Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malware, Rootkit ? Plz Help

Started by kelvinosullivan , Sep 05 2011 07:19 PM

  • Please log in to reply

#1
kelvinosullivan
Posted 05 September 2011 - 07:19 PM

kelvinosullivan

    New Member

  • Member
  • Pip
  • 3 posts
Hey Guys

Im having a real bad time with my pc, a few days ago i switched on my computer an it went to startup repair (and everytime i boot it does the same thing now} i managed to skip the startup repair eventually by skipping it at boot, but its doing it again now, i have tried everything i can thing of which include: commands chkdsk and chkdsk /r, sfc /scannow and sfc repair too, i deleted all the programs i recently downloaded an reverted any changes i made to hardware an so on, i have been trying to fix this for the last 3 days, i have malwarebytes, avast, webroot secure anywhere, ErrorEnd, SuperAntiSpyware, Ccleaner, advanced system care,HDD Health, microsoft fixit, OTL and eset online scanner (i know loads of programs right but im desperate to get it fixed). out of all these programs eset online scanner has found 3 variants of this file win32/installcore.c application. i did run a avast scan 2 days ago and it did pop up for literally 2 secs saying it found rootkits. i just ran OTL and heres the log for the last 30 days, as the problem only started recently i will attach the file. I went to event viewer and these 2 exact same errors could be seen, i will attach the print screen. well people thats basically as far as i can get without formatting the drive or installing a new OS, if there is any help you guys can give me at all it will be greatly appreciated Thanks.....

It wouldn't let me post the 30 day log for some reason sorry heres the event 1 though Attached File  OTL.Txt   95.4KB   63 downloads

OTL logfile created on: 9/6/2011 12:53:44 AM - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\Kelvin\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

1.96 Gb Total Physical Memory | 0.33 Gb Available Physical Memory | 16.66% Memory free
3.92 Gb Paging File | 2.25 Gb Available in Paging File | 57.37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 187.69 Gb Total Space | 76.75 Gb Free Space | 40.89% Space Free | Partition Type: NTFS
Drive D: | 30.25 Gb Total Space | 29.59 Gb Free Space | 97.84% Space Free | Partition Type: NTFS
Drive F: | 25.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: KELVINATORS-PC | User Name: Kelvin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/06 00:50:22 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Kelvin\Downloads\OTL.exe
PRC - [2011/09/06 00:42:12 | 000,583,136 | ---- | M] (Webroot) -- C:\Program Files\Webroot\WRSA.exe
PRC - [2011/09/05 23:27:09 | 015,338,952 | ---- | M] (Microsoft Corporation) -- C:\Users\Kelvin\Downloads\windows-kb890830-v3.22.exe
PRC - [2011/09/05 13:36:18 | 000,243,360 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10w_ActiveX.exe
PRC - [2011/08/12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/07/30 10:05:10 | 000,083,912 | ---- | M] (Microsoft Corporation) -- c:\3e9a66c43f9b615bb816729f8dfba4\mrtstub.exe
PRC - [2011/07/04 12:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/07/04 12:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/06/24 05:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/06/22 08:47:34 | 000,884,304 | ---- | M] () -- C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/20 13:17:21 | 000,233,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msconfig.exe
PRC - [2010/11/20 13:17:17 | 000,132,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MdSched.exe
PRC - [2010/11/20 13:17:00 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
PRC - [2010/04/24 01:10:54 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/04/24 01:10:44 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/03/25 17:32:02 | 000,445,496 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\SASrv.exe
PRC - [2009/09/29 17:23:20 | 004,114,288 | ---- | M] (Lenovo(beijing) Limited) -- C:\Program Files\Lenovo\Energy Management\utility.exe
PRC - [2009/09/29 17:22:46 | 005,064,560 | ---- | M] (Lenovo (Beijing) Limited) -- C:\Program Files\Lenovo\Energy Management\Energy Management.exe
PRC - [2009/07/14 15:27:26 | 000,038,152 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe
PRC - [2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IgrsSvcs.exe
PRC - [2009/07/14 02:14:37 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sfc.exe
PRC - [2009/06/04 20:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/06/15 12:14:30 | 001,692,672 | ---- | M] (PANTERASoft) -- C:\Program Files\HDD Health\hddhealth.exe


========== Modules (No Company Name) ==========

MOD - [2011/06/22 08:47:34 | 000,884,304 | ---- | M] () -- C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
MOD - [2008/12/20 04:20:50 | 000,063,304 | ---- | M] () -- C:\Program Files\Lenovo\Energy Management\KbdHook.dll
MOD - [2008/12/20 04:20:08 | 000,051,016 | ---- | M] () -- C:\Program Files\Lenovo\Energy Management\HookLib.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (Lavasoft Ad-Aware Service)
SRV - [2011/09/06 00:42:12 | 000,583,136 | ---- | M] (Webroot) [Auto | Running] -- C:\Program Files\Webroot\WRSA.exe -- (WRSVC)
SRV - [2011/08/12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/07/04 12:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/03/08 14:07:28 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/04/24 01:10:54 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/04/24 01:10:44 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/03/25 17:32:02 | 000,445,496 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\SASrv.exe -- (SAService)
SRV - [2009/09/22 19:16:32 | 000,579,400 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe -- (Lenovo ReadyComm ConnSvc)
SRV - [2009/08/14 15:22:48 | 000,509,192 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files\Lenovo\ReadyComm\AppSvc.exe -- (Lenovo ReadyComm AppSvc)
SRV - [2009/07/14 15:27:26 | 000,038,152 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe -- (IGRS)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\windows\System32\IgrsSvcs.exe -- (ReadyComm.DirectRouter)
SRV - [2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\System32\IgrsSvcs.exe -- (PS_MDP)
SRV - [2009/06/04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - [2011/09/06 00:42:16 | 000,105,800 | ---- | M] (Webroot) [Kernel | Boot | Running] -- C:\windows\System32\drivers\WRkrn.sys -- (WRkrn)
DRV - [2011/08/28 11:34:41 | 000,054,800 | ---- | M] () [Kernel | System | Running] -- C:\windows\System32\drivers\funfrm.sys -- (funfrm)
DRV - [2011/08/23 19:31:01 | 000,443,448 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2011/07/22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/07/04 12:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/07/04 12:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/07/04 12:35:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/07/04 12:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/07/04 12:32:20 | 000,054,104 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/07/04 12:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/04/26 01:00:20 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/11/20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/04/24 01:10:54 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2010/04/24 01:10:52 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2010/04/24 01:10:50 | 000,195,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2010/04/24 01:10:44 | 000,550,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2010/04/22 05:08:22 | 000,218,744 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2010/03/31 07:49:52 | 000,517,688 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2010/01/20 06:14:42 | 000,023,136 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV - [2009/10/16 18:37:28 | 000,172,160 | ---- | M] (SMI) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SMIksdrv.sys -- (usbsmi)
DRV - [2009/09/10 14:31:48 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009/07/28 22:09:36 | 000,063,240 | ---- | M] (Lenovo) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdbridge.sys -- (Bridge0)
DRV - [2009/07/24 14:51:38 | 000,101,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009/07/21 22:14:58 | 000,081,704 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wsvd.sys -- (wsvd)
DRV - [2009/07/16 13:37:14 | 000,011,792 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WDMirror.sys -- (wdmirror)
DRV - [2009/07/14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 23:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel®
DRV - [2009/07/13 23:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink ™
DRV - [2009/06/18 10:15:22 | 000,214,024 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/06/18 10:15:22 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/06/18 10:15:22 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/06/18 10:15:22 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/06/18 10:14:52 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2008/08/06 13:34:16 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2098614033-271334484-3226454627-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
IE - HKU\S-1-5-21-2098614033-271334484-3226454627-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-IE
IE - HKU\S-1-5-21-2098614033-271334484-3226454627-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=685749"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.ie/"
FF - prefs.js..keyword.URL: "http://uk.search.yah...type=685749&p="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/09/04 12:14:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components

[2011/03/12 00:22:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kelvin\AppData\Roaming\Mozilla\Extensions
[2011/09/05 22:34:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kelvin\AppData\Roaming\Mozilla\Firefox\Profiles\cxdrwi0b.default\extensions
[2011/09/04 21:11:44 | 000,000,000 | ---D | M] (Bandoo for Firefox) -- C:\Users\Kelvin\AppData\Roaming\Mozilla\Firefox\Profiles\cxdrwi0b.default\extensions\[email protected]
[2011/09/05 22:34:46 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Kelvin\AppData\Roaming\Mozilla\Firefox\Profiles\cxdrwi0b.default\extensions\[email protected]
[2011/07/11 19:04:02 | 000,000,633 | ---- | M] () -- C:\Users\Kelvin\AppData\Roaming\Mozilla\Firefox\Profiles\cxdrwi0b.default\searchplugins\startsear.xml
() (No name found) -- C:\USERS\KELVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CXDRWI0B.DEFAULT\EXTENSIONS\[email protected]

O1 HOSTS File: ([2011/08/18 21:19:27 | 000,434,097 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 14938 more lines...
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.35.10\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKU\S-1-5-21-2098614033-271334484-3226454627-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - Reg Error: Value error. File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [WRSVC] C:\Program Files\Webroot\WRSA.exe (Webroot)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2098614033-271334484-3226454627-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2098614033-271334484-3226454627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{393E1CE2-A8CA-4E32-A66D-2E9CD9D5A7A3}: NameServer = 83.136.47.249 193.120.14.101
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/11/18 15:18:22 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) - F:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2009/03/20 18:20:32 | 000,027,750 | R--- | M] () - F:\AutoRun.ico -- [ CDFS ]
O32 - AutoRun File - [2009/11/17 15:01:12 | 000,000,047 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk /r \??\C:) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\windows\System32\lsdelete.exe ()
O34 - HKLM BootExecute: (autocheck autochk /k:C *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-2098614033-271334484-3226454627-1000..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-2098614033-271334484-3226454627-1000\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/06 00:42:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot SecureAnywhere
[2011/09/06 00:42:16 | 000,121,184 | ---- | C] (Webroot) -- C:\windows\System32\WRusr.dll
[2011/09/06 00:42:16 | 000,105,800 | ---- | C] (Webroot) -- C:\windows\System32\drivers\WRkrn.sys
[2011/09/06 00:42:12 | 000,000,000 | ---D | C] -- C:\Program Files\Webroot
[2011/09/06 00:41:52 | 000,000,000 | ---D | C] -- C:\ProgramData\WRData
[2011/09/05 23:59:36 | 000,000,000 | ---D | C] -- C:\3e9a66c43f9b615bb816729f8dfba4
[2011/09/05 23:29:59 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/09/05 22:35:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HDD Health
[2011/09/05 22:35:41 | 000,000,000 | ---D | C] -- C:\Program Files\HDD Health
[2011/09/05 22:34:45 | 000,000,000 | ---D | C] -- C:\Program Files\BabylonToolbar
[2011/09/05 22:34:33 | 000,000,000 | ---D | C] -- C:\Users\Kelvin\AppData\Roaming\Babylon
[2011/09/05 22:34:33 | 000,000,000 | ---D | C] -- C:\Users\Kelvin\AppData\Local\Babylon
[2011/09/05 22:28:06 | 000,000,000 | ---D | C] -- C:\perflogs
[2011/09/05 22:24:12 | 000,000,000 | ---D | C] -- C:\Users\Kelvin\AppData\Local\MigWiz
[2011/09/05 20:35:26 | 000,000,000 | ---D | C] -- C:\Users\Kelvin\AppData\Roaming\Birdstep Technology
[2011/09/05 20:29:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3 Mobile Broadband
[2011/09/05 20:28:36 | 000,180,736 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\windows\System32\drivers\ewusbnet.sys
[2011/09/05 20:28:36 | 000,102,912 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\windows\System32\drivers\ewusbmdm.sys
[2011/09/05 20:28:36 | 000,101,248 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\windows\System32\drivers\ewusbdev.sys
[2011/09/05 20:28:36 | 000,023,424 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\windows\System32\drivers\ewdcsc.sys
[2011/09/05 20:27:33 | 000,000,000 | ---D | C] -- C:\Program Files\3 Mobile Broadband
[2011/09/05 16:50:00 | 000,000,000 | ---D | C] -- C:\Users\Kelvin\AppData\Local\ElevatedDiagnostics
[2011/09/05 15:34:38 | 000,082,696 | ---- | C] (Microsoft Corporation.) -- C:\windows\System32\lmdimon8.dll
[2011/09/05 15:33:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Applications
[2011/09/05 15:09:51 | 000,000,000 | ---D | C] -- C:\windows\pss
[2011/09/05 14:08:05 | 000,000,000 | ---D | C] -- C:\windows\temp
[2011/09/05 14:06:18 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/09/05 13:47:32 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2011/09/05 13:47:32 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2011/09/05 13:47:32 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2011/09/05 13:44:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/09/05 13:38:52 | 001,002,008 | ---- | C] (Intel Corporation) -- C:\windows\System32\igxpun.exe
[2011/09/05 13:38:33 | 000,000,000 | ---D | C] -- C:\Drivers
[2011/09/05 13:28:29 | 000,000,000 | ---D | C] -- C:\Users\Kelvin\AppData\Roaming\SUPERAntiSpyware.com
[2011/09/05 13:28:06 | 000,000,000 | ---D | C] -- C:\Users\Kelvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/09/05 13:28:03 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/09/05 13:28:03 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/09/05 13:22:49 | 000,065,808 | ---- | C] (trend_company_name) -- C:\windows\System32\drivers\tmrkb.sys
[2011/09/05 13:22:48 | 000,205,072 | ---- | C] (Trend Micro Inc.) -- C:\windows\System32\drivers\tmcomm.sys
[2011/09/05 11:38:23 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2011/09/05 11:37:54 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/09/05 11:19:23 | 000,000,000 | ---D | C] -- C:\Users\Kelvin\AppData\Local\{4E03C9D3-464E-45F3-9824-4D574B0E56EE}
[2011/09/05 11:19:02 | 000,000,000 | ---D | C] -- C:\Users\Kelvin\AppData\Local\{A7DF3735-FD62-4E05-8F50-8E9B5C1319D0}
[2011/09/04 15:41:07 | 000,000,000 | ---D | C] -- C:\Users\Kelvin\Tracing
[2011/09/04 15:40:53 | 000,000,000 | ---D | C] -- C:\Users\Kelvin\AppData\Local\VirtualStore
[2011/09/04 14:34:12 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2011/09/04 14:34:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/04 14:34:06 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2011/09/04 14:34:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/09/04 13:38:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Window Registry Repair
[2011/09/04 13:38:21 | 000,000,000 | ---D | C] -- C:\Program Files\Free Window Registry Repair
[2011/09/04 13:20:01 | 000,000,000 | ---D | C] -- C:\ProgramData\{3D289CAC-AD9F-45d9-9D36-524EB7B6C958}
[2011/09/04 12:50:13 | 000,000,000 | ---D | C] -- C:\ProgramData\ErrorEND
[2011/09/03 15:33:10 | 000,000,000 | ---D | C] -- C:\Users\Kelvin\AppData\Roaming\CheckPoint
[2011/09/03 15:32:10 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2011/09/03 15:31:24 | 000,000,000 | ---D | C] -- C:\windows\System32\ZoneLabs
[2011/09/03 15:30:51 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2011/09/03 15:29:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 2
[2011/09/03 15:29:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Booster
[2011/09/03 15:29:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
[2011/09/03 15:27:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 4
[2011/09/03 15:06:03 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2011/09/03 00:37:48 | 000,000,000 | ---D | C] -- C:\BIOS
[2011/09/02 16:33:44 | 000,000,000 | ---D | C] -- C:\windows\System32\directx
[2011/09/02 16:12:28 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2011/09/02 15:32:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint
[2011/09/02 14:48:06 | 000,000,000 | -HSD | C] -- C:\ProgramData\DSS
[2011/09/02 14:30:05 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DX9_43.dll
[2011/09/02 14:30:04 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XAPOFX1_4.dll
[2011/09/02 14:30:03 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XAudio2_6.dll
[2011/09/02 14:30:02 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DX9_42.dll
[2011/09/02 14:30:02 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xinput1_3.dll
[2011/09/02 14:30:02 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\X3DAudio1_7.dll
[2011/09/02 13:44:54 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2011/09/02 00:35:35 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Software
[2011/09/02 00:09:59 | 000,000,000 | ---D | C] -- C:\Users\Kelvin\AppData\Roaming\AVS4YOU
[2011/09/02 00:07:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVSMedia
[2011/09/02 00:07:01 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU
[2011/09/02 00:07:01 | 000,000,000 | ---D | C] -- C:\Program Files\AVS4YOU
[2011/09/01 16:39:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/09/01 16:39:38 | 000,019,544 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswFsBlk.sys
[2011/09/01 16:39:37 | 000,309,848 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswSP.sys
[2011/09/01 16:39:25 | 000,025,432 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswRdr.sys
[2011/09/01 16:39:24 | 000,043,608 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswTdi.sys
[2011/09/01 16:39:21 | 000,441,176 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswSnx.sys
[2011/09/01 16:39:19 | 000,054,104 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswMonFlt.sys
[2011/09/01 16:38:41 | 000,199,304 | ---- | C] (AVAST Software) -- C:\windows\System32\aswBoot.exe
[2011/09/01 16:38:41 | 000,040,112 | ---- | C] (AVAST Software) -- C:\windows\avastSS.scr
[2011/08/29 16:26:46 | 000,000,000 | ---D | C] -- C:\Users\Kelvin\AppData\Roaming\EasyCapture
[2011/08/28 13:11:43 | 002,532,480 | ---- | C] (Silicon Motion Corporation) -- C:\windows\System32\drivers\SMIexp.sys
[2011/08/28 13:11:41 | 000,937,984 | ---- | C] (SiliconMotion) -- C:\windows\System32\RemoveSM37X.exe
[2011/08/28 13:11:41 | 000,172,160 | ---- | C] (SMI) -- C:\windows\System32\drivers\SMIksdrv.sys
[2011/08/28 12:59:52 | 000,445,496 | ---- | C] (Conexant Systems, Inc.) -- C:\windows\System32\SASrv.exe
[2011/08/28 12:57:36 | 000,000,000 | ---D | C] -- C:\Intel
[2011/08/24 17:33:37 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tzres.dll
[2011/08/20 16:37:18 | 000,000,000 | ---D | C] -- C:\Users\Kelvin\Documents\Downloads
[2011/08/20 14:07:07 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/08/20 14:04:51 | 000,000,000 | ---D | C] -- C:\windows\System32\drivers\AVG
[2011/08/20 12:54:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SopCast
[2011/08/20 12:44:03 | 000,079,816 | ---- | C] (McAfee, Inc.) -- C:\windows\System32\drivers\mfeavfk.sys
[2011/08/20 12:44:03 | 000,040,552 | ---- | C] (McAfee, Inc.) -- C:\windows\System32\drivers\mfesmfk.sys
[2011/08/20 12:44:03 | 000,035,272 | ---- | C] (McAfee, Inc.) -- C:\windows\System32\drivers\mfebopk.sys
[2011/08/20 12:38:07 | 000,034,248 | ---- | C] (McAfee, Inc.) -- C:\windows\System32\drivers\mferkdk.sys
[2011/08/20 12:31:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Drivers
[2011/08/20 12:31:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo EasyCapture
[2011/08/20 12:11:16 | 000,000,000 | ---D | C] -- C:\Driver
[2011/08/18 22:33:16 | 000,000,000 | ---D | C] -- C:\Users\Kelvin\AppData\Roaming\Yahoo!
[2011/08/18 21:31:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/08/18 21:20:05 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\windows\System32\drivers\Lbd.sys
[2011/08/18 21:20:04 | 000,000,000 | ---D | C] -- C:\windows\System32\DRVSTORE
[2011/08/18 21:19:57 | 000,101,720 | ---- | C] (Sunbelt Software) -- C:\windows\System32\drivers\SBREDrv.sys
[2011/08/15 17:19:18 | 000,000,000 | ---D | C] -- C:\Users\Kelvin\AppData\Roaming\Update
[2011/08/15 17:19:10 | 000,000,000 | ---D | C] -- C:\Users\Kelvin\AppData\Roaming\PCDr
[2011/08/14 13:18:18 | 000,000,000 | ---D | C] -- C:\Acronyms
[2011/08/11 10:25:45 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2011/08/11 10:25:42 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2011/08/11 10:25:41 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll
[2011/08/11 10:25:41 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2011/08/11 10:25:40 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll
[2011/08/10 19:59:07 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\odbcjt32.dll
[2011/08/10 19:59:07 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\odbctrac.dll
[2011/08/10 19:59:07 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\odbccp32.dll
[2011/08/10 19:59:07 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\odbccu32.dll
[2011/08/10 19:59:07 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\odbccr32.dll
[2011/08/10 19:55:27 | 003,912,576 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntoskrnl.exe
[2011/08/10 19:55:26 | 003,967,872 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntkrnlpa.exe
[2011/08/10 19:48:40 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\conhost.exe
[2011/08/10 19:48:40 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\winsrv.dll
[2011/08/10 19:48:40 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-file-l1-1-0.dll
[2011/08/10 19:48:40 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2011/08/10 19:48:40 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/08/10 19:48:40 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2011/08/10 19:48:40 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2011/08/10 19:48:40 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2011/08/10 19:48:39 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-security-base-l1-1-0.dll
[2011/08/10 19:48:39 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2011/08/10 19:48:39 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2011/08/10 19:48:39 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/08/10 19:48:39 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/08/10 19:48:39 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2011/08/10 19:48:39 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/08/10 19:48:39 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2011/08/10 19:48:39 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2011/08/10 19:48:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-util-l1-1-0.dll
[2011/08/10 19:48:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-string-l1-1-0.dll
[2011/08/10 19:48:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/08/10 19:48:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2011/08/10 19:48:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-io-l1-1-0.dll
[2011/08/10 19:48:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2011/08/10 19:48:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2011/08/10 19:48:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/08/10 19:48:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2011/08/10 19:48:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2011/08/10 19:48:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2011/08/10 19:48:38 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2011/08/10 19:48:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-console-l1-1-0.dll
[2011/08/08 20:15:40 | 000,000,000 | ---D | C] -- C:\windows\en
[2011/08/07 11:52:43 | 000,000,000 | ---D | C] -- C:\windows\Minidump
[2011/04/10 20:36:04 | 000,120,320 | ---- | C] ( ) -- C:\windows\System32\lagarith.dll
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/06 01:31:29 | 000,007,601 | ---- | M] () -- C:\Users\Kelvin\AppData\Local\resmon.resmoncfg
[2011/09/06 01:15:53 | 000,009,920 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/06 01:15:53 | 000,009,920 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/06 00:42:16 | 000,121,184 | ---- | M] (Webroot) -- C:\windows\System32\WRusr.dll
[2011/09/06 00:42:16 | 000,105,800 | ---- | M] (Webroot) -- C:\windows\System32\drivers\WRkrn.sys
[2011/09/05 22:08:12 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/09/05 22:08:08 | 1579,622,400 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/05 20:52:11 | 000,628,904 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2011/09/05 20:52:11 | 000,110,798 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2011/09/05 20:29:26 | 000,002,045 | ---- | M] () -- C:\Users\Public\Desktop\3Connect.lnk
[2011/09/05 20:29:26 | 000,001,979 | ---- | M] () -- C:\Users\Kelvin\Application Data\Microsoft\Internet Explorer\Quick Launch\3Connect.lnk
[2011/09/05 20:28:14 | 000,071,262 | ---- | M] () -- C:\windows\Huawei ModemsUninstall.exe
[2011/09/05 16:51:00 | 000,021,504 | ---- | M] () -- C:\windows\System32\umstartup.etl
[2011/09/05 16:39:03 | 000,000,384 | ---- | M] () -- C:\windows\tasks\ErrorEND.job
[2011/09/05 16:35:24 | 000,000,020 | ---- | M] () -- C:\windows\Lø@
[2011/09/05 13:36:18 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2011/09/05 13:23:26 | 000,205,072 | ---- | M] (Trend Micro Inc.) -- C:\windows\System32\drivers\tmcomm.sys
[2011/09/05 13:23:26 | 000,065,808 | ---- | M] (trend_company_name) -- C:\windows\System32\drivers\tmrkb.sys
[2011/09/05 12:23:59 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat
[2011/09/05 11:32:25 | 000,002,272 | ---- | M] () -- C:\Users\Kelvin\Documents\cc_20110905_113155.reg
[2011/09/04 12:18:44 | 000,002,577 | ---- | M] () -- C:\windows\System32\config.nt
[2011/09/03 00:20:55 | 000,093,628 | ---- | M] () -- C:\Users\Kelvin\Documents\cc_20110903_002049.reg
[2011/09/01 16:02:02 | 000,660,847 | ---- | M] () -- C:\windows\System32\drivers\AVG\iavifw.avm
[2011/08/28 21:22:13 | 000,000,064 | ---- | M] () -- C:\windows\System32\rp_stats.dat
[2011/08/28 21:22:13 | 000,000,044 | ---- | M] () -- C:\windows\System32\rp_rules.dat
[2011/08/28 14:01:56 | 000,014,744 | ---- | M] () -- C:\windows\System32\results.xml
[2011/08/28 11:34:41 | 001,024,000 | ---- | M] (Lenovo) -- C:\windows\System32\CamOpEx.dll
[2011/08/28 11:34:41 | 000,054,800 | ---- | M] () -- C:\windows\System32\drivers\funfrm.sys
[2011/08/20 12:11:28 | 003,727,720 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\d3dx9_35.dll
[2011/08/20 12:11:28 | 000,876,032 | ---- | M] (Abysmal Software) -- C:\windows\System32\DevIL.dll
[2011/08/20 12:11:28 | 000,241,664 | ---- | M] () -- C:\windows\System32\3DImageRenderer.dll
[2011/08/20 12:11:28 | 000,077,824 | ---- | M] (Abysmal Software) -- C:\windows\System32\ILU.dll
[2011/08/20 12:11:28 | 000,032,768 | ---- | M] (Abysmal Software) -- C:\windows\System32\ILUT.dll
[2011/08/18 21:19:56 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\windows\System32\drivers\SBREDrv.sys
[2011/08/18 21:19:27 | 000,434,097 | R--- | M] () -- C:\windows\System32\drivers\etc\hosts
[2011/08/18 20:33:28 | 000,001,945 | ---- | M] () -- C:\windows\epplauncher.mif
[2011/08/14 12:14:52 | 000,007,864 | ---- | M] () -- C:\Users\Kelvin\Documents\cc_20110625_115408.reg
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/05 20:29:26 | 000,002,045 | ---- | C] () -- C:\Users\Public\Desktop\3Connect.lnk
[2011/09/05 20:29:26 | 000,001,979 | ---- | C] () -- C:\Users\Kelvin\Application Data\Microsoft\Internet Explorer\Quick Launch\3Connect.lnk
[2011/09/05 16:35:23 | 000,000,020 | ---- | C] () -- C:\windows\Lø@
[2011/09/05 15:57:42 | 000,000,384 | ---- | C] () -- C:\windows\tasks\ErrorEND.job
[2011/09/05 13:47:32 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2011/09/05 13:47:32 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2011/09/05 13:47:32 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2011/09/05 13:47:32 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2011/09/05 13:47:32 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2011/09/05 13:44:14 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011/09/05 12:23:59 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat
[2011/09/05 11:31:58 | 000,002,272 | ---- | C] () -- C:\Users\Kelvin\Documents\cc_20110905_113155.reg
[2011/09/03 00:20:52 | 000,093,628 | ---- | C] () -- C:\Users\Kelvin\Documents\cc_20110903_002049.reg
[2011/09/01 16:49:00 | 000,660,847 | ---- | C] () -- C:\windows\System32\drivers\AVG\iavifw.avm
[2011/08/28 13:11:43 | 000,217,088 | ---- | C] () -- C:\windows\System32\370prop.ax
[2011/08/28 13:11:43 | 000,163,840 | ---- | C] () -- C:\windows\System32\SM37XCoInst.dll
[2011/08/28 13:11:41 | 000,002,070 | ---- | C] () -- C:\windows\Sensor.set
[2011/08/23 19:00:56 | 000,016,432 | ---- | C] () -- C:\windows\System32\lsdelete.exe
[2011/08/18 21:39:04 | 000,000,064 | ---- | C] () -- C:\windows\System32\rp_stats.dat
[2011/08/18 21:39:04 | 000,000,044 | ---- | C] () -- C:\windows\System32\rp_rules.dat
[2011/08/13 23:25:55 | 000,001,945 | ---- | C] () -- C:\windows\epplauncher.mif
[2011/06/10 06:34:52 | 000,080,416 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll
[2011/06/07 23:27:21 | 000,001,660 | ---- | C] () -- C:\windows\System32\ASOROSet.bin
[2011/06/06 12:32:47 | 000,007,601 | ---- | C] () -- C:\Users\Kelvin\AppData\Local\resmon.resmoncfg
[2011/05/01 13:58:12 | 000,077,824 | ---- | C] () -- C:\windows\System32\freeisys.dll
[2011/05/01 13:58:11 | 000,270,848 | ---- | C] () -- C:\windows\unwise.exe
[2011/05/01 01:30:51 | 000,043,520 | ---- | C] () -- C:\windows\System32\CmdLineExt03.dll
[2011/05/01 01:23:28 | 000,021,840 | ---- | C] () -- C:\windows\System32\SIntfNT.dll
[2011/05/01 01:23:28 | 000,017,212 | ---- | C] () -- C:\windows\System32\SIntf32.dll
[2011/05/01 01:23:28 | 000,012,067 | ---- | C] () -- C:\windows\System32\SIntf16.dll
[2011/04/27 23:08:32 | 000,071,262 | ---- | C] () -- C:\windows\Huawei ModemsUninstall.exe
[2011/03/11 22:48:46 | 000,012,088 | -HS- | C] () -- C:\ProgramData\3923678252
[2011/03/11 22:48:46 | 000,012,080 | -HS- | C] () -- C:\Users\Kelvin\AppData\Local\3923678252
[2011/02/25 20:06:47 | 000,000,088 | ---- | C] () -- C:\ProgramData\profile.xml
[2010/09/18 06:42:36 | 002,110,728 | ---- | C] () -- C:\windows\System32\Apblend.dll
[2010/09/18 06:42:36 | 001,410,312 | ---- | C] () -- C:\windows\System32\IcnOvrly.dll
[2010/09/18 06:42:36 | 001,171,456 | ---- | C] () -- C:\windows\System32\PicNotify.dll
[2010/09/18 06:42:36 | 000,660,744 | ---- | C] () -- C:\windows\System32\EncIcons.dll
[2010/09/18 06:42:36 | 000,513,288 | ---- | C] () -- C:\windows\System32\SimpleExt.dll
[2010/09/18 06:42:23 | 000,241,664 | ---- | C] () -- C:\windows\System32\3DImageRenderer.dll
[2010/09/18 06:41:52 | 000,054,800 | ---- | C] () -- C:\windows\System32\drivers\funfrm.sys
[2010/09/18 06:39:53 | 000,140,288 | ---- | C] () -- C:\windows\System32\igfxtvcx.dll
[2010/09/18 06:35:32 | 000,016,648 | R--- | C] () -- C:\windows\System32\LogAPI.dll
[2010/09/18 06:33:44 | 000,982,220 | ---- | C] () -- C:\windows\System32\igkrng500.bin
[2010/09/18 06:33:43 | 000,134,592 | ---- | C] () -- C:\windows\System32\igfcg500.bin
[2010/09/18 06:33:43 | 000,092,216 | ---- | C] () -- C:\windows\System32\igfcg500m.bin
[2009/11/06 14:51:42 | 000,439,300 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin
[2009/07/14 05:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/14 05:33:53 | 000,280,856 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009/07/14 03:05:48 | 000,628,904 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2009/07/14 03:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2009/07/14 03:05:48 | 000,110,798 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2009/07/14 03:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2009/07/14 03:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2009/07/14 03:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2009/07/14 00:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:0B4227B4

< End of report >
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP