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ulead GIF Animator 5 TBYB
[2011/08/10 18:10:17 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2011/08/10 18:10:17 | 000,000,000 | ---D | C] -- C:\Program Files\Ulead Systems
[2011/08/10 18:10:07 | 000,000,000 | ---D | C] -- C:\Windows\Noslip
[2011/08/09 01:23:38 | 000,000,000 | ---D | C] -- C:\Users\Devonasa\AppData\Roaming\QuickScan
[2011/08/09 01:21:56 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender
[2011/08/09 01:20:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender
[2011/08/08 01:30:51 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo Layers Runtime
[2011/08/08 01:30:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[28 C:\Users\Devonasa\Documents\*.tmp files -> C:\Users\Devonasa\Documents\*.tmp -> ]
[1 C:\Users\Devonasa\AppData\Local\*.tmp files -> C:\Users\Devonasa\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/06 14:29:29 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8ED58AD3-8ABB-401C-95E3-4D53772E5585}.job
[2011/09/06 14:26:36 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Devonasa\Desktop\OTL.exe
[2011/09/06 14:19:58 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/06 13:51:01 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/06 13:49:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1663229470-2338449591-2720500769-1000UA.job
[2011/09/06 13:46:27 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/06 13:46:27 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/06 13:34:14 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/09/06 13:34:14 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/09/06 13:30:14 | 000,007,680 | ---- | M] () -- C:\Windows\System\svchost.exe
[2011/09/06 13:25:37 | 003,730,792 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/09/06 13:24:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/06 12:49:10 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1663229470-2338449591-2720500769-1000Core.job
[2011/09/06 12:06:15 | 000,252,991 | ---- | M] () -- C:\Users\Devonasa\Desktop\FHSetup.exe
[2011/09/06 01:54:19 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/09/05 16:39:32 | 000,000,950 | ---- | M] () -- C:\Users\Devonasa\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/09/05 15:18:16 | 000,000,937 | ---- | M] () -- C:\Users\Devonasa\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/09/05 15:18:16 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/05 15:05:09 | 009,466,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Devonasa\Desktop\mbam-setup-1.51.1.1800.exe
[2011/09/04 18:29:33 | 000,135,360 | ---- | M] (Symantec Corporation) -- C:\Users\Devonasa\Desktop\FixBlast.exe
[2011/09/03 19:13:43 | 000,000,512 | ---- | M] () -- C:\Users\Devonasa\Desktop\MBR.dat
[2011/09/03 16:54:26 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Devonasa\Desktop\aswMBR.exe
[2011/09/02 17:00:47 | 000,136,704 | ---- | M] () -- C:\Users\Devonasa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/02 12:35:39 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Devonasa\Desktop\dds(2).scr
[2011/08/25 12:45:12 | 000,001,235 | ---- | M] () -- C:\Users\Devonasa\Desktop\Sims2EP9.exe - Shortcut.lnk
[2011/08/25 01:05:49 | 008,191,066 | ---- | M] () -- C:\Users\Devonasa\Documents\Up N Down demo.mp3
[2011/08/23 17:37:57 | 000,001,015 | ---- | M] () -- C:\Users\Devonasa\Desktop\Sims2Pack Clean Installer.lnk
[2011/08/23 14:39:19 | 000,002,186 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 2 Mansion and Garden Stuff.lnk
[2011/08/23 14:15:31 | 000,001,354 | ---- | M] () -- C:\Users\Public\Desktop\www.thesims3.com.lnk
[2011/08/23 14:06:44 | 000,002,090 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 2 Apartment Life.lnk
[2011/08/23 13:55:24 | 000,002,108 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 2 IKEA® Home Stuff.lnk
[2011/08/23 13:52:37 | 000,002,288 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 2 Kitchen & Bath Interior Design Stuff.lnk
[2011/08/23 13:48:30 | 000,002,036 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 2 FreeTime.lnk
[2011/08/23 13:42:20 | 000,002,108 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 2 Teen Style Stuff.lnk
[2011/08/23 13:33:26 | 000,002,054 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 2 Bon Voyage.lnk
[2011/08/23 00:54:31 | 000,002,101 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 2 H&M® Fashion Stuff.lnk
[2011/08/23 00:48:39 | 000,002,101 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 2 Celebration! Stuff.lnk
[2011/08/23 00:06:35 | 000,002,002 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 2 Seasons.lnk
[2011/08/22 23:49:54 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\The Sims 2 Pets.lnk
[2011/08/22 23:05:42 | 000,002,101 | ---- | M] () -- C:\Users\Public\Desktop\The Sims 2 Glamour Life Stuff.lnk
[2011/08/22 22:58:56 | 000,002,083 | ---- | M] () -- C:\Users\Public\Desktop\The Sims 2 Family Fun Stuff.lnk
[2011/08/22 22:48:08 | 000,002,092 | ---- | M] () -- C:\Users\Public\Desktop\The Sims 2 Open For Business.lnk
[2011/08/22 20:59:08 | 000,002,020 | ---- | M] () -- C:\Users\Public\Desktop\The Sims 2 Nightlife.lnk
[2011/08/22 20:24:44 | 000,001,724 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Pro.lnk
[2011/08/22 18:26:15 | 000,002,029 | ---- | M] () -- C:\Users\Public\Desktop\The Sims 2 University.lnk
[2011/08/22 18:01:32 | 000,001,905 | ---- | M] () -- C:\Users\Public\Desktop\The Sims 2.lnk
[2011/08/17 02:44:16 | 000,000,919 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Download Assistant.lnk
[2011/08/13 19:56:45 | 000,000,000 | ---- | M] () -- C:\Users\Devonasa\AppData\Local\{09D65B15-4284-4663-AB55-38DC4CF5780E}
[2011/08/13 01:14:57 | 000,001,356 | ---- | M] () -- C:\Users\Devonasa\AppData\Local\d3d9caps.dat
[2011/08/10 18:20:34 | 000,000,274 | ---- | M] () -- C:\Windows\ulead32.ini
[2011/08/10 18:20:31 | 000,000,560 | ---- | M] () -- C:\Users\Public\Documents\Global.sw
[2011/08/10 18:10:18 | 000,001,777 | ---- | M] () -- C:\Users\Public\Desktop\Ulead GIF Animator 5.lnk
[2011/08/09 20:50:43 | 000,000,303 | ---- | M] () -- C:\Windows\System32\checkdnsid.xml
[2011/08/09 03:27:45 | 000,000,385 | ---- | M] () -- C:\Windows\System32\user_gensett.xml
[2011/08/09 01:49:53 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_avchv_01009.Wdf
[2011/08/09 01:49:51 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2011/08/09 00:22:56 | 000,000,000 | ---- | M] () -- C:\t1dg.3
[28 C:\Users\Devonasa\Documents\*.tmp files -> C:\Users\Devonasa\Documents\*.tmp -> ]
[1 C:\Users\Devonasa\AppData\Local\*.tmp files -> C:\Users\Devonasa\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/06 12:06:11 | 000,252,991 | ---- | C] () -- C:\Users\Devonasa\Desktop\FHSetup.exe
[2011/09/05 16:25:50 | 000,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/09/05 15:49:28 | 000,007,680 | ---- | C] () -- C:\Windows\System\svchost.exe
[2011/09/05 15:18:16 | 000,000,937 | ---- | C] () -- C:\Users\Devonasa\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/09/05 15:18:16 | 000,000,913 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/03 18:02:14 | 000,000,512 | ---- | C] () -- C:\Users\Devonasa\Desktop\MBR.dat
[2011/08/25 01:05:39 | 008,191,066 | ---- | C] () -- C:\Users\Devonasa\Documents\Up N Down demo.mp3
[2011/08/23 17:37:57 | 000,001,015 | ---- | C] () -- C:\Users\Devonasa\Desktop\Sims2Pack Clean Installer.lnk
[2011/08/23 14:37:04 | 000,001,235 | ---- | C] () -- C:\Users\Devonasa\Desktop\Sims2EP9.exe - Shortcut.lnk
[2011/08/23 14:15:30 | 000,002,186 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 2 Mansion and Garden Stuff.lnk
[2011/08/23 14:06:44 | 000,002,090 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 2 Apartment Life.lnk
[2011/08/23 14:06:44 | 000,001,354 | ---- | C] () -- C:\Users\Public\Desktop\www.thesims3.com.lnk
[2011/08/23 13:55:24 | 000,002,108 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 2 IKEA® Home Stuff.lnk
[2011/08/23 13:52:37 | 000,002,288 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 2 Kitchen & Bath Interior Design Stuff.lnk
[2011/08/23 13:48:30 | 000,002,036 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 2 FreeTime.lnk
[2011/08/23 13:42:20 | 000,002,108 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 2 Teen Style Stuff.lnk
[2011/08/23 13:33:26 | 000,002,054 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 2 Bon Voyage.lnk
[2011/08/23 00:54:31 | 000,002,101 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 2 H&M® Fashion Stuff.lnk
[2011/08/23 00:48:39 | 000,002,101 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 2 Celebration! Stuff.lnk
[2011/08/23 00:06:35 | 000,002,002 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 2 Seasons.lnk
[2011/08/22 23:49:53 | 000,001,975 | ---- | C] () -- C:\Users\Public\Desktop\The Sims 2 Pets.lnk
[2011/08/22 23:05:42 | 000,002,101 | ---- | C] () -- C:\Users\Public\Desktop\The Sims 2 Glamour Life Stuff.lnk
[2011/08/22 22:58:56 | 000,002,083 | ---- | C] () -- C:\Users\Public\Desktop\The Sims 2 Family Fun Stuff.lnk
[2011/08/22 22:48:08 | 000,002,092 | ---- | C] () -- C:\Users\Public\Desktop\The Sims 2 Open For Business.lnk
[2011/08/22 20:59:08 | 000,002,020 | ---- | C] () -- C:\Users\Public\Desktop\The Sims 2 Nightlife.lnk
[2011/08/22 20:24:44 | 000,001,724 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Pro.lnk
[2011/08/22 18:26:15 | 000,002,029 | ---- | C] () -- C:\Users\Public\Desktop\The Sims 2 University.lnk
[2011/08/22 18:01:32 | 000,001,905 | ---- | C] () -- C:\Users\Public\Desktop\The Sims 2.lnk
[2011/08/17 12:53:01 | 000,001,023 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.1.lnk
[2011/08/17 12:46:08 | 000,000,985 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.1.lnk
[2011/08/17 12:42:48 | 000,001,078 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.5.lnk
[2011/08/17 12:32:16 | 000,001,179 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.5.lnk
[2011/08/17 12:30:31 | 000,001,347 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.5.lnk
[2011/08/17 12:25:28 | 000,000,881 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2011/08/17 02:44:16 | 000,000,931 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk
[2011/08/17 02:44:15 | 000,000,919 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Download Assistant.lnk
[2011/08/13 19:51:08 | 000,000,000 | ---- | C] () -- C:\Users\Devonasa\AppData\Local\{09D65B15-4284-4663-AB55-38DC4CF5780E}
[2011/08/10 18:10:53 | 000,000,560 | ---- | C] () -- C:\Users\Public\Documents\Global.sw
[2011/08/10 18:10:51 | 000,000,274 | ---- | C] () -- C:\Windows\ulead32.ini
[2011/08/10 18:10:18 | 000,001,777 | ---- | C] () -- C:\Users\Public\Desktop\Ulead GIF Animator 5.lnk
[2011/08/09 03:27:45 | 000,000,385 | ---- | C] () -- C:\Windows\System32\user_gensett.xml
[2011/08/09 02:29:54 | 000,000,303 | ---- | C] () -- C:\Windows\System32\checkdnsid.xml
[2011/08/09 01:49:53 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_avchv_01009.Wdf
[2011/08/09 01:49:51 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2011/08/09 01:48:17 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
[2011/08/09 00:22:56 | 000,000,000 | ---- | C] () -- C:\t1dg.3
[2011/08/03 19:53:38 | 000,000,000 | ---- | C] () -- C:\Users\Devonasa\AppData\Local\{1CF3071A-A136-4BBC-A174-D3B2CFC1128A}
[2011/05/11 18:58:58 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2010/09/05 17:41:21 | 000,001,356 | ---- | C] () -- C:\Users\Devonasa\AppData\Local\d3d9caps.dat
[2010/09/05 17:36:58 | 000,042,594 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2010/02/08 00:10:21 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/02/08 00:10:20 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/02/06 07:04:48 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/01/30 21:01:11 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/01/30 17:56:39 | 000,136,704 | ---- | C] () -- C:\Users\Devonasa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/11/15 22:03:12 | 000,024,736 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2006/11/15 22:00:56 | 001,678,368 | ---- | C] () -- C:\Windows\System32\drivers\Lvckap.sys
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 003,730,792 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,604,502 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,104,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/03/30 23:45:19 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\Audacity
[2011/08/17 13:44:30 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/08/17 02:45:18 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2010/02/05 07:01:23 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\DAEMON Tools Pro
[2010/02/26 20:24:52 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\Elluminate
[2010/01/30 18:28:23 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\GetRightToGo
[2011/08/09 01:23:38 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\QuickScan
[2010/12/01 22:49:18 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\Research In Motion
[2011/08/18 17:45:35 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\Spotify
[2010/01/30 19:34:45 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\Thinstall
[2010/03/29 21:16:44 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\Tific
[2010/05/24 17:42:41 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\Yandex
[2011/09/06 13:20:33 | 000,032,618 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/09/06 14:29:29 | 000,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{8ED58AD3-8ABB-401C-95E3-4D53772E5585}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\BACKUP\10-01-29 0251PM\Windows\explorer.exe
[2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\BACKUP\10-01-29 0251PM\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2010/02/01 07:13:19 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\BACKUP\10-01-29 0251PM\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2010/02/01 07:13:18 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 23:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\BACKUP\10-01-29 0251PM\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2010/02/01 07:13:18 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008/11/25 02:30:49 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\BACKUP\10-01-29 0251PM\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2010/02/01 07:34:11 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2008/11/25 02:30:48 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\BACKUP\10-01-29 0251PM\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2010/02/01 07:34:11 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 22:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\BACKUP\10-01-29 0251PM\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2010/02/01 07:13:19 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 05:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\BACKUP\10-01-29 0251PM\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2006/11/02 05:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 03:33:12 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SVCHOST.EXE >
[2006/11/02 05:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\BACKUP\10-01-29 0251PM\Windows\System32\svchost.exe
[2006/11/02 05:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\BACKUP\10-01-29 0251PM\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2006/11/02 05:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008/01/19 03:33:34 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/19 03:33:34 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2011/09/06 13:30:14 | 000,007,680 | ---- | M] () MD5=50C48BBAC68F1A1AAEC93FC11F218403 -- C:\Windows\system\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/19 03:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/19 03:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 05:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\BACKUP\10-01-29 0251PM\Windows\System32\userinit.exe
[2006/11/02 05:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\BACKUP\10-01-29 0251PM\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
[2006/11/02 05:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 05:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\BACKUP\10-01-29 0251PM\Windows\System32\winlogon.exe
[2006/11/02 05:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\BACKUP\10-01-29 0251PM\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2006/11/02 05:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 03:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< C:\Windows\assembly\tmp\U /s >

< End of report >

Extras.txt

OTL Extras logfile created on: 9/6/2011 2:33:24 PM - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\Devonasa\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.38 Mb Total Physical Memory | 261.80 Mb Available Physical Memory | 25.83% Memory free
2.24 Gb Paging File | 1.15 Gb Available in Paging File | 51.40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 101.64 Gb Total Space | 34.20 Gb Free Space | 33.65% Space Free | Partition Type: NTFS
Drive D: | 10.15 Gb Total Space | 0.09 Gb Free Space | 0.89% Space Free | Partition Type: NTFS

Computer Name: DEVONASA-PC | User Name: Devonasa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1663229470-2338449591-2720500769-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0085576B-D3EE-46B7-AA04-66A5125B7F35}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{611CCD2D-091D-4F49-977E-565352EBEFA6}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0FC0B411-9991-41E6-9BD4-53DA22E4FD7F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{1161531B-1A83-433D-A1BD-8020B7E2AC88}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe |
"{297323D9-E021-4481-ADAE-9FEF7D7DD925}" = protocol=6 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{2CF12751-81D9-4BD1-B498-355DA794BA9C}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{340414A8-802A-4E2F-A4FB-FC69B8CAB7DB}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{3706B691-7C1B-4E8B-BF7E-DE4AEF1DD566}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{47B19CF9-AF40-4F31-B10B-D774F4057D25}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe |
"{5081AF52-E57A-474A-BEAC-8E5BF60036E0}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5E308BDC-5BAF-4A53-B8D3-92CA5D001FB0}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{698A6159-4D4C-4E8C-A195-380CA5D3BDC9}" = protocol=17 | dir=in | app=c:\windows\system32\hasplms.exe |
"{7C4BE71D-C474-43CB-AFA6-85A67C5D3DB2}" = protocol=6 | dir=in | app=c:\windows\system32\hasplms.exe |
"{82C9CC69-0661-432C-BF21-217861061B8B}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe |
"{84570C9E-57B3-4100-A2FD-77FBAA866A8E}" = protocol=17 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{88BD47C5-3B21-4788-A3A3-B2172AC05761}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{93BB38FA-2556-4C75-AAF6-0A4AE11BE436}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{98925A0F-C000-4DB4-9CCC-1574C672B586}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{C4645DD4-8198-4424-AF0C-D1F2C7CDEFA2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CF28F06E-5DDD-46FD-94AC-13C57A5B8E9A}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{D820A76E-3191-469C-A800-8C28C8DFEC3D}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{DBE61390-BC9E-4051-B308-D329366D2D2C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{F88D0857-9510-450B-B451-C92A4D7BC5AE}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe |
"TCP Query User{569637BC-C95E-4500-956A-73A76B7CEF65}C:\program files\java\jre1.5.0_02\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.5.0_02\bin\javaw.exe |
"TCP Query User{ACAD2765-4639-4C1A-9F7B-AD7A4329B1B7}C:\program files\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe |
"UDP Query User{1D8EE7F6-B413-4BCB-9983-443CAA86F9A7}C:\program files\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe |
"UDP Query User{995EE229-A66C-42D3-94BA-1B39F7BF550A}C:\program files\java\jre1.5.0_02\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.5.0_02\bin\javaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{10110FE9-1EE8-4A3D-ADFD-1294F86BE5FC}" = Logitech QuickCam
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1A2A15C2-6780-49c1-B296-503230E9DE00}" = The Sims™ 2 Mansion and Garden Stuff
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 27
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2EFCC193-D915-4CCB-9201-31773A27BC06}" = Symantec Endpoint Protection
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{40C03514-89C3-41BA-0090-3B440256DB87}" = The Sims 2
"{4817189D-1785-4627-A33C-39FD90919300}" = The Sims 2 Pets
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5035723E-C26D-4979-ACA9-12765F5AD7EB}" = WinZip Pro
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5C648FDB-0138-4619-B66E-230EF53E8E2C}" = The Sims™ 2 Teen Style Stuff
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{6522C636-B04C-4333-9BEB-9E0C0B6350D6}" = The Sims™ 2 Kitchen & Bath Interior Design Stuff
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6BDD9CE6-D0A6-478A-BAD3-BA6945E89EB0}" = The Sims 2 Family Fun Stuff
"{6E17F9751-F056-4335-B718-8AF1B1092AFB}" = The Sims™ 2 IKEA® Home Stuff
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79872596-B887-E700-8D56-CADBC78BA5DE}" = Adobe Download Assistant
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = The Sims 2 Open For Business
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{84DDE556-43EF-43ed-B2DF-37AF9E5DDD75}" = The Sims™ 2 H&M® Fashion Stuff
"{87F6C83D-F949-4d14-B5CB-DC8C75F8932D}" = The Sims™ 2 FreeTime
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Runtime 1.10.01
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AF3E926-ED59-11D4-A44B-0000E86D2305}" = Ulead GIF Animator 5 TBYB
"{8FD3F4BA-A4A6-4380-00A6-CC6853AB2DC2}" = The Sims 2 University
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CEA4C7D0-ABBE-4074-A488-173BB382CDFF}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9CDBC303-3EED-40b0-8E41-A7C65AA96C26}" = The Sims 2 Glamour Life Stuff
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A89DEBCA-F743-3412-97F6-B2E489194551}" = Google Talk Plugin
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B6F5B704-06D3-4687-90F3-6195304AD755}" = The Sims™ 2 Apartment Life
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BEF726DD-4037-4214-8C6A-E625C02D2870}" = Logitech Audio Echo Cancellation Component
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BE}" = WinZip 15.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = The Sims™ 2 Seasons
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator
"{EAA38532-7AD0-4f78-918A-4F4F02096ECE}" = The Sims™ 2 Celebration! Stuff
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F248ADFA-64E0-4b03-8A83-059078BED6A0}" = The Sims™ 2 Bon Voyage
"{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = The Sims 2 Nightlife
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB26A501-6BA6-459B-89AA-9736730752FB}" = VoiceOver Kit
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"AC3Filter_is1" = AC3Filter 1.62b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.11 (Unicode)
"Audacity_is1" = Audacity 1.2.6
"CameraUserGuide-PSA470" = Canon PowerShot A470 Camera User Guide
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CEP - Colour Enable Packages_is1" = CEP (Color Enable Package) v.9.2 (beta)
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"DAEMON Tools Pro" = DAEMON Tools Pro
"DirectPrintUserGuide" = Canon Direct Print User Guide
"DivX Setup.divx.com" = DivX Setup
"E.M. Youtube Video Download Tool_is1" = E.M. Youtube Video Download Tool 3.13
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FLV Player" = FLV Player 2.0 (build 25)
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.6.21)" = Mozilla Firefox (3.6.21)
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"Norton UAC Tool" = Norton UAC Tool
"PhotoStitch" = Canon Utilities PhotoStitch
"QcDrv" = Logitech® Camera Driver
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"SafeConnect" = SafeConnect
"Scriptorium_for_TS2_is1" = Scriptorium for TS2
"Sims2Pack Clean Installer " = Sims2Pack Clean Installer
"SoftwareStarterGuide-DCSD34" = Canon Digital Camera Solution Disk 34 Software Starter Guide
"Spotify" = Spotify
"TweakUAC_is1" = TweakUAC
"WinRAR archiver" = WinRAR 4.00 (32-bit)
"WinZip Pro" = WinZip Pro
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
  • 0

#18
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Recheck on completion of this run please

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 3D AD 68 0E 67 47 12 47 9E 0B CA 82 C4 53 F8 42 [binary data]
    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 3D AD 68 0E 67 47 12 47 9E 0B CA 82 C4 53 F8 42 [binary data]
    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 3D AD 68 0E 67 47 12 47 9E 0B CA 82 C4 53 F8 42 [binary data]
    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 3D AD 68 0E 67 47 12 47 9E 0B CA 82 C4 53 F8 42 [binary data]
    IE - HKU\S-1-5-21-1663229470-2338449591-2720500769-1000\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = F1 51 CD 08 DB A2 BC 48 A7 29 D1 CF F4 45 D4 13 [binary data]
    FF - prefs.js..extensions.enabledItems: {3c5b4e3e-6c55-4bd6-920d-a559fadeba48}:1.0
    FF - prefs.js..extensions.enabledItems: {b424dafe-4966-4855-a2a8-6567daf2b9a7}:1.0
    [2011/09/06 14:27:37 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Devonasa\AppData\Roaming\Mozilla\Firefox\Profiles\m0xqq5lg.default\extensions\{3c5b4e3e-6c55-4bd6-920d-a559fadeba48}
    [2011/09/05 15:57:33 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Devonasa\AppData\Roaming\Mozilla\Firefox\Profiles\m0xqq5lg.default\extensions\{b424dafe-4966-4855-a2a8-6567daf2b9a7}
    O4 - HKU\S-1-5-18..\Run: [Qdupadava] C:\Windows\System32\config\systemprofile\AppData\Local\wuincap.dll (Mylex Corporation)
    O4 - HKU\S-1-5-19..\Run: [MicrosoftUpdate] File not found
    O4 - HKU\S-1-5-20..\Run: [MicrosoftUpdate] File not found
    [2011/08/08 01:30:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
    [2011/08/09 03:27:45 | 000,000,385 | ---- | C] () -- C:\Windows\System32\user_gensett.xml
    [2011/08/09 02:29:54 | 000,000,303 | ---- | C] () -- C:\Windows\System32\checkdnsid.xml

    :Reg
    [HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
    XMLHTTP_UUID_Default=-
    [HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
    XMLHTTP_UUID_Default= -
    [HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
    XMLHTTP_UUID_Default=-
    [HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
    XMLHTTP_UUID_Default=-
    [HKU\S-1-5-21-1663229470-2338449591-2720500769-1000\SOFTWARE\Microsoft\Internet Explorer\Main]
    XMLHTTP_UUID_Default=-

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#19
Devonasa

Devonasa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
I just checked on Google and there has been no redirects :)

Here is the log:

OTL logfile created on: 9/6/2011 4:02:19 PM - Run 2
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\Devonasa\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.38 Mb Total Physical Memory | 165.91 Mb Available Physical Memory | 16.37% Memory free
2.24 Gb Paging File | 1.23 Gb Available in Paging File | 55.09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 101.64 Gb Total Space | 32.90 Gb Free Space | 32.37% Space Free | Partition Type: NTFS
Drive D: | 10.15 Gb Total Space | 0.09 Gb Free Space | 0.89% Space Free | Partition Type: NTFS

Computer Name: DEVONASA-PC | User Name: Devonasa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/06 16:01:38 | 000,007,680 | ---- | M] () -- C:\Windows\system\svchost.exe
PRC - [2011/09/06 14:26:36 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Devonasa\Desktop\OTL.exe
PRC - [2011/09/01 01:25:06 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/08/17 03:29:20 | 004,527,424 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Pro\DTAgent.exe
PRC - [2010/12/09 15:28:24 | 001,226,608 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/10/29 15:00:00 | 000,612,168 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2010/07/27 10:31:51 | 000,174,432 | ---- | M] (Impulse Point, LLC) -- C:\Program Files\SafeConnect\scManager.sys
PRC - [2010/07/17 14:04:33 | 000,297,240 | ---- | M] (Impulse Point, LLC) -- C:\Program Files\SafeConnect\SCClient.exe
PRC - [2009/12/16 16:44:36 | 003,750,400 | ---- | M] (SafeNet Inc.) -- C:\Windows\System32\hasplms.exe
PRC - [2009/09/17 18:56:58 | 002,477,304 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2009/09/17 18:38:02 | 001,864,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2009/09/17 18:27:26 | 001,455,432 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2009/07/08 20:14:40 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2009/07/08 20:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2009/04/11 02:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2006/11/15 22:03:36 | 000,109,344 | ---- | M] (Logitech Inc.) -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
PRC - [2006/11/15 22:01:52 | 000,244,512 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
PRC - [2006/11/15 21:58:40 | 000,746,520 | ---- | M] () -- C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
PRC - [2006/11/15 21:57:20 | 000,171,544 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
PRC - [2006/10/31 01:03:48 | 000,284,184 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/01 01:25:07 | 001,001,432 | ---- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll
MOD - [2010/12/09 15:29:16 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2010/12/09 15:28:24 | 001,226,608 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2009/11/03 19:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2006/11/15 22:01:08 | 001,058,328 | ---- | M] () -- C:\Program Files\Logitech\QuickCam10\LAppRes.DLL
MOD - [2006/11/15 21:58:40 | 000,746,520 | ---- | M] () -- C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
MOD - [2006/11/02 05:46:05 | 000,061,440 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll
MOD - [2006/10/31 01:04:12 | 000,022,040 | ---- | M] () -- C:\Program Files\Common Files\Logitech\LComMgr\LCMServerPS.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)
SRV - [2011/09/04 01:18:41 | 000,218,624 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Windows\System32\itnetw32.dll -- (itlperf)
SRV - [2010/07/27 10:31:51 | 000,174,432 | ---- | M] (Impulse Point, LLC) [Auto | Running] -- C:\Program Files\SafeConnect\scManager.sys -- (SCManager)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/02/05 01:31:56 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/12/16 16:44:36 | 003,750,400 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\Windows\System32\hasplms.exe -- (hasplms)
SRV - [2009/09/17 18:56:58 | 002,477,304 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2009/09/17 18:38:02 | 001,864,888 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2009/09/17 17:21:10 | 000,341,320 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2009/07/13 12:06:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2009/07/08 20:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2009/07/08 20:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2006/11/15 22:05:40 | 000,101,152 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2006/11/15 22:03:36 | 000,109,344 | ---- | M] (Logitech Inc.) [Auto | Running] -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)


========== Driver Services (SafeList) ==========

DRV - [2011/08/22 20:23:04 | 000,443,448 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2011/08/03 04:00:00 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110904.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/08/03 04:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110904.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/07/27 04:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/07/27 04:00:00 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/03/21 20:33:42 | 000,015,408 | ---- | M] (Windows ® Codename Longhorn DDK provider) [File_System | Auto | Running] -- C:\Windows\System32\drivers\SymAFR.sys -- (SymAFR)
DRV - [2010/09/10 22:32:20 | 000,167,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wpshelper.sys -- (WpsHelper)
DRV - [2010/06/24 12:01:36 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/12/09 21:27:18 | 000,588,800 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (hardlock)
DRV - [2009/11/04 20:53:40 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/09/17 18:38:10 | 000,092,488 | ---- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SYSTEM32\Drivers\SysPlant.sys -- (SysPlant)
DRV - [2009/09/17 18:31:50 | 000,042,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2009/09/03 16:03:48 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/09/03 16:03:48 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2009/08/26 11:54:38 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2009/08/25 20:05:44 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2009/08/25 20:05:42 | 000,320,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2009/08/25 20:05:42 | 000,281,648 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2009/08/20 07:01:50 | 000,356,864 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2009/07/14 12:51:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2009/06/10 09:52:58 | 000,347,648 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2009/05/27 14:31:18 | 000,050,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Teefer2.sys -- (Teefer2)
DRV - [2006/11/15 22:03:12 | 000,024,736 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2006/11/15 22:02:50 | 001,962,912 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2006/11/15 22:00:56 | 001,678,368 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2006/11/10 23:48:11 | 001,083,680 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam Ultra Vision(UVC)
DRV - [2006/11/10 23:48:00 | 000,040,352 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2006/11/10 23:46:29 | 001,512,224 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2006/11/02 03:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..extensions.enabledItems: {99210d54-6321-41e8-bd1b-2b4c55874efb}:1.16
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}:6.0.27

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Devonasa\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Devonasa\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Devonasa\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Devonasa\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.21\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/01 01:25:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.21\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/05 16:24:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{6B05BDE5-EBAC-4D82-ABE7-1A6F070E09C0}: C:\Users\Devonasa\AppData\Local\{6B05BDE5-EBAC-4D82-ABE7-1A6F070E09C0}

[2010/03/24 11:50:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Devonasa\AppData\Roaming\Mozilla\Extensions
[2011/09/06 15:59:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Devonasa\AppData\Roaming\Mozilla\Firefox\Profiles\m0xqq5lg.default\extensions
[2011/08/17 01:23:36 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\Devonasa\AppData\Roaming\Mozilla\Firefox\Profiles\m0xqq5lg.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2010/07/08 21:13:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Devonasa\AppData\Roaming\Mozilla\Firefox\Profiles\m0xqq5lg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/20 17:29:50 | 000,000,000 | ---D | M] ("Tumblr Post") -- C:\Users\Devonasa\AppData\Roaming\Mozilla\Firefox\Profiles\m0xqq5lg.default\extensions\{99210d54-6321-41e8-bd1b-2b4c55874efb}
[2011/08/31 15:26:26 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Devonasa\AppData\Roaming\Mozilla\Firefox\Profiles\m0xqq5lg.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/09/06 01:17:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/09/05 16:24:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/09/06 01:17:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2008/11/07 00:35:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\App\Photoshop\Plug-ins\Extensions
[2011/07/19 05:05:25 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/09/06 15:52:33 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {08CD51F1-A2DB-48BC-A729-D1CFF445D413} - C:\Windows\System32\wscui32.dll (Creative Technology Ltd)
O2 - BHO: (no name) - {0E68AD3D-4767-4712-9E0B-CA82C453F842} - C:\Windows\System32\wscui32.dll (Creative Technology Ltd)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] File not found
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam10\QuickCam10.exe ()
O4 - HKLM..\Run: [LVCOMSX] C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe (Logitech Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FB3AA8F6-0159-4F70-994A-780FCEE470F9}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop BackupWallPaper: C:\Users\Devonasa\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/06 15:52:06 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/09/06 14:26:26 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Users\Devonasa\Desktop\OTL.exe
[2011/09/06 13:15:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2011/09/06 13:15:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2011/09/06 13:15:33 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2011/09/06 12:08:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011/09/05 16:47:16 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/09/05 16:47:09 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/09/05 16:26:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/09/05 15:19:40 | 000,000,000 | ---D | C] -- C:\Users\Devonasa\AppData\Roaming\Malwarebytes
[2011/09/05 15:18:16 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/09/05 15:18:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/09/05 15:18:13 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/09/05 15:18:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/09/05 15:05:06 | 009,466,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Devonasa\Desktop\mbam-setup-1.51.1.1800.exe
[2011/09/04 18:29:32 | 000,135,360 | ---- | C] (Symantec Corporation) -- C:\Users\Devonasa\Desktop\FixBlast.exe
[2011/09/03 17:55:54 | 000,068,608 | ---- | C] (Creative Technology Ltd) -- C:\ProgramData\JavaBackupVerifier.dll
[2011/09/03 16:52:50 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Devonasa\Desktop\aswMBR.exe
[2011/09/02 12:35:34 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Devonasa\Desktop\dds(2).scr
[2011/08/23 18:27:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CEP for The Sims 2
[2011/08/23 17:37:57 | 000,000,000 | ---D | C] -- C:\Users\Devonasa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sims2Pack Clean Installer
[2011/08/23 17:37:57 | 000,000,000 | ---D | C] -- C:\Program Files\Sims2Pack Clean Installer
[2011/08/22 20:55:43 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\EA Games
[2011/08/22 20:23:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Pro
[2011/08/22 20:21:25 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Pro
[2011/08/22 18:01:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES
[2011/08/22 17:59:20 | 000,000,000 | ---D | C] -- C:\Users\Devonasa\Documents\EA Games
[2011/08/17 13:44:30 | 000,000,000 | ---D | C] -- C:\Users\Devonasa\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/08/17 12:53:55 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2011/08/17 02:48:46 | 000,000,000 | ---D | C] -- C:\Users\Devonasa\Adobe Photoshop CS5.1
[2011/08/17 02:45:18 | 000,000,000 | ---D | C] -- C:\Users\Devonasa\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011/08/17 02:44:13 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Download Assistant
[2011/08/17 02:43:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/08/15 00:20:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/08/15 00:20:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/08/10 18:26:46 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/08/10 18:10:53 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Softwrap
[2011/08/10 18:10:53 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Fonts
[2011/08/10 18:10:53 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Config
[2011/08/10 18:10:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Ulead Systems
[2011/08/10 18:10:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ulead GIF Animator 5 TBYB
[2011/08/10 18:10:17 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2011/08/10 18:10:17 | 000,000,000 | ---D | C] -- C:\Program Files\Ulead Systems
[2011/08/10 18:10:07 | 000,000,000 | ---D | C] -- C:\Windows\Noslip
[2011/08/09 01:23:38 | 000,000,000 | ---D | C] -- C:\Users\Devonasa\AppData\Roaming\QuickScan
[2011/08/09 01:21:56 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender
[2011/08/09 01:20:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender
[2011/08/08 01:30:51 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo Layers Runtime
[28 C:\Users\Devonasa\Documents\*.tmp files -> C:\Users\Devonasa\Documents\*.tmp -> ]
[1 C:\Users\Devonasa\AppData\Local\*.tmp files -> C:\Users\Devonasa\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/06 16:07:53 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/06 16:07:53 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/06 16:05:04 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/09/06 16:05:03 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/09/06 16:01:38 | 000,007,680 | ---- | M] () -- C:\Windows\System\svchost.exe
[2011/09/06 15:58:08 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/06 15:57:15 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8ED58AD3-8ABB-401C-95E3-4D53772E5585}.job
[2011/09/06 15:57:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/06 15:52:33 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/09/06 15:51:02 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/06 15:49:02 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1663229470-2338449591-2720500769-1000UA.job
[2011/09/06 14:26:36 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Devonasa\Desktop\OTL.exe
[2011/09/06 13:25:37 | 003,730,792 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/09/06 12:49:10 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1663229470-2338449591-2720500769-1000Core.job
[2011/09/06 12:06:15 | 000,252,991 | ---- | M] () -- C:\Users\Devonasa\Desktop\FHSetup.exe
[2011/09/05 16:39:32 | 000,000,950 | ---- | M] () -- C:\Users\Devonasa\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/09/05 15:18:16 | 000,000,937 | ---- | M] () -- C:\Users\Devonasa\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/09/05 15:18:16 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/05 15:05:09 | 009,466,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Devonasa\Desktop\mbam-setup-1.51.1.1800.exe
[2011/09/04 18:29:33 | 000,135,360 | ---- | M] (Symantec Corporation) -- C:\Users\Devonasa\Desktop\FixBlast.exe
[2011/09/03 19:13:43 | 000,000,512 | ---- | M] () -- C:\Users\Devonasa\Desktop\MBR.dat
[2011/09/03 16:54:26 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Devonasa\Desktop\aswMBR.exe
[2011/09/02 17:00:47 | 000,136,704 | ---- | M] () -- C:\Users\Devonasa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/02 12:35:39 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Devonasa\Desktop\dds(2).scr
[2011/08/25 12:45:12 | 000,001,235 | ---- | M] () -- C:\Users\Devonasa\Desktop\Sims2EP9.exe - Shortcut.lnk
[2011/08/25 01:05:49 | 008,191,066 | ---- | M] () -- C:\Users\Devonasa\Documents\Up N Down demo.mp3
[2011/08/23 17:37:57 | 000,001,015 | ---- | M] () -- C:\Users\Devonasa\Desktop\Sims2Pack Clean Installer.lnk
[2011/08/23 14:39:19 | 000,002,186 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 2 Mansion and Garden Stuff.lnk
[2011/08/23 14:15:31 | 000,001,354 | ---- | M] () -- C:\Users\Public\Desktop\www.thesims3.com.lnk
[2011/08/23 14:06:44 | 000,002,090 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 2 Apartment Life.lnk
[2011/08/23 13:55:24 | 000,002,108 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 2 IKEA® Home Stuff.lnk
[2011/08/23 13:52:37 | 000,002,288 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 2 Kitchen & Bath Interior Design Stuff.lnk
[2011/08/23 13:48:30 | 000,002,036 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 2 FreeTime.lnk
[2011/08/23 13:42:20 | 000,002,108 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 2 Teen Style Stuff.lnk
[2011/08/23 13:33:26 | 000,002,054 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 2 Bon Voyage.lnk
[2011/08/23 00:54:31 | 000,002,101 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 2 H&M® Fashion Stuff.lnk
[2011/08/23 00:48:39 | 000,002,101 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 2 Celebration! Stuff.lnk
[2011/08/23 00:06:35 | 000,002,002 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 2 Seasons.lnk
[2011/08/22 23:49:54 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\The Sims 2 Pets.lnk
[2011/08/22 23:05:42 | 000,002,101 | ---- | M] () -- C:\Users\Public\Desktop\The Sims 2 Glamour Life Stuff.lnk
[2011/08/22 22:58:56 | 000,002,083 | ---- | M] () -- C:\Users\Public\Desktop\The Sims 2 Family Fun Stuff.lnk
[2011/08/22 22:48:08 | 000,002,092 | ---- | M] () -- C:\Users\Public\Desktop\The Sims 2 Open For Business.lnk
[2011/08/22 20:59:08 | 000,002,020 | ---- | M] () -- C:\Users\Public\Desktop\The Sims 2 Nightlife.lnk
[2011/08/22 20:24:44 | 000,001,724 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Pro.lnk
[2011/08/22 18:26:15 | 000,002,029 | ---- | M] () -- C:\Users\Public\Desktop\The Sims 2 University.lnk
[2011/08/22 18:01:32 | 000,001,905 | ---- | M] () -- C:\Users\Public\Desktop\The Sims 2.lnk
[2011/08/17 02:44:16 | 000,000,919 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Download Assistant.lnk
[2011/08/13 19:56:45 | 000,000,000 | ---- | M] () -- C:\Users\Devonasa\AppData\Local\{09D65B15-4284-4663-AB55-38DC4CF5780E}
[2011/08/13 01:14:57 | 000,001,356 | ---- | M] () -- C:\Users\Devonasa\AppData\Local\d3d9caps.dat
[2011/08/10 18:20:34 | 000,000,274 | ---- | M] () -- C:\Windows\ulead32.ini
[2011/08/10 18:20:31 | 000,000,560 | ---- | M] () -- C:\Users\Public\Documents\Global.sw
[2011/08/10 18:10:18 | 000,001,777 | ---- | M] () -- C:\Users\Public\Desktop\Ulead GIF Animator 5.lnk
[2011/08/09 01:49:53 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_avchv_01009.Wdf
[2011/08/09 01:49:51 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2011/08/09 00:22:56 | 000,000,000 | ---- | M] () -- C:\t1dg.3
[28 C:\Users\Devonasa\Documents\*.tmp files -> C:\Users\Devonasa\Documents\*.tmp -> ]
[1 C:\Users\Devonasa\AppData\Local\*.tmp files -> C:\Users\Devonasa\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/06 12:06:11 | 000,252,991 | ---- | C] () -- C:\Users\Devonasa\Desktop\FHSetup.exe
[2011/09/05 16:25:50 | 000,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/09/05 15:49:28 | 000,007,680 | ---- | C] () -- C:\Windows\System\svchost.exe
[2011/09/05 15:18:16 | 000,000,937 | ---- | C] () -- C:\Users\Devonasa\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/09/05 15:18:16 | 000,000,913 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/03 18:02:14 | 000,000,512 | ---- | C] () -- C:\Users\Devonasa\Desktop\MBR.dat
[2011/08/25 01:05:39 | 008,191,066 | ---- | C] () -- C:\Users\Devonasa\Documents\Up N Down demo.mp3
[2011/08/23 17:37:57 | 000,001,015 | ---- | C] () -- C:\Users\Devonasa\Desktop\Sims2Pack Clean Installer.lnk
[2011/08/23 14:37:04 | 000,001,235 | ---- | C] () -- C:\Users\Devonasa\Desktop\Sims2EP9.exe - Shortcut.lnk
[2011/08/23 14:15:30 | 000,002,186 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 2 Mansion and Garden Stuff.lnk
[2011/08/23 14:06:44 | 000,002,090 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 2 Apartment Life.lnk
[2011/08/23 14:06:44 | 000,001,354 | ---- | C] () -- C:\Users\Public\Desktop\www.thesims3.com.lnk
[2011/08/23 13:55:24 | 000,002,108 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 2 IKEA® Home Stuff.lnk
[2011/08/23 13:52:37 | 000,002,288 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 2 Kitchen & Bath Interior Design Stuff.lnk
[2011/08/23 13:48:30 | 000,002,036 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 2 FreeTime.lnk
[2011/08/23 13:42:20 | 000,002,108 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 2 Teen Style Stuff.lnk
[2011/08/23 13:33:26 | 000,002,054 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 2 Bon Voyage.lnk
[2011/08/23 00:54:31 | 000,002,101 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 2 H&M® Fashion Stuff.lnk
[2011/08/23 00:48:39 | 000,002,101 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 2 Celebration! Stuff.lnk
[2011/08/23 00:06:35 | 000,002,002 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 2 Seasons.lnk
[2011/08/22 23:49:53 | 000,001,975 | ---- | C] () -- C:\Users\Public\Desktop\The Sims 2 Pets.lnk
[2011/08/22 23:05:42 | 000,002,101 | ---- | C] () -- C:\Users\Public\Desktop\The Sims 2 Glamour Life Stuff.lnk
[2011/08/22 22:58:56 | 000,002,083 | ---- | C] () -- C:\Users\Public\Desktop\The Sims 2 Family Fun Stuff.lnk
[2011/08/22 22:48:08 | 000,002,092 | ---- | C] () -- C:\Users\Public\Desktop\The Sims 2 Open For Business.lnk
[2011/08/22 20:59:08 | 000,002,020 | ---- | C] () -- C:\Users\Public\Desktop\The Sims 2 Nightlife.lnk
[2011/08/22 20:24:44 | 000,001,724 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Pro.lnk
[2011/08/22 18:26:15 | 000,002,029 | ---- | C] () -- C:\Users\Public\Desktop\The Sims 2 University.lnk
[2011/08/22 18:01:32 | 000,001,905 | ---- | C] () -- C:\Users\Public\Desktop\The Sims 2.lnk
[2011/08/17 12:53:01 | 000,001,023 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.1.lnk
[2011/08/17 12:46:08 | 000,000,985 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.1.lnk
[2011/08/17 12:42:48 | 000,001,078 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.5.lnk
[2011/08/17 12:32:16 | 000,001,179 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.5.lnk
[2011/08/17 12:30:31 | 000,001,347 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.5.lnk
[2011/08/17 12:25:28 | 000,000,881 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2011/08/17 02:44:16 | 000,000,931 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk
[2011/08/17 02:44:15 | 000,000,919 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Download Assistant.lnk
[2011/08/13 19:51:08 | 000,000,000 | ---- | C] () -- C:\Users\Devonasa\AppData\Local\{09D65B15-4284-4663-AB55-38DC4CF5780E}
[2011/08/10 18:10:53 | 000,000,560 | ---- | C] () -- C:\Users\Public\Documents\Global.sw
[2011/08/10 18:10:51 | 000,000,274 | ---- | C] () -- C:\Windows\ulead32.ini
[2011/08/10 18:10:18 | 000,001,777 | ---- | C] () -- C:\Users\Public\Desktop\Ulead GIF Animator 5.lnk
[2011/08/09 01:49:53 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_avchv_01009.Wdf
[2011/08/09 01:49:51 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2011/08/09 01:48:17 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
[2011/08/09 00:22:56 | 000,000,000 | ---- | C] () -- C:\t1dg.3
[2011/08/03 19:53:38 | 000,000,000 | ---- | C] () -- C:\Users\Devonasa\AppData\Local\{1CF3071A-A136-4BBC-A174-D3B2CFC1128A}
[2011/05/11 18:58:58 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2010/09/05 17:41:21 | 000,001,356 | ---- | C] () -- C:\Users\Devonasa\AppData\Local\d3d9caps.dat
[2010/09/05 17:36:58 | 000,042,594 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2010/02/08 00:10:21 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/02/08 00:10:20 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/02/06 07:04:48 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/01/30 21:01:11 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/01/30 17:56:39 | 000,136,704 | ---- | C] () -- C:\Users\Devonasa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/11/15 22:03:12 | 000,024,736 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2006/11/15 22:00:56 | 001,678,368 | ---- | C] () -- C:\Windows\System32\drivers\Lvckap.sys
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 003,730,792 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,604,502 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,104,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/03/30 23:45:19 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\Audacity
[2011/08/17 13:44:30 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/08/17 02:45:18 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2010/02/05 07:01:23 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\DAEMON Tools Pro
[2010/02/26 20:24:52 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\Elluminate
[2010/01/30 18:28:23 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\GetRightToGo
[2011/08/09 01:23:38 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\QuickScan
[2010/12/01 22:49:18 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\Research In Motion
[2011/08/18 17:45:35 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\Spotify
[2010/01/30 19:34:45 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\Thinstall
[2010/03/29 21:16:44 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\Tific
[2010/05/24 17:42:41 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\Yandex
[2011/09/06 15:54:43 | 000,032,618 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/09/06 15:57:15 | 000,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{8ED58AD3-8ABB-401C-95E3-4D53772E5585}.job

========== Purity Check ==========



< End of report >

Edited by Devonasa, 06 September 2011 - 02:17 PM.

  • 0

#20
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you now run one final check with MBAM please and post the log
  • 0

#21
Devonasa

Devonasa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Here you go!

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7658

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019

9/6/2011 5:00:20 PM
mbam-log-2011-09-06 (17-00-19).txt

Scan type: Quick scan
Objects scanned: 178518
Time elapsed: 12 minute(s), 5 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
c:\Windows\system\svchost.exe (Backdoor.Bot) -> 5764 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\system\svchost.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
  • 0

#22
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I would like you to run for a day or so to ensure it has all gone I feel. Once you are happy then let me know :)
  • 0

#23
Devonasa

Devonasa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Okay, will do! Thanks once again!
  • 0

#24
Devonasa

Devonasa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
I don't think it is gone...I pressed a link on google today, for Wikipedia, and it redirected me to a site like this:

http://63.209.69.107...1/itcg-18254/v5


It's hard to tell if it is ever gone or not, cause the redirects don't always happen. It's sporadic.
  • 0

#25
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK that is the scour toolbar - they have cleverly hidden it as a creative BHO - once this has run then recheck please. This one has been like a Russian doll, one nested within another

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O2 - BHO: (no name) - {08CD51F1-A2DB-48BC-A729-D1CFF445D413} - C:\Windows\System32\wscui32.dll (Creative Technology Ltd)
    O2 - BHO: (no name) - {0E68AD3D-4767-4712-9E0B-CA82C453F842} - C:\Windows\System32\wscui32.dll (Creative Technology Ltd)

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

Advertisements


#26
Devonasa

Devonasa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
I checked on google results and pressed some links, and it's still redirecting me.

Here is the OTL log

OTL logfile created on: 9/7/2011 2:51:04 PM - Run 3
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\Devonasa\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19120)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.38 Mb Total Physical Memory | 159.18 Mb Available Physical Memory | 15.71% Memory free
2.24 Gb Paging File | 1.22 Gb Available in Paging File | 54.56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 101.64 Gb Total Space | 34.46 Gb Free Space | 33.91% Space Free | Partition Type: NTFS
Drive D: | 10.15 Gb Total Space | 0.09 Gb Free Space | 0.89% Space Free | Partition Type: NTFS

Computer Name: DEVONASA-PC | User Name: Devonasa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/07 14:43:46 | 000,007,680 | ---- | M] () -- C:\Windows\system\svchost.exe
PRC - [2011/09/06 14:26:36 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Devonasa\Desktop\OTL.exe
PRC - [2011/09/01 01:25:06 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/08/17 03:29:20 | 004,527,424 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Pro\DTAgent.exe
PRC - [2010/12/09 15:28:24 | 001,226,608 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/10/29 15:00:00 | 000,612,168 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2010/07/27 10:31:51 | 000,174,432 | ---- | M] (Impulse Point, LLC) -- C:\Program Files\SafeConnect\scManager.sys
PRC - [2010/07/17 14:04:33 | 000,297,240 | ---- | M] (Impulse Point, LLC) -- C:\Program Files\SafeConnect\SCClient.exe
PRC - [2009/12/16 16:44:36 | 003,750,400 | ---- | M] (SafeNet Inc.) -- C:\Windows\System32\hasplms.exe
PRC - [2009/09/17 18:56:58 | 002,477,304 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2009/09/17 18:38:02 | 001,864,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2009/09/17 18:27:26 | 001,455,432 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2009/07/08 20:14:40 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2009/07/08 20:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2006/11/15 22:03:36 | 000,109,344 | ---- | M] (Logitech Inc.) -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
PRC - [2006/11/15 22:01:52 | 000,244,512 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
PRC - [2006/11/15 21:58:40 | 000,746,520 | ---- | M] () -- C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
PRC - [2006/11/15 21:57:20 | 000,171,544 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
PRC - [2006/10/31 01:03:48 | 000,284,184 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/01 01:25:07 | 001,001,432 | ---- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll
MOD - [2010/12/09 15:29:16 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2010/12/09 15:28:24 | 001,226,608 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2009/11/03 19:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2006/11/15 22:01:08 | 001,058,328 | ---- | M] () -- C:\Program Files\Logitech\QuickCam10\LAppRes.DLL
MOD - [2006/11/15 21:58:40 | 000,746,520 | ---- | M] () -- C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
MOD - [2006/11/02 05:46:05 | 000,061,440 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll
MOD - [2006/10/31 01:04:12 | 000,022,040 | ---- | M] () -- C:\Program Files\Common Files\Logitech\LComMgr\LCMServerPS.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)
SRV - [2011/09/04 01:18:41 | 000,218,624 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Windows\System32\itnetw32.dll -- (itlperf)
SRV - [2010/07/27 10:31:51 | 000,174,432 | ---- | M] (Impulse Point, LLC) [Auto | Running] -- C:\Program Files\SafeConnect\scManager.sys -- (SCManager)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/02/05 01:31:56 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/12/16 16:44:36 | 003,750,400 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\Windows\System32\hasplms.exe -- (hasplms)
SRV - [2009/09/17 18:56:58 | 002,477,304 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2009/09/17 18:38:02 | 001,864,888 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2009/09/17 17:21:10 | 000,341,320 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2009/07/13 12:06:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2009/07/08 20:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2009/07/08 20:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2006/11/15 22:05:40 | 000,101,152 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2006/11/15 22:03:36 | 000,109,344 | ---- | M] (Logitech Inc.) [Auto | Running] -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)


========== Driver Services (SafeList) ==========

DRV - [2011/08/22 20:23:04 | 000,443,448 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2011/08/03 04:00:00 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110906.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/08/03 04:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110906.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/07/27 04:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/07/27 04:00:00 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/06/22 19:05:28 | 000,167,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wpshelper.sys -- (WpsHelper)
DRV - [2011/03/21 20:33:42 | 000,015,408 | ---- | M] (Windows ® Codename Longhorn DDK provider) [File_System | Auto | Running] -- C:\Windows\System32\drivers\SymAFR.sys -- (SymAFR)
DRV - [2010/06/24 12:01:36 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/12/09 21:27:18 | 000,588,800 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (hardlock)
DRV - [2009/11/04 20:53:40 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/09/17 18:38:10 | 000,092,488 | ---- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SYSTEM32\Drivers\SysPlant.sys -- (SysPlant)
DRV - [2009/09/17 18:31:50 | 000,042,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2009/09/03 16:03:48 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/09/03 16:03:48 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2009/08/26 11:54:38 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2009/08/25 20:05:44 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2009/08/25 20:05:42 | 000,320,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2009/08/25 20:05:42 | 000,281,648 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2009/08/20 07:01:50 | 000,356,864 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2009/07/14 12:51:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2009/06/10 09:52:58 | 000,347,648 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2009/05/27 14:31:18 | 000,050,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Teefer2.sys -- (Teefer2)
DRV - [2006/11/15 22:03:12 | 000,024,736 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2006/11/15 22:02:50 | 001,962,912 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2006/11/15 22:00:56 | 001,678,368 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2006/11/10 23:48:11 | 001,083,680 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam Ultra Vision(UVC)
DRV - [2006/11/10 23:48:00 | 000,040,352 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2006/11/10 23:46:29 | 001,512,224 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2006/11/02 03:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = E0 B8 55 08 EE FE AE 4E 80 87 CD 31 9F 2E 7C DE [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..extensions.enabledItems: {99210d54-6321-41e8-bd1b-2b4c55874efb}:1.16
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}:6.0.27
FF - prefs.js..extensions.enabledItems: {4d54e7e0-6936-4a76-b364-7dd7412added}:1.0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Devonasa\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Devonasa\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Devonasa\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Devonasa\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.21\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/01 01:25:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.21\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/05 16:24:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{6B05BDE5-EBAC-4D82-ABE7-1A6F070E09C0}: C:\Users\Devonasa\AppData\Local\{6B05BDE5-EBAC-4D82-ABE7-1A6F070E09C0}

[2010/03/24 11:50:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Devonasa\AppData\Roaming\Mozilla\Extensions
[2011/09/07 12:24:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Devonasa\AppData\Roaming\Mozilla\Firefox\Profiles\m0xqq5lg.default\extensions
[2011/08/17 01:23:36 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\Devonasa\AppData\Roaming\Mozilla\Firefox\Profiles\m0xqq5lg.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2010/07/08 21:13:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Devonasa\AppData\Roaming\Mozilla\Firefox\Profiles\m0xqq5lg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/09/06 18:18:42 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Devonasa\AppData\Roaming\Mozilla\Firefox\Profiles\m0xqq5lg.default\extensions\{4d54e7e0-6936-4a76-b364-7dd7412added}
[2010/12/20 17:29:50 | 000,000,000 | ---D | M] ("Tumblr Post") -- C:\Users\Devonasa\AppData\Roaming\Mozilla\Firefox\Profiles\m0xqq5lg.default\extensions\{99210d54-6321-41e8-bd1b-2b4c55874efb}
[2011/08/31 15:26:26 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Devonasa\AppData\Roaming\Mozilla\Firefox\Profiles\m0xqq5lg.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/09/06 01:17:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/09/05 16:24:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/09/06 01:17:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2008/11/07 00:35:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\App\Photoshop\Plug-ins\Extensions
[2011/07/19 05:05:25 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/09/07 14:10:45 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {0855B8E0-FEEE-4EAE-8087-CD319F2E7CDe} - File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] File not found
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam10\QuickCam10.exe ()
O4 - HKLM..\Run: [LVCOMSX] C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe (Logitech Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FB3AA8F6-0159-4F70-994A-780FCEE470F9}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop BackupWallPaper: C:\Users\Devonasa\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/07 12:08:30 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2011/09/06 15:52:06 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/09/06 14:26:26 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Users\Devonasa\Desktop\OTL.exe
[2011/09/06 13:15:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2011/09/06 13:15:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2011/09/06 13:15:33 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2011/09/06 12:08:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011/09/05 16:47:16 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/09/05 16:47:09 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/09/05 16:26:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/09/05 15:19:40 | 000,000,000 | ---D | C] -- C:\Users\Devonasa\AppData\Roaming\Malwarebytes
[2011/09/05 15:18:16 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/09/05 15:18:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/09/05 15:18:13 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/09/05 15:18:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/09/05 15:05:06 | 009,466,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Devonasa\Desktop\mbam-setup-1.51.1.1800.exe
[2011/09/04 18:29:32 | 000,135,360 | ---- | C] (Symantec Corporation) -- C:\Users\Devonasa\Desktop\FixBlast.exe
[2011/09/03 17:55:54 | 000,068,608 | ---- | C] (Creative Technology Ltd) -- C:\ProgramData\JavaBackupVerifier.dll
[2011/09/03 16:52:50 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Devonasa\Desktop\aswMBR.exe
[2011/09/02 12:35:34 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Devonasa\Desktop\dds(2).scr
[2011/08/23 18:27:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CEP for The Sims 2
[2011/08/23 17:37:57 | 000,000,000 | ---D | C] -- C:\Users\Devonasa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sims2Pack Clean Installer
[2011/08/23 17:37:57 | 000,000,000 | ---D | C] -- C:\Program Files\Sims2Pack Clean Installer
[2011/08/22 20:55:43 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\EA Games
[2011/08/22 20:23:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Pro
[2011/08/22 20:21:25 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Pro
[2011/08/22 18:01:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES
[2011/08/22 17:59:20 | 000,000,000 | ---D | C] -- C:\Users\Devonasa\Documents\EA Games
[2011/08/17 13:44:30 | 000,000,000 | ---D | C] -- C:\Users\Devonasa\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/08/17 12:53:55 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2011/08/17 02:48:46 | 000,000,000 | ---D | C] -- C:\Users\Devonasa\Adobe Photoshop CS5.1
[2011/08/17 02:45:18 | 000,000,000 | ---D | C] -- C:\Users\Devonasa\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011/08/17 02:44:13 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Download Assistant
[2011/08/17 02:43:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/08/15 00:20:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/08/15 00:20:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/08/10 18:26:46 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/08/10 18:10:53 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Softwrap
[2011/08/10 18:10:53 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Fonts
[2011/08/10 18:10:53 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Config
[2011/08/10 18:10:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Ulead Systems
[2011/08/10 18:10:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ulead GIF Animator 5 TBYB
[2011/08/10 18:10:17 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2011/08/10 18:10:17 | 000,000,000 | ---D | C] -- C:\Program Files\Ulead Systems
[2011/08/10 18:10:07 | 000,000,000 | ---D | C] -- C:\Windows\Noslip
[2011/08/09 01:23:38 | 000,000,000 | ---D | C] -- C:\Users\Devonasa\AppData\Roaming\QuickScan
[2011/08/09 01:21:56 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender
[2011/08/09 01:20:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender
[28 C:\Users\Devonasa\Documents\*.tmp files -> C:\Users\Devonasa\Documents\*.tmp -> ]
[1 C:\Users\Devonasa\AppData\Local\*.tmp files -> C:\Users\Devonasa\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/07 14:51:01 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/07 14:49:02 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1663229470-2338449591-2720500769-1000UA.job
[2011/09/07 14:46:56 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/09/07 14:46:56 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/09/07 14:43:46 | 000,007,680 | ---- | M] () -- C:\Windows\System\svchost.exe
[2011/09/07 14:40:53 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/07 14:40:08 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/07 14:40:08 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/07 14:38:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/07 14:10:45 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/09/07 12:49:08 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1663229470-2338449591-2720500769-1000Core.job
[2011/09/07 12:15:27 | 003,730,792 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/09/07 12:06:17 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2011/09/07 12:05:27 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011/09/06 19:21:35 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8ED58AD3-8ABB-401C-95E3-4D53772E5585}.job
[2011/09/06 14:26:36 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Devonasa\Desktop\OTL.exe
[2011/09/06 12:06:15 | 000,252,991 | ---- | M] () -- C:\Users\Devonasa\Desktop\FHSetup.exe
[2011/09/05 16:39:32 | 000,000,950 | ---- | M] () -- C:\Users\Devonasa\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/09/05 15:18:16 | 000,000,937 | ---- | M] () -- C:\Users\Devonasa\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/09/05 15:18:16 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/05 15:05:09 | 009,466,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Devonasa\Desktop\mbam-setup-1.51.1.1800.exe
[2011/09/04 18:29:33 | 000,135,360 | ---- | M] (Symantec Corporation) -- C:\Users\Devonasa\Desktop\FixBlast.exe
[2011/09/03 19:13:43 | 000,000,512 | ---- | M] () -- C:\Users\Devonasa\Desktop\MBR.dat
[2011/09/03 16:54:26 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Devonasa\Desktop\aswMBR.exe
[2011/09/02 17:00:47 | 000,136,704 | ---- | M] () -- C:\Users\Devonasa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/02 12:35:39 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Devonasa\Desktop\dds(2).scr
[2011/08/25 12:45:12 | 000,001,235 | ---- | M] () -- C:\Users\Devonasa\Desktop\Sims2EP9.exe - Shortcut.lnk
[2011/08/25 01:05:49 | 008,191,066 | ---- | M] () -- C:\Users\Devonasa\Documents\Up N Down demo.mp3
[2011/08/23 17:37:57 | 000,001,015 | ---- | M] () -- C:\Users\Devonasa\Desktop\Sims2Pack Clean Installer.lnk
[2011/08/23 14:39:19 | 000,002,186 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 2 Mansion and Garden Stuff.lnk
[2011/08/23 14:15:31 | 000,001,354 | ---- | M] () -- C:\Users\Public\Desktop\www.thesims3.com.lnk
[2011/08/23 14:06:44 | 000,002,090 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 2 Apartment Life.lnk
[2011/08/23 13:55:24 | 000,002,108 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 2 IKEA® Home Stuff.lnk
[2011/08/23 13:52:37 | 000,002,288 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 2 Kitchen & Bath Interior Design Stuff.lnk
[2011/08/23 13:48:30 | 000,002,036 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 2 FreeTime.lnk
[2011/08/23 13:42:20 | 000,002,108 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 2 Teen Style Stuff.lnk
[2011/08/23 13:33:26 | 000,002,054 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 2 Bon Voyage.lnk
[2011/08/23 00:54:31 | 000,002,101 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 2 H&M® Fashion Stuff.lnk
[2011/08/23 00:48:39 | 000,002,101 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 2 Celebration! Stuff.lnk
[2011/08/23 00:06:35 | 000,002,002 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 2 Seasons.lnk
[2011/08/22 23:49:54 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\The Sims 2 Pets.lnk
[2011/08/22 23:05:42 | 000,002,101 | ---- | M] () -- C:\Users\Public\Desktop\The Sims 2 Glamour Life Stuff.lnk
[2011/08/22 22:58:56 | 000,002,083 | ---- | M] () -- C:\Users\Public\Desktop\The Sims 2 Family Fun Stuff.lnk
[2011/08/22 22:48:08 | 000,002,092 | ---- | M] () -- C:\Users\Public\Desktop\The Sims 2 Open For Business.lnk
[2011/08/22 20:59:08 | 000,002,020 | ---- | M] () -- C:\Users\Public\Desktop\The Sims 2 Nightlife.lnk
[2011/08/22 20:24:44 | 000,001,724 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Pro.lnk
[2011/08/22 18:26:15 | 000,002,029 | ---- | M] () -- C:\Users\Public\Desktop\The Sims 2 University.lnk
[2011/08/22 18:01:32 | 000,001,905 | ---- | M] () -- C:\Users\Public\Desktop\The Sims 2.lnk
[2011/08/17 02:44:16 | 000,000,919 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Download Assistant.lnk
[2011/08/13 19:56:45 | 000,000,000 | ---- | M] () -- C:\Users\Devonasa\AppData\Local\{09D65B15-4284-4663-AB55-38DC4CF5780E}
[2011/08/13 01:14:57 | 000,001,356 | ---- | M] () -- C:\Users\Devonasa\AppData\Local\d3d9caps.dat
[2011/08/10 18:20:34 | 000,000,274 | ---- | M] () -- C:\Windows\ulead32.ini
[2011/08/10 18:20:31 | 000,000,560 | ---- | M] () -- C:\Users\Public\Documents\Global.sw
[2011/08/10 18:10:18 | 000,001,777 | ---- | M] () -- C:\Users\Public\Desktop\Ulead GIF Animator 5.lnk
[2011/08/09 01:49:53 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_avchv_01009.Wdf
[2011/08/09 01:49:51 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2011/08/09 00:22:56 | 000,000,000 | ---- | M] () -- C:\t1dg.3
[28 C:\Users\Devonasa\Documents\*.tmp files -> C:\Users\Devonasa\Documents\*.tmp -> ]
[1 C:\Users\Devonasa\AppData\Local\*.tmp files -> C:\Users\Devonasa\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/07 12:06:17 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2011/09/07 12:05:27 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011/09/06 17:08:11 | 000,007,680 | ---- | C] () -- C:\Windows\System\svchost.exe
[2011/09/06 12:06:11 | 000,252,991 | ---- | C] () -- C:\Users\Devonasa\Desktop\FHSetup.exe
[2011/09/05 16:25:50 | 000,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/09/05 15:18:16 | 000,000,937 | ---- | C] () -- C:\Users\Devonasa\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/09/05 15:18:16 | 000,000,913 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/03 18:02:14 | 000,000,512 | ---- | C] () -- C:\Users\Devonasa\Desktop\MBR.dat
[2011/08/25 01:05:39 | 008,191,066 | ---- | C] () -- C:\Users\Devonasa\Documents\Up N Down demo.mp3
[2011/08/23 17:37:57 | 000,001,015 | ---- | C] () -- C:\Users\Devonasa\Desktop\Sims2Pack Clean Installer.lnk
[2011/08/23 14:37:04 | 000,001,235 | ---- | C] () -- C:\Users\Devonasa\Desktop\Sims2EP9.exe - Shortcut.lnk
[2011/08/23 14:15:30 | 000,002,186 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 2 Mansion and Garden Stuff.lnk
[2011/08/23 14:06:44 | 000,002,090 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 2 Apartment Life.lnk
[2011/08/23 14:06:44 | 000,001,354 | ---- | C] () -- C:\Users\Public\Desktop\www.thesims3.com.lnk
[2011/08/23 13:55:24 | 000,002,108 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 2 IKEA® Home Stuff.lnk
[2011/08/23 13:52:37 | 000,002,288 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 2 Kitchen & Bath Interior Design Stuff.lnk
[2011/08/23 13:48:30 | 000,002,036 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 2 FreeTime.lnk
[2011/08/23 13:42:20 | 000,002,108 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 2 Teen Style Stuff.lnk
[2011/08/23 13:33:26 | 000,002,054 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 2 Bon Voyage.lnk
[2011/08/23 00:54:31 | 000,002,101 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 2 H&M® Fashion Stuff.lnk
[2011/08/23 00:48:39 | 000,002,101 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 2 Celebration! Stuff.lnk
[2011/08/23 00:06:35 | 000,002,002 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 2 Seasons.lnk
[2011/08/22 23:49:53 | 000,001,975 | ---- | C] () -- C:\Users\Public\Desktop\The Sims 2 Pets.lnk
[2011/08/22 23:05:42 | 000,002,101 | ---- | C] () -- C:\Users\Public\Desktop\The Sims 2 Glamour Life Stuff.lnk
[2011/08/22 22:58:56 | 000,002,083 | ---- | C] () -- C:\Users\Public\Desktop\The Sims 2 Family Fun Stuff.lnk
[2011/08/22 22:48:08 | 000,002,092 | ---- | C] () -- C:\Users\Public\Desktop\The Sims 2 Open For Business.lnk
[2011/08/22 20:59:08 | 000,002,020 | ---- | C] () -- C:\Users\Public\Desktop\The Sims 2 Nightlife.lnk
[2011/08/22 20:24:44 | 000,001,724 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Pro.lnk
[2011/08/22 18:26:15 | 000,002,029 | ---- | C] () -- C:\Users\Public\Desktop\The Sims 2 University.lnk
[2011/08/22 18:01:32 | 000,001,905 | ---- | C] () -- C:\Users\Public\Desktop\The Sims 2.lnk
[2011/08/17 12:53:01 | 000,001,023 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.1.lnk
[2011/08/17 12:46:08 | 000,000,985 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.1.lnk
[2011/08/17 12:42:48 | 000,001,078 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.5.lnk
[2011/08/17 12:32:16 | 000,001,179 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.5.lnk
[2011/08/17 12:30:31 | 000,001,347 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.5.lnk
[2011/08/17 12:25:28 | 000,000,881 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2011/08/17 02:44:16 | 000,000,931 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk
[2011/08/17 02:44:15 | 000,000,919 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Download Assistant.lnk
[2011/08/13 19:51:08 | 000,000,000 | ---- | C] () -- C:\Users\Devonasa\AppData\Local\{09D65B15-4284-4663-AB55-38DC4CF5780E}
[2011/08/10 18:10:53 | 000,000,560 | ---- | C] () -- C:\Users\Public\Documents\Global.sw
[2011/08/10 18:10:51 | 000,000,274 | ---- | C] () -- C:\Windows\ulead32.ini
[2011/08/10 18:10:18 | 000,001,777 | ---- | C] () -- C:\Users\Public\Desktop\Ulead GIF Animator 5.lnk
[2011/08/09 01:49:53 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_avchv_01009.Wdf
[2011/08/09 01:49:51 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2011/08/09 01:48:17 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
[2011/08/09 00:22:56 | 000,000,000 | ---- | C] () -- C:\t1dg.3
[2011/08/03 19:53:38 | 000,000,000 | ---- | C] () -- C:\Users\Devonasa\AppData\Local\{1CF3071A-A136-4BBC-A174-D3B2CFC1128A}
[2011/05/11 18:58:58 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2010/09/05 17:41:21 | 000,001,356 | ---- | C] () -- C:\Users\Devonasa\AppData\Local\d3d9caps.dat
[2010/09/05 17:36:58 | 000,042,594 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2010/02/08 00:10:21 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/02/08 00:10:20 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/02/06 07:04:48 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/01/30 21:01:11 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/01/30 17:56:39 | 000,136,704 | ---- | C] () -- C:\Users\Devonasa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/11/15 22:03:12 | 000,024,736 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2006/11/15 22:00:56 | 001,678,368 | ---- | C] () -- C:\Windows\System32\drivers\Lvckap.sys
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 003,730,792 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,604,502 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,104,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/03/30 23:45:19 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\Audacity
[2011/08/17 13:44:30 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/08/17 02:45:18 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2010/02/05 07:01:23 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\DAEMON Tools Pro
[2010/02/26 20:24:52 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\Elluminate
[2010/01/30 18:28:23 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\GetRightToGo
[2011/08/09 01:23:38 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\QuickScan
[2010/12/01 22:49:18 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\Research In Motion
[2011/08/18 17:45:35 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\Spotify
[2010/01/30 19:34:45 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\Thinstall
[2010/03/29 21:16:44 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\Tific
[2010/05/24 17:42:41 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\Yandex
[2011/09/07 14:36:18 | 000,032,618 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/09/06 19:21:35 | 000,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{8ED58AD3-8ABB-401C-95E3-4D53772E5585}.job

========== Purity Check ==========



< End of report >
  • 0

#27
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Is Norton alerting at all ? As a new malware file has started running... Also have you used a USB drive for files today ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    FF - prefs.js..extensions.enabledItems: {4d54e7e0-6936-4a76-b364-7dd7412added}:1.0
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{6B05BDE5-EBAC-4D82-ABE7-1A6F070E09C0}: C:\Users\Devonasa\AppData\Local\{6B05BDE5-EBAC-4D82-ABE7-1A6F070E09C0}
    [2011/09/06 18:18:42 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Devonasa\AppData\Roaming\Mozilla\Firefox\Profiles\m0xqq5lg.default\extensions\{4d54e7e0-6936-4a76-b364-7dd7412added}
    O2 - BHO: (no name) - {0855B8E0-FEEE-4EAE-8087-CD319F2E7CDe} - File not found
    O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_02)
    [2011/09/07 14:43:46 | 000,007,680 | ---- | M] () -- C:\Windows\System\svchost.exe

    :Reg
    [HKCU\SOFTWARE\Microsoft\Internet Explorer\Main]
    XMLHTTP_UUID_Default=-

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.


THEN

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow AVP to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threats report from the left and press Save button
Save it to your desktop and attach to your next post


Now the Analysis

Rerun AVP and select the Manual Disinfection tab and press Start Gathering System Information

Posted Image

On completion click the link to locate the zip file to upload and attach to your next post

Posted Image
Megaupload
  • 0

#28
Devonasa

Devonasa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
That scan took forever and a day :)

But I really can't believe ANOTHER malware is forming, the only USB drive I have attached to my computer the cord to connect my Itouch. And Symantic only alerted after the Kasperky started scanning.

OTL log:

OTL logfile created on: 9/7/2011 4:09:47 PM - Run 4
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\Devonasa\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19120)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.38 Mb Total Physical Memory | 109.30 Mb Available Physical Memory | 10.79% Memory free
2.24 Gb Paging File | 1.18 Gb Available in Paging File | 52.89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 101.64 Gb Total Space | 34.64 Gb Free Space | 34.08% Space Free | Partition Type: NTFS
Drive D: | 10.15 Gb Total Space | 0.09 Gb Free Space | 0.89% Space Free | Partition Type: NTFS

Computer Name: DEVONASA-PC | User Name: Devonasa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/07 16:06:57 | 000,007,680 | ---- | M] () -- C:\Windows\system\svchost.exe
PRC - [2011/09/06 14:26:36 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Devonasa\Desktop\OTL.exe
PRC - [2011/09/01 01:25:06 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/08/17 03:29:20 | 004,527,424 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Pro\DTAgent.exe
PRC - [2010/12/09 15:28:24 | 001,226,608 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/10/29 15:00:00 | 000,612,168 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2010/07/27 10:31:51 | 000,174,432 | ---- | M] (Impulse Point, LLC) -- C:\Program Files\SafeConnect\scManager.sys
PRC - [2010/07/17 14:04:33 | 000,297,240 | ---- | M] (Impulse Point, LLC) -- C:\Program Files\SafeConnect\SCClient.exe
PRC - [2009/12/16 16:44:36 | 003,750,400 | ---- | M] (SafeNet Inc.) -- C:\Windows\System32\hasplms.exe
PRC - [2009/09/17 18:56:58 | 002,477,304 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2009/09/17 18:38:02 | 001,864,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2009/09/17 18:27:26 | 001,455,432 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2009/07/08 20:14:40 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2009/07/08 20:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2009/04/11 02:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2006/11/15 22:03:36 | 000,109,344 | ---- | M] (Logitech Inc.) -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
PRC - [2006/11/15 22:01:52 | 000,244,512 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
PRC - [2006/11/15 21:58:40 | 000,746,520 | ---- | M] () -- C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
PRC - [2006/11/15 21:57:20 | 000,171,544 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
PRC - [2006/10/31 01:03:48 | 000,284,184 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/01 01:25:07 | 001,001,432 | ---- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll
MOD - [2010/12/09 15:29:16 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2010/12/09 15:28:24 | 001,226,608 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2009/11/03 19:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2006/11/15 22:01:08 | 001,058,328 | ---- | M] () -- C:\Program Files\Logitech\QuickCam10\LAppRes.DLL
MOD - [2006/11/15 21:58:40 | 000,746,520 | ---- | M] () -- C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
MOD - [2006/11/02 05:46:05 | 000,061,440 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll
MOD - [2006/10/31 01:04:12 | 000,022,040 | ---- | M] () -- C:\Program Files\Common Files\Logitech\LComMgr\LCMServerPS.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)
SRV - [2011/09/04 01:18:41 | 000,218,624 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Windows\System32\itnetw32.dll -- (itlperf)
SRV - [2010/07/27 10:31:51 | 000,174,432 | ---- | M] (Impulse Point, LLC) [Auto | Running] -- C:\Program Files\SafeConnect\scManager.sys -- (SCManager)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/02/05 01:31:56 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/12/16 16:44:36 | 003,750,400 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\Windows\System32\hasplms.exe -- (hasplms)
SRV - [2009/09/17 18:56:58 | 002,477,304 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2009/09/17 18:38:02 | 001,864,888 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2009/09/17 17:21:10 | 000,341,320 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2009/07/13 12:06:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2009/07/08 20:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2009/07/08 20:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2006/11/15 22:05:40 | 000,101,152 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2006/11/15 22:03:36 | 000,109,344 | ---- | M] (Logitech Inc.) [Auto | Running] -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)


========== Driver Services (SafeList) ==========

DRV - [2011/08/22 20:23:04 | 000,443,448 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2011/08/03 04:00:00 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110906.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/08/03 04:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110906.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/07/27 04:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/07/27 04:00:00 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/06/22 19:05:28 | 000,167,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wpshelper.sys -- (WpsHelper)
DRV - [2011/03/21 20:33:42 | 000,015,408 | ---- | M] (Windows ® Codename Longhorn DDK provider) [File_System | Auto | Running] -- C:\Windows\System32\drivers\SymAFR.sys -- (SymAFR)
DRV - [2010/06/24 12:01:36 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/12/09 21:27:18 | 000,588,800 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (hardlock)
DRV - [2009/11/04 20:53:40 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/09/17 18:38:10 | 000,092,488 | ---- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SYSTEM32\Drivers\SysPlant.sys -- (SysPlant)
DRV - [2009/09/17 18:31:50 | 000,042,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2009/09/03 16:03:48 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/09/03 16:03:48 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2009/08/26 11:54:38 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2009/08/25 20:05:44 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2009/08/25 20:05:42 | 000,320,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2009/08/25 20:05:42 | 000,281,648 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2009/08/20 07:01:50 | 000,356,864 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2009/07/14 12:51:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2009/06/10 09:52:58 | 000,347,648 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2009/05/27 14:31:18 | 000,050,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Teefer2.sys -- (Teefer2)
DRV - [2006/11/15 22:03:12 | 000,024,736 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2006/11/15 22:02:50 | 001,962,912 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2006/11/15 22:00:56 | 001,678,368 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2006/11/10 23:48:11 | 001,083,680 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam Ultra Vision(UVC)
DRV - [2006/11/10 23:48:00 | 000,040,352 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2006/11/10 23:46:29 | 001,512,224 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2006/11/02 03:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..extensions.enabledItems: {99210d54-6321-41e8-bd1b-2b4c55874efb}:1.16
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}:6.0.27
FF - prefs.js..extensions.enabledItems: {4d54e7e0-6936-4a76-b364-7dd7412added}:1.0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Devonasa\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Devonasa\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Devonasa\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Devonasa\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.21\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/01 01:25:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.21\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/05 16:24:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{6B05BDE5-EBAC-4D82-ABE7-1A6F070E09C0}: C:\Users\Devonasa\AppData\Local\{6B05BDE5-EBAC-4D82-ABE7-1A6F070E09C0}

[2010/03/24 11:50:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Devonasa\AppData\Roaming\Mozilla\Extensions
[2011/09/07 16:07:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Devonasa\AppData\Roaming\Mozilla\Firefox\Profiles\m0xqq5lg.default\extensions
[2011/08/17 01:23:36 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\Devonasa\AppData\Roaming\Mozilla\Firefox\Profiles\m0xqq5lg.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2010/07/08 21:13:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Devonasa\AppData\Roaming\Mozilla\Firefox\Profiles\m0xqq5lg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/20 17:29:50 | 000,000,000 | ---D | M] ("Tumblr Post") -- C:\Users\Devonasa\AppData\Roaming\Mozilla\Firefox\Profiles\m0xqq5lg.default\extensions\{99210d54-6321-41e8-bd1b-2b4c55874efb}
[2011/08/31 15:26:26 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Devonasa\AppData\Roaming\Mozilla\Firefox\Profiles\m0xqq5lg.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/09/06 01:17:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/09/05 16:24:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/09/06 01:17:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2008/11/07 00:35:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\App\Photoshop\Plug-ins\Extensions
File not found (No name found) -- C:\USERS\DEVONASA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\M0XQQ5LG.DEFAULT\EXTENSIONS\{4D54E7E0-6936-4A76-B364-7DD7412ADDED}
[2011/07/19 05:05:25 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/09/07 15:42:37 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] File not found
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam10\QuickCam10.exe ()
O4 - HKLM..\Run: [LVCOMSX] C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe (Logitech Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FB3AA8F6-0159-4F70-994A-780FCEE470F9}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop BackupWallPaper: C:\Users\Devonasa\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/07 12:08:30 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2011/09/06 15:52:06 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/09/06 14:26:26 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Users\Devonasa\Desktop\OTL.exe
[2011/09/06 13:15:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2011/09/06 13:15:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2011/09/06 13:15:33 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2011/09/06 12:08:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011/09/05 16:47:16 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/09/05 16:47:09 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/09/05 16:26:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/09/05 15:19:40 | 000,000,000 | ---D | C] -- C:\Users\Devonasa\AppData\Roaming\Malwarebytes
[2011/09/05 15:18:16 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/09/05 15:18:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/09/05 15:18:13 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/09/05 15:18:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/09/05 15:05:06 | 009,466,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Devonasa\Desktop\mbam-setup-1.51.1.1800.exe
[2011/09/04 18:29:32 | 000,135,360 | ---- | C] (Symantec Corporation) -- C:\Users\Devonasa\Desktop\FixBlast.exe
[2011/09/03 17:55:54 | 000,068,608 | ---- | C] (Creative Technology Ltd) -- C:\ProgramData\JavaBackupVerifier.dll
[2011/09/03 16:52:50 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Devonasa\Desktop\aswMBR.exe
[2011/09/02 12:35:34 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Devonasa\Desktop\dds(2).scr
[2011/08/23 18:27:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CEP for The Sims 2
[2011/08/23 17:37:57 | 000,000,000 | ---D | C] -- C:\Users\Devonasa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sims2Pack Clean Installer
[2011/08/23 17:37:57 | 000,000,000 | ---D | C] -- C:\Program Files\Sims2Pack Clean Installer
[2011/08/22 20:55:43 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\EA Games
[2011/08/22 20:23:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Pro
[2011/08/22 20:21:25 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Pro
[2011/08/22 18:01:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES
[2011/08/22 17:59:20 | 000,000,000 | ---D | C] -- C:\Users\Devonasa\Documents\EA Games
[2011/08/17 13:44:30 | 000,000,000 | ---D | C] -- C:\Users\Devonasa\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/08/17 12:53:55 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2011/08/17 02:48:46 | 000,000,000 | ---D | C] -- C:\Users\Devonasa\Adobe Photoshop CS5.1
[2011/08/17 02:45:18 | 000,000,000 | ---D | C] -- C:\Users\Devonasa\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011/08/17 02:44:13 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Download Assistant
[2011/08/17 02:43:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/08/15 00:20:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/08/15 00:20:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/08/10 18:26:46 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/08/10 18:10:53 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Softwrap
[2011/08/10 18:10:53 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Fonts
[2011/08/10 18:10:53 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Config
[2011/08/10 18:10:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Ulead Systems
[2011/08/10 18:10:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ulead GIF Animator 5 TBYB
[2011/08/10 18:10:17 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2011/08/10 18:10:17 | 000,000,000 | ---D | C] -- C:\Program Files\Ulead Systems
[2011/08/10 18:10:07 | 000,000,000 | ---D | C] -- C:\Windows\Noslip
[2011/08/09 01:23:38 | 000,000,000 | ---D | C] -- C:\Users\Devonasa\AppData\Roaming\QuickScan
[2011/08/09 01:21:56 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender
[2011/08/09 01:20:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender
[28 C:\Users\Devonasa\Documents\*.tmp files -> C:\Users\Devonasa\Documents\*.tmp -> ]
[1 C:\Users\Devonasa\AppData\Local\*.tmp files -> C:\Users\Devonasa\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/07 16:11:45 | 105,852,600 | ---- | M] () -- C:\Users\Devonasa\Desktop\setup_11.0.0.1245.x01_2011_09_07_23_01.exe
[2011/09/07 16:10:47 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/09/07 16:10:47 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/09/07 16:08:02 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/07 16:08:02 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/07 16:06:57 | 000,007,680 | ---- | M] () -- C:\Windows\System\svchost.exe
[2011/09/07 16:02:50 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/07 16:02:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/07 15:42:37 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/09/07 14:51:01 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/07 14:49:02 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1663229470-2338449591-2720500769-1000UA.job
[2011/09/07 12:49:08 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1663229470-2338449591-2720500769-1000Core.job
[2011/09/07 12:15:27 | 003,730,792 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/09/07 12:06:17 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2011/09/07 12:05:27 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011/09/06 19:21:35 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8ED58AD3-8ABB-401C-95E3-4D53772E5585}.job
[2011/09/06 14:26:36 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Devonasa\Desktop\OTL.exe
[2011/09/06 12:06:15 | 000,252,991 | ---- | M] () -- C:\Users\Devonasa\Desktop\FHSetup.exe
[2011/09/05 16:39:32 | 000,000,950 | ---- | M] () -- C:\Users\Devonasa\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/09/05 15:18:16 | 000,000,937 | ---- | M] () -- C:\Users\Devonasa\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/09/05 15:18:16 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/05 15:05:09 | 009,466,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Devonasa\Desktop\mbam-setup-1.51.1.1800.exe
[2011/09/04 18:29:33 | 000,135,360 | ---- | M] (Symantec Corporation) -- C:\Users\Devonasa\Desktop\FixBlast.exe
[2011/09/03 19:13:43 | 000,000,512 | ---- | M] () -- C:\Users\Devonasa\Desktop\MBR.dat
[2011/09/03 16:54:26 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Devonasa\Desktop\aswMBR.exe
[2011/09/02 17:00:47 | 000,136,704 | ---- | M] () -- C:\Users\Devonasa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/02 12:35:39 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Devonasa\Desktop\dds(2).scr
[2011/08/25 12:45:12 | 000,001,235 | ---- | M] () -- C:\Users\Devonasa\Desktop\Sims2EP9.exe - Shortcut.lnk
[2011/08/25 01:05:49 | 008,191,066 | ---- | M] () -- C:\Users\Devonasa\Documents\Up N Down demo.mp3
[2011/08/23 17:37:57 | 000,001,015 | ---- | M] () -- C:\Users\Devonasa\Desktop\Sims2Pack Clean Installer.lnk
[2011/08/23 14:39:19 | 000,002,186 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 2 Mansion and Garden Stuff.lnk
[2011/08/23 14:15:31 | 000,001,354 | ---- | M] () -- C:\Users\Public\Desktop\www.thesims3.com.lnk
[2011/08/23 14:06:44 | 000,002,090 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 2 Apartment Life.lnk
[2011/08/23 13:55:24 | 000,002,108 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 2 IKEA® Home Stuff.lnk
[2011/08/23 13:52:37 | 000,002,288 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 2 Kitchen & Bath Interior Design Stuff.lnk
[2011/08/23 13:48:30 | 000,002,036 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 2 FreeTime.lnk
[2011/08/23 13:42:20 | 000,002,108 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 2 Teen Style Stuff.lnk
[2011/08/23 13:33:26 | 000,002,054 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 2 Bon Voyage.lnk
[2011/08/23 00:54:31 | 000,002,101 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 2 H&M® Fashion Stuff.lnk
[2011/08/23 00:48:39 | 000,002,101 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 2 Celebration! Stuff.lnk
[2011/08/23 00:06:35 | 000,002,002 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 2 Seasons.lnk
[2011/08/22 23:49:54 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\The Sims 2 Pets.lnk
[2011/08/22 23:05:42 | 000,002,101 | ---- | M] () -- C:\Users\Public\Desktop\The Sims 2 Glamour Life Stuff.lnk
[2011/08/22 22:58:56 | 000,002,083 | ---- | M] () -- C:\Users\Public\Desktop\The Sims 2 Family Fun Stuff.lnk
[2011/08/22 22:48:08 | 000,002,092 | ---- | M] () -- C:\Users\Public\Desktop\The Sims 2 Open For Business.lnk
[2011/08/22 20:59:08 | 000,002,020 | ---- | M] () -- C:\Users\Public\Desktop\The Sims 2 Nightlife.lnk
[2011/08/22 20:24:44 | 000,001,724 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Pro.lnk
[2011/08/22 18:26:15 | 000,002,029 | ---- | M] () -- C:\Users\Public\Desktop\The Sims 2 University.lnk
[2011/08/22 18:01:32 | 000,001,905 | ---- | M] () -- C:\Users\Public\Desktop\The Sims 2.lnk
[2011/08/17 02:44:16 | 000,000,919 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Download Assistant.lnk
[2011/08/13 19:56:45 | 000,000,000 | ---- | M] () -- C:\Users\Devonasa\AppData\Local\{09D65B15-4284-4663-AB55-38DC4CF5780E}
[2011/08/13 01:14:57 | 000,001,356 | ---- | M] () -- C:\Users\Devonasa\AppData\Local\d3d9caps.dat
[2011/08/10 18:20:34 | 000,000,274 | ---- | M] () -- C:\Windows\ulead32.ini
[2011/08/10 18:20:31 | 000,000,560 | ---- | M] () -- C:\Users\Public\Documents\Global.sw
[2011/08/10 18:10:18 | 000,001,777 | ---- | M] () -- C:\Users\Public\Desktop\Ulead GIF Animator 5.lnk
[2011/08/09 01:49:53 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_avchv_01009.Wdf
[2011/08/09 01:49:51 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2011/08/09 00:22:56 | 000,000,000 | ---- | M] () -- C:\t1dg.3
[28 C:\Users\Devonasa\Documents\*.tmp files -> C:\Users\Devonasa\Documents\*.tmp -> ]
[1 C:\Users\Devonasa\AppData\Local\*.tmp files -> C:\Users\Devonasa\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/07 16:09:11 | 105,852,600 | ---- | C] () -- C:\Users\Devonasa\Desktop\setup_11.0.0.1245.x01_2011_09_07_23_01.exe
[2011/09/07 15:46:29 | 000,007,680 | ---- | C] () -- C:\Windows\System\svchost.exe
[2011/09/07 12:06:17 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2011/09/07 12:05:27 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011/09/06 12:06:11 | 000,252,991 | ---- | C] () -- C:\Users\Devonasa\Desktop\FHSetup.exe
[2011/09/05 16:25:50 | 000,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/09/05 15:18:16 | 000,000,937 | ---- | C] () -- C:\Users\Devonasa\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/09/05 15:18:16 | 000,000,913 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/03 18:02:14 | 000,000,512 | ---- | C] () -- C:\Users\Devonasa\Desktop\MBR.dat
[2011/08/25 01:05:39 | 008,191,066 | ---- | C] () -- C:\Users\Devonasa\Documents\Up N Down demo.mp3
[2011/08/23 17:37:57 | 000,001,015 | ---- | C] () -- C:\Users\Devonasa\Desktop\Sims2Pack Clean Installer.lnk
[2011/08/23 14:37:04 | 000,001,235 | ---- | C] () -- C:\Users\Devonasa\Desktop\Sims2EP9.exe - Shortcut.lnk
[2011/08/23 14:15:30 | 000,002,186 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 2 Mansion and Garden Stuff.lnk
[2011/08/23 14:06:44 | 000,002,090 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 2 Apartment Life.lnk
[2011/08/23 14:06:44 | 000,001,354 | ---- | C] () -- C:\Users\Public\Desktop\www.thesims3.com.lnk
[2011/08/23 13:55:24 | 000,002,108 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 2 IKEA® Home Stuff.lnk
[2011/08/23 13:52:37 | 000,002,288 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 2 Kitchen & Bath Interior Design Stuff.lnk
[2011/08/23 13:48:30 | 000,002,036 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 2 FreeTime.lnk
[2011/08/23 13:42:20 | 000,002,108 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 2 Teen Style Stuff.lnk
[2011/08/23 13:33:26 | 000,002,054 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 2 Bon Voyage.lnk
[2011/08/23 00:54:31 | 000,002,101 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 2 H&M® Fashion Stuff.lnk
[2011/08/23 00:48:39 | 000,002,101 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 2 Celebration! Stuff.lnk
[2011/08/23 00:06:35 | 000,002,002 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 2 Seasons.lnk
[2011/08/22 23:49:53 | 000,001,975 | ---- | C] () -- C:\Users\Public\Desktop\The Sims 2 Pets.lnk
[2011/08/22 23:05:42 | 000,002,101 | ---- | C] () -- C:\Users\Public\Desktop\The Sims 2 Glamour Life Stuff.lnk
[2011/08/22 22:58:56 | 000,002,083 | ---- | C] () -- C:\Users\Public\Desktop\The Sims 2 Family Fun Stuff.lnk
[2011/08/22 22:48:08 | 000,002,092 | ---- | C] () -- C:\Users\Public\Desktop\The Sims 2 Open For Business.lnk
[2011/08/22 20:59:08 | 000,002,020 | ---- | C] () -- C:\Users\Public\Desktop\The Sims 2 Nightlife.lnk
[2011/08/22 20:24:44 | 000,001,724 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Pro.lnk
[2011/08/22 18:26:15 | 000,002,029 | ---- | C] () -- C:\Users\Public\Desktop\The Sims 2 University.lnk
[2011/08/22 18:01:32 | 000,001,905 | ---- | C] () -- C:\Users\Public\Desktop\The Sims 2.lnk
[2011/08/17 12:53:01 | 000,001,023 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.1.lnk
[2011/08/17 12:46:08 | 000,000,985 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.1.lnk
[2011/08/17 12:42:48 | 000,001,078 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.5.lnk
[2011/08/17 12:32:16 | 000,001,179 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.5.lnk
[2011/08/17 12:30:31 | 000,001,347 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.5.lnk
[2011/08/17 12:25:28 | 000,000,881 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2011/08/17 02:44:16 | 000,000,931 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk
[2011/08/17 02:44:15 | 000,000,919 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Download Assistant.lnk
[2011/08/13 19:51:08 | 000,000,000 | ---- | C] () -- C:\Users\Devonasa\AppData\Local\{09D65B15-4284-4663-AB55-38DC4CF5780E}
[2011/08/10 18:10:53 | 000,000,560 | ---- | C] () -- C:\Users\Public\Documents\Global.sw
[2011/08/10 18:10:51 | 000,000,274 | ---- | C] () -- C:\Windows\ulead32.ini
[2011/08/10 18:10:18 | 000,001,777 | ---- | C] () -- C:\Users\Public\Desktop\Ulead GIF Animator 5.lnk
[2011/08/09 01:49:53 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_avchv_01009.Wdf
[2011/08/09 01:49:51 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2011/08/09 01:48:17 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
[2011/08/09 00:22:56 | 000,000,000 | ---- | C] () -- C:\t1dg.3
[2011/08/03 19:53:38 | 000,000,000 | ---- | C] () -- C:\Users\Devonasa\AppData\Local\{1CF3071A-A136-4BBC-A174-D3B2CFC1128A}
[2011/05/11 18:58:58 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2010/09/05 17:41:21 | 000,001,356 | ---- | C] () -- C:\Users\Devonasa\AppData\Local\d3d9caps.dat
[2010/09/05 17:36:58 | 000,042,594 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2010/02/08 00:10:21 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/02/08 00:10:20 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/02/06 07:04:48 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/01/30 21:01:11 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/01/30 17:56:39 | 000,136,704 | ---- | C] () -- C:\Users\Devonasa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/11/15 22:03:12 | 000,024,736 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2006/11/15 22:00:56 | 001,678,368 | ---- | C] () -- C:\Windows\System32\drivers\Lvckap.sys
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 003,730,792 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,604,502 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,104,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/03/30 23:45:19 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\Audacity
[2011/08/17 13:44:30 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/08/17 02:45:18 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2010/02/05 07:01:23 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\DAEMON Tools Pro
[2010/02/26 20:24:52 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\Elluminate
[2010/01/30 18:28:23 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\GetRightToGo
[2011/08/09 01:23:38 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\QuickScan
[2010/12/01 22:49:18 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\Research In Motion
[2011/08/18 17:45:35 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\Spotify
[2010/01/30 19:34:45 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\Thinstall
[2010/03/29 21:16:44 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\Tific
[2010/05/24 17:42:41 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\Yandex
[2011/09/07 15:48:59 | 000,032,618 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/09/06 19:21:35 | 000,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{8ED58AD3-8ABB-401C-95E3-4D53772E5585}.job

========== Purity Check ==========



< End of report >

Attached Files


  • 0

#29
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
There is still a rootkit hiding there somewhere - lets see if we can find it

1. Please download The Avenger by Swandog46 to your Desktop.

  • Right click on the Avenger.zip folder and select "Extract All..."
  • Follow the prompts and extract the avenger folder to your desktop

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):
Begin copying here:
Files to delete:
C:\Windows\system\svchost.exe

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, open the avenger folder and start The Avenger program by clicking on its icon.
  • Posted Image
  • Accept the disclaimer
    Posted Image
  • Right click on the window under Input script here:, and select Paste.

    Posted Image
  • You can also click on this window and press (Ctrl+V) to paste the contents of the clipboard.
  • Click on Execute
  • Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

5. Please copy/paste the content of c:\avenger.txt into your reply.

THEN

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any
"<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.
Post the contents of GMER.txt in your next reply.
  • 0

#30
Devonasa

Devonasa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Avenger.txt

Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\Windows\system\svchost.exe" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

GMER.txt

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-09-08 16:53:25
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 WDC_WD1200BEVS-00UST0 rev.01.01A01
Running: gmer.exe; Driver: C:\Users\Devonasa\AppData\Local\Temp\awlyqkog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\3462167drv.sys ZwAdjustPrivilegesToken [0xB6146E36]
SSDT 86134E90 ZwAlertResumeThread
SSDT 86134F70 ZwAlertThread
SSDT 86124F80 ZwAllocateVirtualMemory
SSDT \SystemRoot\system32\DRIVERS\3462167drv.sys ZwAlpcConnectPort [0xB6149074]
SSDT \SystemRoot\system32\DRIVERS\3462167drv.sys ZwAlpcCreatePort [0xB61492EE]
SSDT \SystemRoot\system32\DRIVERS\3462167drv.sys ZwAlpcSendWaitReceivePort [0xB6149564]
SSDT \SystemRoot\system32\DRIVERS\3462167drv.sys ZwClose [0xB614774A]
SSDT \SystemRoot\system32\DRIVERS\3462167drv.sys ZwConnectPort [0xB614857E]
SSDT \SystemRoot\system32\DRIVERS\3462167drv.sys ZwCreateEvent [0xB6148AC8]
SSDT \SystemRoot\system32\DRIVERS\3462167drv.sys ZwCreateFile [0xB6147A26]
SSDT \SystemRoot\system32\DRIVERS\3462167drv.sys ZwCreateMutant [0xB61489AE]
SSDT \SystemRoot\system32\DRIVERS\3462167drv.sys ZwCreateNamedPipeFile [0xB6146A24]
SSDT \SystemRoot\system32\DRIVERS\3462167drv.sys ZwCreatePort [0xB6148882]
SSDT \SystemRoot\system32\DRIVERS\3462167drv.sys ZwCreateSection [0xB6146BCC]
SSDT \SystemRoot\system32\DRIVERS\3462167drv.sys ZwCreateSemaphore [0xB6148BE8]
SSDT \SystemRoot\system32\DRIVERS\3462167drv.sys ZwCreateThread [0xB61473D0]
SSDT \SystemRoot\system32\DRIVERS\3462167drv.sys ZwCreateWaitablePort [0xB6148918]
SSDT \SystemRoot\system32\DRIVERS\3462167drv.sys ZwDebugActiveProcess [0xB614A2D6]
SSDT \SystemRoot\system32\DRIVERS\3462167drv.sys ZwDeviceIoControlFile [0xB6147EA8]
SSDT \SystemRoot\system32\DRIVERS\3462167drv.sys ZwDuplicateObject [0xB614B4E4]
SSDT 86124DE0 ZwFreeVirtualMemory
SSDT \SystemRoot\system32\DRIVERS\3462167drv.sys ZwFsControlFile [0xB6147CB6]
SSDT 86136EE8 ZwImpersonateAnonymousToken
SSDT 86134D50 ZwImpersonateThread
SSDT \SystemRoot\system32\DRIVERS\3462167drv.sys ZwLoadDriver [0xB614A3C8]
SSDT \SystemRoot\system32\DRIVERS\3462167drv.sys ZwMapViewOfSection [0xB614AB30]
SSDT \SystemRoot\system32\DRIVERS\3462167drv.sys ZwOpenEvent [0xB6148B5E]
SSDT \SystemRoot\system32\DRIVERS\3462167drv.sys ZwOpenFile [0xB61477CC]
SSDT \SystemRoot\system32\DRIVERS\3462167drv.sys ZwOpenMutant [0xB6148A3E]
SSDT \SystemRoot\system32\DRIVERS\3462167drv.sys ZwOpenProcess [0xB6147074]
SSDT 86109D50 ZwOpenProcessToken
SSDT \SystemRoot\system32\DRIVERS\3462167drv.sys ZwOpenSection [0xB614A8CA]
SSDT \SystemRoot\system32\DRIVERS\3462167drv.sys ZwOpenSemaphore [0xB6148C7E]
SSDT \SystemRoot\system32\DRIVERS\3462167drv.sys ZwOpenThread [0xB6146F64]
SSDT 86133EF0 ZwOpenThreadToken
SSDT \??\C:\Windows\system32\drivers\wpsdrvnt.sys ZwProtectVirtualMemory [0x8C56E880]
SSDT \SystemRoot\system32\DRIVERS\3462167drv.sys ZwQueryDirectoryObject [0xB6149868]
SSDT \SystemRoot\system32\DRIVERS\3462167drv.sys ZwQuerySection [0xB614AE6A]
SSDT \SystemRoot\system32\DRIVERS\3462167drv.sys ZwQueueApcThread [0xB614A75C]
SSDT \SystemRoot\system32\DRIVERS\3462167drv.sys ZwReplaceKey [0xB61456DE]
SSDT \SystemRoot\system32\DRIVERS\3462167drv.sys ZwReplyPort [0xB6148FE2]
SSDT \SystemRoot\system32\DRIVERS\3462167drv.sys ZwReplyWaitReceivePort [0xB6148EA8]
SSDT \SystemRoot\system32\DRIVERS\3462167drv.sys ZwRequestWaitReplyPort [0xB614A070]
SSDT \SystemRoot\system32\DRIVERS\3462167drv.sys ZwRestoreKey [0xB6145A56]
SSDT \SystemRoot\system32\DRIVERS\3462167drv.sys ZwResumeThread [0xB614B386]
SSDT \SystemRoot\system32\DRIVERS\3462167drv.sys ZwSaveKey [0xB6145676]
SSDT \SystemRoot\system32\DRIVERS\3462167drv.sys ZwSecureConnectPort [0xB61482C4]
SSDT \SystemRoot\system32\DRIVERS\3462167drv.sys ZwSetContextThread [0xB61475EC]
SSDT 86133FC0 ZwSetInformationProcess
SSDT 8612CFC0 ZwSetInformationThread
SSDT \SystemRoot\system32\DRIVERS\3462167drv.sys ZwSetInformationToken [0xB614990A]
SSDT \SystemRoot\system32\DRIVERS\3462167drv.sys ZwSetSecurityObject [0xB614A566]
SSDT \SystemRoot\system32\DRIVERS\3462167drv.sys ZwSetSystemInformation [0xB614AFBA]
SSDT \SystemRoot\system32\DRIVERS\3462167drv.sys ZwSuspendProcess [0xB614B0AC]
SSDT \SystemRoot\system32\DRIVERS\3462167drv.sys ZwSuspendThread [0xB614B1E6]
SSDT \SystemRoot\system32\DRIVERS\3462167drv.sys ZwSystemDebugControl [0xB614A1FA]
SSDT \SystemRoot\system32\DRIVERS\3462167drv.sys ZwTerminateProcess [0xB614721A]
SSDT \SystemRoot\system32\DRIVERS\3462167drv.sys ZwTerminateThread [0xB6147170]
SSDT \SystemRoot\system32\DRIVERS\3462167drv.sys ZwUnmapViewOfSection [0xB614AD0E]
SSDT \SystemRoot\system32\DRIVERS\3462167drv.sys ZwWriteVirtualMemory [0xB6147306]
SSDT \SystemRoot\system32\DRIVERS\3462167drv.sys ZwCreateThreadEx [0xB61474CE]
SSDT \SystemRoot\system32\DRIVERS\3462167drv.sys ZwCreateUserProcess [0xB61497AE]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateKey [0x82201FEC]
SSDT \SystemRoot\system32\ntkrnlpa.exe[unknown section] [82201FEC] ZwCreateKey [0x82201FEC]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenKey [0x82201FF1]
SSDT \SystemRoot\system32\ntkrnlpa.exe[unknown section] [82201FF1] ZwOpenKey [0x82201FF1]

INT 0x03 \SystemRoot\system32\ntkrnlpa.exe[unknown section] 82201FFB
INT 0x62 ? 8583FCB8
INT 0x72 ? 8583FCB8
INT 0x82 ? 8583FCB8
INT 0xA2 ? 83F3CCB8
INT 0xA2 ? 83F3CCB8
INT 0xA2 ? 8583FCB8
INT 0xA2 ? 83F3CCB8
INT 0xB2 ? 83F3CCB8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 119 822AD89C 12 Bytes [36, 6E, 14, B6, 90, 4E, 13, ...] {OUTS DX, BYTE SS:[ESI]; ADC AL, 0xb6; NOP ; DEC ESI; ADC EAX, [ESI-0x79ecb090]}
.text ntkrnlpa.exe!KeSetEvent + 131 822AD8B4 4 Bytes [80, 4F, 12, 86] {OR BYTE [EDI+0x12], 0x86}
.text ntkrnlpa.exe!KeSetEvent + 13D 822AD8C0 8 Bytes [74, 90, 14, B6, EE, 92, 14, ...] {JZ 0xffffffffffffff92; ADC AL, 0xb6; OUT DX, AL ; XCHG EDX, EAX; ADC AL, 0xb6}
.text ntkrnlpa.exe!KeSetEvent + 181 822AD904 4 Bytes [64, 95, 14, B6]
.text ntkrnlpa.exe!KeSetEvent + 1A9 822AD92C 4 Bytes [4A, 77, 14, B6]
.text ...
? system32\drivers\xgjtgb.sys The system cannot find the path specified. !
.text sptd.sys 8648C000 32 Bytes [C0, EE, 5B, 82, 06, 81, 5C, ...]
.text sptd.sys 8648C024 104 Bytes [EA, F3, 23, 82, 41, EB, 2E, ...]
.text sptd.sys 8648C08D 103 Bytes [A1, 24, 82, 81, EB, 2A, 82, ...]
.text sptd.sys 8648C0F5 20 Bytes [68, 24, 82, F0, 02, 22, 82, ...]
.text sptd.sys 8648C10A 2 Bytes [23, 82]
.text ...
.sptd2 C:\Windows\System32\Drivers\sptd.sys entry point in ".sptd2" section [0x865369E3]
? C:\Windows\System32\Drivers\sptd.sys The process cannot access the file because it is being used by another process.
.text USBPORT.SYS!DllUnload 8B2CB41B 5 Bytes JMP 8583F1C8
.text avx2ofzx.SYS 8B375000 230 Bytes [60, EF, 5B, 82, 82, 23, 5C, ...]
.text avx2ofzx.SYS 8B3750E7 31 Bytes [00, 38, 0F, 00, 00, 00, 00, ...]
.text avx2ofzx.SYS 8B375107 224 Bytes [56, 09, 18, 08, DA, 0A, 9C, ...]
.text avx2ofzx.SYS 8B3751E8 253 Bytes [5D, F8, 5C, 3A, 5E, 7C, 5F, ...]
.text avx2ofzx.SYS 8B3752E6 43 Bytes [B9, B6, BC, F8, BD, 3A, BF, ...]
.text ...
.text C:\Windows\system32\drivers\aksfridge.sys section is writeable [0xB5884000, 0x49379, 0xE0000020]
.init C:\Windows\system32\drivers\aksfridge.sys entry point in ".init" section [0xB58DA224]
.init C:\Windows\system32\drivers\aksfridge.sys unknown last code section [0xB58DA000, 0x4000, 0xE20000E0]
.text C:\Windows\system32\drivers\hardlock.sys section is writeable [0xB5906400, 0x6EB98, 0xE8000020]
.protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".p" section [0xB5990C20] C:\Windows\system32\drivers\hardlock.sys entry point in ".protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".p" section [0xB5990C20]
.protect˙˙˙˙hardlockunknown last code section [0xB5990A00, 0x50CA, 0xE0000020] C:\Windows\system32\drivers\hardlock.sys unknown last code section [0xB5990A00, 0x50CA, 0xE0000020]
? system32\DRIVERS\3462167drv.sys The system cannot find the path specified. !
? C:\Windows\system32\DRIVERS\00796809.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

CODE C:\Windows\system\svchost.exe[5208] C:\Windows\system\svchost.exe entry point in "CODE" section [0x00401F90]

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8648DEEE] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [8648E20E] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8648D70C] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8648E0CC] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [8648D832] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8648D8F0] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [864A1F56] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\System32\Drivers\avx2ofzx.SYS[HAL.dll!KfAcquireSpinLock] B033D855
IAT \SystemRoot\System32\Drivers\avx2ofzx.SYS[HAL.dll!KfReleaseSpinLock] B089DC7D
IAT \SystemRoot\System32\Drivers\avx2ofzx.SYS[storport.sys!StorPortPauseDevice] 00C4B033
IAT \SystemRoot\System32\Drivers\avx2ofzx.SYS[storport.sys!StorPortResumeDevice] CF330000
IAT \SystemRoot\System32\Drivers\avx2ofzx.SYS[storport.sys!StorPortInitialize] 00A4B089
IAT \SystemRoot\System32\Drivers\avx2ofzx.SYS[storport.sys!StorPortNotification] B0330000
IAT \SystemRoot\System32\Drivers\avx2ofzx.SYS[TDI.SYS!TdiDeregisterPnPHandlers] 000000A8
IAT \SystemRoot\System32\Drivers\avx2ofzx.SYS[TDI.SYS!TdiRegisterPnPHandlers] 00CCB033
IAT \SystemRoot\System32\Drivers\avx2ofzx.SYS[NETIO.SYS!WskDeregister] ACB08918
IAT \SystemRoot\System32\Drivers\avx2ofzx.SYS[NETIO.SYS!WskReleaseProviderNPI] [8B000000] \SystemRoot\system32\DRIVERS\mssmbios.sys (System Management BIOS Driver/Microsoft Corporation)
IAT \SystemRoot\System32\Drivers\avx2ofzx.SYS[NETIO.SYS!WskRegister] A7309534
IAT \SystemRoot\System32\Drivers\avx2ofzx.SYS[NETIO.SYS!WskCaptureProviderNPI] D98B8B39

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\system32\wuauclt.exe[352] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802EC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\wuauclt.exe[352] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00802C90] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\wuauclt.exe[352] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\wuauclt.exe[352] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802C60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\WinZip\WZQKPICK.EXE[1544] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00422EC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\WinZip\WZQKPICK.EXE[1544] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00422C90] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\WinZip\WZQKPICK.EXE[1544] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00422C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\WinZip\WZQKPICK.EXE[1544] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00422C60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\iTunes\iTunesHelper.exe[2408] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00282EC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\iTunes\iTunesHelper.exe[2408] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00282C90] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\iTunes\iTunesHelper.exe[2408] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00282C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\iTunes\iTunesHelper.exe[2408] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00282C60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Java\Java Update\jusched.exe[2776] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00392EC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Java\Java Update\jusched.exe[2776] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00392C90] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Java\Java Update\jusched.exe[2776] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00392C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Java\Java Update\jusched.exe[2776] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00392C60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe[2836] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00392EC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe[2836] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00392C90] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe[2836] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00392C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe[2836] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00392C60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2896] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [001D2EC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2896] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [001D2C90] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2896] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [001D2C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2896] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [001D2C60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\SafeConnect\scClient.exe[3204] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00392EC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\SafeConnect\scClient.exe[3204] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00392C90] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\SafeConnect\scClient.exe[3204] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00392C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\SafeConnect\scClient.exe[3204] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00392C60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\Explorer.EXE[3208] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [001B2EC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\Explorer.EXE[3208] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [001B2C90] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\Explorer.EXE[3208] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [001B2C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\Explorer.EXE[3208] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [001B2C60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam10\QuickCam10.exe[3304] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [001E2EC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam10\QuickCam10.exe[3304] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [001E2C90] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam10\QuickCam10.exe[3304] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [001E2C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam10\QuickCam10.exe[3304] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [001E2C60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\ehome\ehtray.exe[3428] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [001E2EC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\ehome\ehtray.exe[3428] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [001E2C90] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\ehome\ehtray.exe[3428] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [001E2C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\ehome\ehtray.exe[3428] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [001E2C60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe[3496] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00372EC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe[3496] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00372C90] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe[3496] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00372C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe[3496] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00372C60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\taskeng.exe[3536] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802EC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\taskeng.exe[3536] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00802C90] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\taskeng.exe[3536] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\taskeng.exe[3536] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802C60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\ehome\ehmsas.exe[3560] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00292EC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\ehome\ehmsas.exe[3560] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00292C90] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\ehome\ehmsas.exe[3560] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00292C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\ehome\ehmsas.exe[3560] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00292C60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\Dwm.exe[3580] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00152EC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\Dwm.exe[3580] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00152C90] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\Dwm.exe[3580] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00152C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\Dwm.exe[3580] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00152C60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Sidebar\sidebar.exe[3628] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [001D2EC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Sidebar\sidebar.exe[3628] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [001D2C90] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Sidebar\sidebar.exe[3628] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [001D2C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Sidebar\sidebar.exe[3628] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [001D2C60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3684] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01962EC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3684] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [01962C90] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3684] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01962C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3684] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01962C60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\wbem\unsecapp.exe[3836] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [000A2EC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\wbem\unsecapp.exe[3836] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [000A2C90] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\wbem\unsecapp.exe[3836] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [000A2C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\wbem\unsecapp.exe[3836] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [000A2C60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3840] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003E2EC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3840] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [003E2C90] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3840] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003E2C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3840] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003E2C60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\DAEMON Tools Pro\DTAgent.exe[4056] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003D2EC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\DAEMON Tools Pro\DTAgent.exe[4056] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [003D2C90] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\DAEMON Tools Pro\DTAgent.exe[4056] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003D2C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\DAEMON Tools Pro\DTAgent.exe[4056] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003D2C60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Users\Devonasa\Desktop\gmer.exe[4652] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00172EC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Users\Devonasa\Desktop\gmer.exe[4652] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00172C90] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Users\Devonasa\Desktop\gmer.exe[4652] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00172C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Users\Devonasa\Desktop\gmer.exe[4652] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00172C60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Sidebar\sidebar.exe[4680] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00112EC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Sidebar\sidebar.exe[4680] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00112C90] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Sidebar\sidebar.exe[4680] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00112C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Sidebar\sidebar.exe[4680] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00112C60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system\svchost.exe[5208] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [002C2EC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system\svchost.exe[5208] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [002C2C90] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system\svchost.exe[5208] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [002C2C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system\svchost.exe[5208] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [002C2C60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[5244] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00372EC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[5244] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00372C90] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[5244] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00372C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[5244] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00372C60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[5912] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00932EC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[5912] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00932C90] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[5912] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00932C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[5912] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00932C60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 83F441E8
Device \FileSystem\fastfat \FatCdrom 84BFD1E8
Device \Driver\usbuhci \Device\USBPDO-0 858F11E8
Device \Driver\usbuhci \Device\USBPDO-1 858F11E8
Device \Driver\usbuhci \Device\USBPDO-2 858F11E8
Device \Driver\usbuhci \Device\USBPDO-3 858F11E8
Device \Driver\usbehci \Device\USBPDO-4 8588A1E8

AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\cdrom \Device\CdRom0 858EE1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 83F421E8
Device \Driver\atapi \Device\Ide\IdePort0 83F421E8
Device \Driver\atapi \Device\Ide\IdePort1 83F421E8
Device \Driver\atapi \Device\Ide\IdePort2 83F421E8
Device \Driver\msahci \Device\Ide\PciIde1Channel0 83F431E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-2 83F421E8
Device \Driver\msahci \Device\Ide\PciIde1Channel2 83F431E8
Device \Driver\cdrom \Device\CdRom1 858EE1E8
Device \Driver\netbt \Device\NetBT_Tcpip_{01978311-CCD6-433B-B120-104F25507CF3} 861B51E8
Device \Driver\netbt \Device\NetBt_Wins_Export 861B51E8
Device \Driver\Smb \Device\NetbiosSmb 861531E8
Device \Driver\iScsiPrt \Device\RaidPort0 859101E8

AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\PCI_PNP7223 \Device\0000005d sptd.sys
Device \Driver\PCI_PNP7223 \Device\0000005d sptd.sys
Device \Driver\netbt \Device\NetBT_Tcpip_{FB3AA8F6-0159-4F70-994A-780FCEE470F9} 861B51E8
Device \Driver\disk \Device\Harddisk0\DR0 aksfridge.sys
Device \Driver\usbuhci \Device\USBFDO-0 858F11E8
Device \Driver\usbuhci \Device\USBFDO-1 858F11E8
Device \Driver\usbuhci \Device\USBFDO-2 858F11E8
Device \Driver\usbuhci \Device\USBFDO-3 858F11E8
Device \Driver\usbehci \Device\USBFDO-4 8588A1E8
Device \Driver\avx2ofzx \Device\Scsi\avx2ofzx1Port4Path0Target0Lun0 858FE1E8
Device \Driver\avx2ofzx \Device\Scsi\avx2ofzx1 858FE1E8
Device \FileSystem\fastfat \Fat 84BFD1E8

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\cdfs \Cdfs 841451E8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\[email protected] 0xB2 0x15 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\[email protected] 0x12 0x21 0x5B 0xCC ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0x2F 0x1B 0x86 0x2D ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\[email protected] 0x97 0x62 0x9D 0xCD ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] 0x61 0xEF 0x0A 0x30 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0x2F 0x1B 0x86 0x2D ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\[email protected] 0x26 0xBC 0xFD 0x86 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0xDC 0xF5 0x67 0x62 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0x2F 0x1B 0x86 0x2D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\[email protected] 0x26 0xBC 0xFD 0x86 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{120C2D78-23F4-01B7-26B1-36CA514313FD}\Server
Reg HKLM\SOFTWARE\Classes\CLSID\{59E21825-1CE4-700E-FB22-EB6D6CC252A9}\Server
Reg HKLM\SOFTWARE\Classes\CLSID\{96EC3B24-A824-2F20-DC84-2F90654DA22C}\Server
Reg HKLM\SOFTWARE\Classes\CLSID\{BF3DBF1F-BEF5-6C22-BAF7-9D0E4C3428BC}\Server
Reg HKLM\SOFTWARE\Classes\CLSID\{CF436869-C663-4DA0-D99C-6C5EFC323C16}\Server

---- Files - GMER 1.0.15 ----

File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010019.ci 0 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010019.dir 0 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010019.wid 0 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001F.ci 0 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001F.dir 0 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001F.wid 0 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010020.ci 0 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010020.dir 0 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010020.wid 0 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010021.ci 0 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010021.wid 0 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010022.ci 0 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010022.dir 0 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010022.wid 0 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010018.wid 0 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010021.dir 0 bytes

---- EOF - GMER 1.0.15 ----
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP