Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Stealth spyware, rotkit may be hiding in my system.

Started by sebss , Sep 17 2011 03:12 PM

  • This topic is locked This topic is locked

#1
sebss
Posted 17 September 2011 - 03:12 PM

sebss

    New Member

  • Member
  • Pip
  • 8 posts
Hello there, I don't really know if I have an infection. My computer which is not even 6 months old has been giving me a hard time these past two weeks. The computer is slow, freezes temporarily or permanently(I must use the on/off button to restart) , the screen flashes putting my screen on lower resolution. I thought that I did not have the latest drivers so I download them. But the problem was still there. I test the hard drive and memory test in BIOS everything was normal. After that I scanned with many antivirus programs like norton, NOD 32, some online scanners, Dr web CureIt... but there was nothing. So I suspect it must be some kind of stealth spyware program or rootkit. I am really not sure but it may had been put by a friend of mine to spy on me (he used to borrow my laptop) or it's from torrent download; I download torrents on another computer but I save them on a flash drive and put them on this laptop. So if someone could please help me figure out if I have some kind of spyware/rootkit it would be great. The taskbar icons keep rearranging themselves also. Thanks.

OTL logs:


OTL logfile created on: 2011/9/18 5:07:19 - Run 4
OTL by OldTimer - Version 3.2.29.0 Folder = C:\Users\Sebastien\Desktop
Home Basic Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000804 | Country: 中华人民共和国 | Language: CHS | Date Format: yyyy/M/d

1.87 Gb Total Physical Memory | 0.68 Gb Available Physical Memory | 36.71% Memory free
3.73 Gb Paging File | 2.24 Gb Available in Paging File | 60.11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283.51 Gb Total Space | 259.51 Gb Free Space | 91.54% Space Free | Partition Type: NTFS
Drive D: | 14.29 Gb Total Space | 2.04 Gb Free Space | 14.29% Space Free | Partition Type: NTFS
Drive E: | 99.34 Mb Total Space | 89.54 Mb Free Space | 90.14% Space Free | Partition Type: FAT32

Computer Name: SEBASTIEN-PC | User Name: Sebastien | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/18 04:25:56 | 000,583,168 | ---- | M] (OldTimer Tools) -- C:\Users\Sebastien\Desktop\OTL.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/04/17 08:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe
PRC - [2011/02/25 13:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/02/22 13:57:34 | 000,378,128 | ---- | M] (PC Tools) -- C:\Program Files\ThreatFire\TFTray.exe
PRC - [2011/02/22 13:57:30 | 000,070,928 | ---- | M] (PC Tools) -- C:\Program Files\ThreatFire\TFService.exe
PRC - [2011/01/27 00:12:24 | 000,380,928 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011/01/27 00:11:56 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011/01/25 17:40:22 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/01/25 17:38:44 | 000,311,352 | ---- | M] (Hewlett-Packard Development Company L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe
PRC - [2010/11/20 20:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/03/19 04:57:00 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/02/01 17:29:34 | 000,229,458 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_be0aa592be2f1430\stacsv.exe
PRC - [2010/01/18 15:03:12 | 000,017,920 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2009/12/23 17:39:04 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009/12/23 17:39:02 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/12/16 14:51:46 | 000,363,064 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
PRC - [2009/12/16 14:51:46 | 000,102,968 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
PRC - [2009/10/01 12:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/03/03 18:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_be0aa592be2f1430\AEstSrv.exe
PRC - [2008/11/10 04:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/04 04:43:37 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7f94f6b13f92f1e093716d3e15bf86d1\PresentationFramework.Aero.ni.dll
MOD - [2011/09/04 04:43:01 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c60906a715473ceccf93f0559527e84d\PresentationFramework.ni.dll
MOD - [2011/09/04 04:42:43 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\5566b57732d9edea236f54d06149835a\PresentationCore.ni.dll
MOD - [2011/09/04 04:42:28 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\6124dbbfd45927c4a6226d6e6bca6253\WindowsBase.ni.dll
MOD - [2011/09/04 03:59:30 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\ebdaeeb5ef1a6209d67a2f70fcaf5cd5\System.Core.ni.dll
MOD - [2011/09/04 03:57:35 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0d43c5e77ee7b8466700b16d7e7d4bb7\System.Windows.Forms.ni.dll
MOD - [2011/09/04 03:57:02 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\9e87dd8fe5d0f925d80a6a6eaf74fdb9\System.Drawing.ni.dll
MOD - [2011/09/04 03:56:58 | 011,819,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\33b601c8e2cf4993e68d763389246197\System.Web.ni.dll
MOD - [2011/09/04 03:34:05 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\e3e3b399b69c569ab1ed3b0ace2c8c20\System.Runtime.Remoting.ni.dll
MOD - [2011/09/04 03:33:55 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\16d2854bf69d59d94e64a918365705f1\System.Xml.ni.dll
MOD - [2011/09/04 03:33:48 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\36d0ed3f2a65b9d67933ed46dfcd2ccb\System.Configuration.ni.dll
MOD - [2011/09/04 03:33:28 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\3da7c6c1a0f26ae91883fd8b03ec192d\System.ni.dll
MOD - [2011/09/04 03:32:51 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\16b68fcaff063835ae0ee348a1201f2a\mscorlib.ni.dll
MOD - [2011/09/03 20:28:23 | 000,400,440 | ---- | M] () -- C:\Users\Sebastien\AppData\Local\Google\Chrome\Application\13.0.782.220\ppGoogleNaClPluginChrome.dll
MOD - [2011/09/03 20:28:22 | 004,118,072 | ---- | M] () -- C:\Users\Sebastien\AppData\Local\Google\Chrome\Application\13.0.782.220\pdf.dll
MOD - [2011/09/03 20:27:02 | 000,508,984 | ---- | M] () -- C:\Users\Sebastien\AppData\Local\Google\Chrome\Application\13.0.782.220\libglesv2.dll
MOD - [2011/09/03 20:27:00 | 000,107,576 | ---- | M] () -- C:\Users\Sebastien\AppData\Local\Google\Chrome\Application\13.0.782.220\libegl.dll
MOD - [2011/09/03 20:26:51 | 000,104,520 | ---- | M] () -- C:\Users\Sebastien\AppData\Local\Google\Chrome\Application\13.0.782.220\avutil-50.dll
MOD - [2011/09/03 20:26:49 | 000,203,848 | ---- | M] () -- C:\Users\Sebastien\AppData\Local\Google\Chrome\Application\13.0.782.220\avformat-52.dll
MOD - [2011/09/03 20:26:48 | 001,846,344 | ---- | M] () -- C:\Users\Sebastien\AppData\Local\Google\Chrome\Application\13.0.782.220\avcodec-52.dll
MOD - [2011/09/03 18:35:01 | 006,338,720 | ---- | M] () -- C:\Users\Sebastien\AppData\Local\Google\Chrome\Application\13.0.782.220\gcswf32.dll
MOD - [2011/09/03 18:35:01 | 006,338,720 | ---- | M] () -- C:\Users\SEBAST~1\AppData\Local\Google\Chrome\APPLIC~1\130782~1.220\gcswf32.dll
MOD - [2011/08/26 05:07:51 | 000,236,600 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\hpCASLLibrary\3.0.1.1__67b8d1b5179ba5f8\hpCASLLibrary.dll
MOD - [2011/06/16 07:55:10 | 000,925,696 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2011/05/28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2010/11/13 07:56:14 | 000,278,528 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_zh-CHS_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010/03/16 03:00:15 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Core.resources\3.5.0.0_zh-CHS_b77a5c561934e089\System.Core.resources.dll
MOD - [2009/12/16 14:51:48 | 000,052,280 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll
MOD - [2009/12/16 14:51:44 | 000,030,264 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (ZKUTCZYKDHJH)
SRV - File not found [On_Demand | Stopped] -- -- (66E5F876)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/17 08:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe -- (NIS)
SRV - [2011/02/22 13:57:30 | 000,070,928 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\ThreatFire\TFService.exe -- (ThreatFire)
SRV - [2011/01/27 00:11:56 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011/01/25 17:40:22 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/03/19 04:57:00 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2010/02/01 17:29:34 | 000,229,458 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_be0aa592be2f1430\stacsv.exe -- (STacSV)
SRV - [2010/01/18 15:03:12 | 000,017,920 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2009/12/23 17:39:04 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2009/12/16 14:51:46 | 000,102,968 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV - [2009/10/01 12:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2009/07/14 09:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 09:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/03/03 18:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_be0aa592be2f1430\AEstSrv.exe -- (AESTFilters)
SRV - [2008/11/10 04:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - [2011/09/10 01:44:06 | 000,816,760 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110909.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/09/04 02:51:43 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110916.035\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/09/04 02:51:43 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/09/04 02:51:43 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/09/04 02:51:43 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110916.035\NAVENG.SYS -- (NAVENG)
DRV - [2011/09/04 02:13:53 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/09/02 07:52:58 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110917.031\IDSvix86.sys -- (IDSVix86)
DRV - [2011/07/08 17:44:30 | 000,299,640 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NIS\1206000.01D\SYMNETS.SYS -- (SymNetS)
DRV - [2011/05/25 07:40:10 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2011/05/13 18:57:42 | 000,025,656 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2011/05/13 18:57:20 | 000,035,896 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2011/03/31 11:04:12 | 000,035,960 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2011/03/31 11:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\Drivers\NIS\1206000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/31 11:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1206000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/15 10:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NIS\1206000.01D\SYMEFA.SYS -- (SymEFA)
DRV - [2011/02/22 13:57:52 | 000,069,392 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - [2011/02/22 13:57:52 | 000,033,552 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2011/02/22 13:57:50 | 000,051,984 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2011/01/27 14:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\NIS\1206000.01D\SYMDS.SYS -- (SymDS)
DRV - [2011/01/27 13:07:05 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1206000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2011/01/27 00:47:44 | 006,380,544 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011/01/26 23:36:42 | 000,222,208 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010/11/20 18:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/07/28 14:02:46 | 009,023,488 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdpmd32.sys -- (intelkmd)
DRV - [2010/05/06 04:21:42 | 000,108,560 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2010/02/01 17:29:34 | 000,423,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009/10/27 04:39:04 | 000,125,696 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2009/10/05 09:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/09/18 04:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2009/07/14 07:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\serial.sys -- (Serial)
DRV - [2009/07/14 06:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/14 06:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel®


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = zh-CN
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sebastien\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sebastien\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2011/09/04 03:02:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_1_3 [2011/09/17 22:39:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird


========== Chrome - Experimental ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - Extension: Jumpless = C:\Users\Sebastien\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhgepjadamfimjcgoiocemneabhaenai\1.2.1_0\
CHR - Extension: Gun Blood = C:\Users\Sebastien\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifphbghhodpimajnjejgjlfcjmnnkhci\1.0_0\
CHR - Extension: HP Product Detection Plugin = C:\Users\Sebastien\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnhbepgnjnaoahohppnffanmkjkjoglp\1.0.5.1_0\
CHR - Extension: Canvas Rider = C:\Users\Sebastien\AppData\Local\Google\Chrome\User Data\Default\Extensions\poknhlcknimnnbfcombaooklofipaibk\0.7_0\

O1 HOSTS File: ([2011/09/15 08:18:26 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ips\ipsbho.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe (PC Tools)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} https://h50203.www5....DataManager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (GMNRev Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F6E9918-6145-4726-AF61-5A84169A18BB}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - File not found
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - File not found
O29 - HKLM SecurityProviders - (credssp.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 05:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/18 04:25:55 | 000,583,168 | ---- | C] (OldTimer Tools) -- C:\Users\Sebastien\Desktop\OTL.exe
[2011/09/18 00:02:36 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\{FEAAF658-8779-4033-BD33-4DAE840F49BB}
[2011/09/18 00:02:25 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\{1908A6E3-DDA1-4DA5-9789-F486088832DE}
[2011/09/17 12:01:56 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\{BFA525F5-AD89-4D1F-9E5E-4C627DB522DE}
[2011/09/17 12:01:45 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\{B1C584BA-FC20-44E8-B7A6-56251AC6B6F5}
[2011/09/17 00:01:16 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\{53300FEB-75DA-452F-9B84-7C68248C9C97}
[2011/09/17 00:01:05 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\{25A53AD1-5841-4E5A-A54D-FFE52D3F67C2}
[2011/09/16 12:00:37 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\{F8D30EB8-0C33-4286-B3FE-391AFA407E65}
[2011/09/16 12:00:26 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\{3F1F9C72-12B9-4C19-B9DF-889FE4EDBD33}
[2011/09/16 07:53:29 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\Desktop\TCPView
[2011/09/16 03:04:33 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/09/16 03:04:33 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/09/16 02:54:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/16 02:54:42 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/09/16 02:54:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/09/16 02:44:04 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Sebastien\Desktop\TFC.exe
[2011/09/15 23:13:33 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\{C242028D-8EFA-4875-8DC5-C5B55AA8BE72}
[2011/09/15 23:13:21 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\{10DD17E1-3A60-4901-978A-899B38FBF111}
[2011/09/15 11:12:53 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\{4552A674-AE07-49AB-B86F-A19F814C9696}
[2011/09/15 11:12:42 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\{456F0817-CB18-4DD7-84F3-4ED83E0A7A46}
[2011/09/15 08:22:53 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/09/15 08:22:04 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/09/15 08:15:17 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\temp
[2011/09/15 03:54:15 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/09/14 21:22:10 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\{18396A1D-B71A-4263-9629-0ED38C83ADE8}
[2011/09/14 21:21:45 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\{69E52041-A018-4DDD-8963-2809E43F6B7F}
[2011/09/14 21:19:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ThreatFire
[2011/09/14 21:19:41 | 000,069,392 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\TfSysMon.sys
[2011/09/14 21:19:41 | 000,051,984 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\TfFsMon.sys
[2011/09/14 21:19:41 | 000,033,552 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\TfNetMon.sys
[2011/09/14 21:19:40 | 000,000,000 | ---D | C] -- C:\Program Files\ThreatFire
[2011/09/14 21:19:40 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/09/14 09:21:16 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\{EF33378C-463B-4448-A3E0-55777E684E58}
[2011/09/14 09:21:05 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\{9E33AC69-0703-42DB-AE3E-DEC0DD78DA10}
[2011/09/13 21:20:37 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\{333D6113-3783-4F0B-9E71-89E727D23EC0}
[2011/09/13 21:20:26 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\{32056852-FE1B-45B4-A603-097F3B56A673}
[2011/09/13 09:19:57 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\{928F211A-A826-4B0C-A79E-F14E21C1B525}
[2011/09/13 09:19:46 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\{FB6DE173-E208-4F0F-90A3-4B593C6979CC}
[2011/09/12 21:19:18 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\{AB39F3E9-E817-4176-9F6E-585896F1F191}
[2011/09/12 21:19:07 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\{E2AE2E51-0D66-446E-A168-1652A2D9B5B9}
[2011/09/12 09:18:39 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\{F8F3D28B-4A8C-4AF0-AB06-6E1DCE673FA0}
[2011/09/12 09:18:24 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\{3D679A3D-CAC2-4B61-9309-324CD2559C97}
[2011/09/12 08:51:29 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\{7FA974D6-341A-4F45-9FAC-755155E7DA0C}
[2011/09/11 20:51:02 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\{8456A75A-1593-4ABE-8073-244B66FE8244}
[2011/09/11 20:50:51 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\{E4681F8B-9A29-4B24-BC34-5D7914F2492C}
[2011/09/11 08:50:23 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\{12DA5657-44ED-45F5-8E01-BC542551DC02}
[2011/09/11 08:50:11 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\{52F7BEDC-03A1-4C36-8F32-33CE58868433}
[2011/09/10 20:49:43 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\{99BCA24E-B833-4074-955A-3EC8B622DBA6}
[2011/09/10 20:49:28 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\{01A8C2D7-5A16-4A3E-B4AA-0AC9B6385610}
[2011/09/10 08:46:29 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\{B695D22B-8B40-4979-8D59-0B3E69A9CC91}
[2011/09/10 08:46:17 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\{76C1A2E3-8B6D-4D23-937E-1F9640523A7A}
[2011/09/09 20:30:27 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\{8E86B7C1-FF14-4C66-B1BC-41E9DD22007C}
[2011/09/09 20:30:13 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\{67AFCAC8-1A5C-489D-914C-B52A3D4ECD7F}
[2011/09/09 08:28:21 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\{FA4B277E-A1E6-4A17-911A-97ADFD2A839F}
[2011/09/09 08:28:10 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\{E9FD6F33-9B43-478E-AF80-D513BE54ECFA}
[2011/09/08 20:27:27 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\{3715A4AB-B9A5-46F1-BC77-181DC4D0D9D8}
[2011/09/08 20:26:51 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\{64023BF0-2F14-4A0E-932B-1832BBCE0C74}
[2011/09/08 00:01:58 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\{1DD9E600-41F2-464F-816F-3523CC1D48C2}
[2011/09/08 00:01:47 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\{981B40AA-340F-4A18-A9F4-2B13FBB00C5D}
[2011/09/07 12:01:18 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\{29257B9C-4C76-491E-8B45-271E5603C851}
[2011/09/07 12:01:07 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\{14F16633-0975-4BDC-A4F0-D33B3B89FEB1}
[2011/09/07 06:06:57 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roozz
[2011/09/07 06:06:51 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\Roozz
[2011/09/07 06:06:50 | 000,000,000 | ---D | C] -- C:\Program Files\Roozz
[2011/09/07 05:59:07 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Roaming\Tific
[2011/09/07 04:13:27 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Roaming\Malwarebytes
[2011/09/07 04:13:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/09/07 00:00:39 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\{79B4E947-68AC-47E0-919A-BDA1B9CAD6B2}
[2011/09/07 00:00:28 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\{5D0F0664-D301-4CC5-82B9-E7FBF2892BCB}
[2011/09/06 15:00:24 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\CrashDumps
[2011/09/06 12:00:00 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\{70A80F52-7947-4758-8413-E9282FDBE580}
[2011/09/06 11:59:47 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\{F4499B3F-6ED9-471F-A9C6-325616EFEB6A}
[2011/09/06 10:24:44 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\{A3DAC79D-5318-4728-80DB-0CC6CFF62C28}
[2011/09/05 22:24:16 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\{DCF2819F-1074-4B60-98EB-874B3C0D1E33}
[2011/09/05 22:24:05 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\{9312C1DB-015C-4C93-A5A0-06F601CA1D65}
[2011/09/05 20:35:16 | 000,000,000 | ---D | C] -- C:\NBRT
[2011/09/05 10:23:38 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\{ED3B4BCB-C1CC-48E1-BE9E-FFBAD34A00DF}
[2011/09/05 10:23:27 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\{8478F059-F89F-4AA0-9278-C45F4563BD72}
[2011/09/04 22:57:14 | 000,000,000 | ---D | C] -- C:\ProgramData\{E91883C8-8CDC-46A4-A45F-CB40EB82ED60}
[2011/09/04 22:23:00 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\{35BE2D3D-37DC-47E2-9985-98FE57573CDF}
[2011/09/04 22:22:49 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\{31760276-1CCA-42DB-A942-59FCA8C30038}
[2011/09/04 10:22:21 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\{7A82489E-40AF-487D-9E17-FE082F14BB9B}
[2011/09/04 10:22:09 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\{E2B49646-0ACB-4483-9843-E6538CD28D7A}
[2011/09/04 09:22:44 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\NPE
[2011/09/04 09:09:13 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Bootable Recovery Tool Wizard
[2011/09/04 09:09:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NBRTWizard
[2011/09/04 09:09:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NBRTWizard\0305000.017
[2011/09/04 09:09:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Bootable Recovery Tool Wizard
[2011/09/04 09:06:49 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2011/09/04 09:06:30 | 000,399,032 | ---- | C] (Symantec Corporation) -- C:\Users\Sebastien\Desktop\NBRT-Retail-Downloader.exe
[2011/09/04 09:06:06 | 002,562,040 | ---- | C] (Symantec Corporation) -- C:\Users\Sebastien\Desktop\NPE.exe
[2011/09/04 06:52:47 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011/09/04 06:43:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2011/09/04 06:28:45 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Roaming\hpqLog
[2011/09/04 04:32:34 | 000,035,960 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SymIMV.sys
[2011/09/04 02:13:50 | 000,744,568 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1206000.01D\symefa.sys
[2011/09/04 02:13:50 | 000,516,216 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1206000.01D\srtsp.sys
[2011/09/04 02:13:50 | 000,340,088 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1206000.01D\symds.sys
[2011/09/04 02:13:50 | 000,299,640 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1206000.01D\symnets.sys
[2011/09/04 02:13:50 | 000,136,312 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1206000.01D\ironx86.sys
[2011/09/04 02:13:50 | 000,050,168 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1206000.01D\srtspx.sys
[2011/09/04 02:13:30 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS\1206000.01D
[2011/09/04 02:08:18 | 000,126,584 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011/09/04 02:08:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2011/09/04 02:08:18 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011/09/04 02:07:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS
[2011/09/04 02:07:33 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2011/09/04 02:07:33 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2011/09/04 02:07:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011/09/04 02:07:20 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2011/09/04 02:07:20 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2011/09/04 02:02:44 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs
[2011/09/03 22:21:41 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\{17208619-8418-4649-8806-3822F185482B}
[2011/09/03 22:21:30 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\{E34F78BE-FF95-458C-B9F3-6DA201718ACF}
[2011/09/03 21:14:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2011/09/03 21:02:31 | 000,000,000 | ---D | C] -- C:\ProgramData\PrevxCSI
[2011/09/03 14:43:34 | 000,000,000 | R--D | C] -- C:\Sandbox
[2011/09/03 14:42:31 | 000,000,000 | ---D | C] -- C:\Program Files\Sandboxie
[2011/09/03 13:19:46 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\ESET
[2011/09/03 10:21:03 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\{E5214D0A-0B58-4C9C-B436-4EA1624F22D9}
[2011/09/03 10:20:51 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\{E393E633-F358-4B75-A067-78BAB2E669A3}
[2011/09/03 08:52:03 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/09/02 22:20:24 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\{E8D20443-BEF4-4AC4-B505-511D913D5CE7}
[2011/09/02 22:20:02 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\{37E11A5E-9960-4B13-9DF5-2D373F07B45D}
[2011/09/02 20:59:24 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Roaming\Yahoo!
[2011/09/02 10:19:35 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\{20868B98-378E-4C09-8425-1B8078F726D1}
[2011/09/02 10:19:23 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\{2EA11B13-A0FB-47D8-BE4F-AED6A0C9923E}
[2011/09/02 08:40:41 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2011/09/01 22:18:55 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\{BBF2BE0F-0BBE-489E-B8C0-8E2CA0B35E85}
[2011/09/01 22:18:43 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\{766990D1-D5E2-4E88-96CF-1D685C4664BD}
[2011/09/01 10:22:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alarm Clock
[2011/09/01 10:22:53 | 000,000,000 | ---D | C] -- C:\Program Files\Alarm Clock
[2011/09/01 10:18:15 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\{A64D871E-24AA-4CB9-8ADA-BD24DE52699F}
[2011/09/01 10:18:02 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\{B086D322-641F-4258-8194-D206E14C7516}
[2011/09/01 07:22:00 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Roaming\WinRAR
[2011/09/01 07:22:00 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/09/01 07:22:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/09/01 07:21:46 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011/09/01 06:22:44 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
[2011/09/01 06:22:42 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Roaming\PIPI
[2011/08/31 22:17:35 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\{0AD4F6C2-1C38-49DA-9A16-A7ACD9330C35}
[2011/08/31 22:17:23 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\{F78D215C-CFF8-4389-A980-64E271E4CCCB}
[2011/08/31 10:16:56 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\{31246B3D-AF65-4A72-A02D-A9BBD103DBF3}
[2011/08/31 10:16:37 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\{6426C6B1-28D9-4C44-AB81-2BB9370B40BF}
[2011/08/31 01:29:51 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/08/31 01:16:44 | 000,000,000 | ---D | C] -- C:\ProgramData\TamoSoft
[2011/08/30 22:15:53 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\{08E7CF06-9EB1-495B-BDB7-ADCD83C7039C}
[2011/08/30 22:15:30 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\{6E7C5316-EE0D-4DA1-BEC7-09850399753F}
[2011/08/30 21:49:04 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Roaming\Hewlett-Packard
[2011/08/30 21:48:53 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\CyberLink
[2011/08/30 21:48:47 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\PowerCinema
[2011/08/30 21:48:31 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Roaming\CyberLink
[2011/08/30 21:43:42 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\Hewlett-Packard
[2011/08/30 20:56:29 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\{D82B8CCA-0B81-45F5-9EB7-C9BC2DB47506}
[2011/08/30 11:57:59 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\{8E6BA375-57ED-4512-B21B-9F1FAB014E36}
[2011/08/30 06:41:47 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\Diagnostics
[2011/08/30 06:37:33 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\{5D7AF73A-B61B-422D-8884-17A6734812D4}
[2011/08/29 22:17:06 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\Microsoft Games
[2011/08/29 19:45:37 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\{415D2F69-CC14-4053-8448-31B07CD79932}
[2011/08/29 10:27:10 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\{CF00FA7E-E0E7-4893-8B4D-76582DDC9574}
[2011/08/28 20:36:53 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\{685FFF71-4DF1-49BE-B3E6-A04A5546CAAB}
[2011/08/28 20:36:33 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\{A580723D-361E-4EFA-93CC-E0A716BF3A9D}
[2011/08/28 08:36:06 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\{6B9C800E-FC52-449C-A8E5-457E2EB619AE}
[2011/08/28 08:35:55 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\{84D74AD7-F92B-40CC-ADBA-811949C8AED3}
[2011/08/28 08:35:55 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\{70732C26-7475-41B2-9F9A-5BF3D39BA08F}
[2011/08/28 04:33:13 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2011/08/28 04:32:37 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2011/08/27 21:57:40 | 000,101,720 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011/08/27 21:54:10 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2011/08/27 21:54:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2011/08/27 20:35:28 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\{D0F52F19-FD66-4DEF-BB37-1F5C2878ADDB}
[2011/08/27 20:35:17 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\{36C0B97F-A50F-4E50-B9A4-CB6946262559}
[2011/08/27 08:34:42 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\{BCC5AEBB-429B-4017-9867-74879DDD0176}
[2011/08/27 08:33:56 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\{D5540C9F-0FDD-4183-A9EE-8FED8AE1A374}
[2011/08/26 22:50:57 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Roaming\CheckPoint
[2011/08/26 22:50:42 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\Conduit
[2011/08/26 22:50:06 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2011/08/26 22:48:16 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2011/08/26 20:42:39 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2011/08/26 20:40:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Recovery
[2011/08/26 19:56:51 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\{8B4F4B1D-07E0-4187-A723-802985C8C4A2}
[2011/08/26 19:56:39 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\{8DACAA82-E58E-4691-AD01-96DC5732E357}
[2011/08/26 19:17:59 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\Desktop\Hale Dowskin - The Sedona Method
[2011/08/26 12:19:48 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\DoctorWeb
[2011/08/26 10:02:21 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Roaming\Skype
[2011/08/26 10:02:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/08/26 10:02:07 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2011/08/26 10:02:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2011/08/26 09:38:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2011/08/26 09:37:31 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011/08/26 08:28:19 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Roaming\Windows Live Writer
[2011/08/26 08:28:19 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\Windows Live Writer
[2011/08/26 08:15:47 | 000,093,696 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\System32\fms.dll
[2011/08/26 07:55:50 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\{89C2A409-3835-4A73-ACA9-4C89CB68CB5C}
[2011/08/26 07:55:38 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\{751828B4-7EA6-42E7-A5AB-9D311F3821DB}
[2011/08/26 07:55:24 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\Tracing
[2011/08/26 06:31:20 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2011/08/26 06:22:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/08/26 06:20:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/08/26 06:20:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2011/08/26 06:20:25 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/08/26 06:20:23 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\Adobe
[2011/08/26 06:18:05 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome 浏览器
[2011/08/26 06:17:38 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\Google
[2011/08/26 06:16:52 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\Deployment
[2011/08/26 06:16:52 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\Apps
[2011/08/26 06:12:02 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2011/08/26 06:11:52 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2011/08/26 06:11:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/08/26 06:09:06 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\Windows Live
[2011/08/26 06:09:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2011/08/26 06:07:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
[2011/08/26 06:07:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2011/08/26 06:06:29 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2011/08/26 05:59:53 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/08/26 05:59:53 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/08/26 05:58:00 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Roaming\Macromedia
[2011/08/26 05:57:34 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Roaming\Adobe
[2011/08/26 05:56:24 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Roaming\ATI
[2011/08/26 05:56:24 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\ATI
[2011/08/26 05:55:25 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Roaming\Intel Corporation
[2011/08/26 05:55:19 | 000,000,000 | R--D | C] -- C:\Users\Sebastien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/08/26 05:55:19 | 000,000,000 | R--D | C] -- C:\Users\Sebastien\Searches
[2011/08/26 05:55:19 | 000,000,000 | R--D | C] -- C:\Users\Sebastien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/08/26 05:55:19 | 000,000,000 | -H-D | C] -- C:\Users\Sebastien\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2011/08/26 05:55:13 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Roaming\Identities
[2011/08/26 05:55:11 | 000,000,000 | R--D | C] -- C:\Users\Sebastien\Contacts
[2011/08/26 05:54:13 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\VirtualStore
[2011/08/26 05:54:12 | 000,000,000 | --SD | C] -- C:\Users\Sebastien\AppData\Roaming\Microsoft
[2011/08/26 05:54:12 | 000,000,000 | R--D | C] -- C:\Users\Sebastien\Videos
[2011/08/26 05:54:12 | 000,000,000 | R--D | C] -- C:\Users\Sebastien\Saved Games
[2011/08/26 05:54:12 | 000,000,000 | R--D | C] -- C:\Users\Sebastien\Pictures
[2011/08/26 05:54:12 | 000,000,000 | R--D | C] -- C:\Users\Sebastien\Music
[2011/08/26 05:54:12 | 000,000,000 | R--D | C] -- C:\Users\Sebastien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/08/26 05:54:12 | 000,000,000 | R--D | C] -- C:\Users\Sebastien\Links
[2011/08/26 05:54:12 | 000,000,000 | R--D | C] -- C:\Users\Sebastien\Favorites
[2011/08/26 05:54:12 | 000,000,000 | R--D | C] -- C:\Users\Sebastien\Downloads
[2011/08/26 05:54:12 | 000,000,000 | R--D | C] -- C:\Users\Sebastien\Documents
[2011/08/26 05:54:12 | 000,000,000 | R--D | C] -- C:\Users\Sebastien\Desktop
[2011/08/26 05:54:12 | 000,000,000 | R--D | C] -- C:\Users\Sebastien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/08/26 05:54:12 | 000,000,000 | -HSD | C] -- C:\Users\Sebastien\AppData\Local\Temporary Internet Files
[2011/08/26 05:54:12 | 000,000,000 | -HSD | C] -- C:\Users\Sebastien\Templates
[2011/08/26 05:54:12 | 000,000,000 | -HSD | C] -- C:\Users\Sebastien\SendTo
[2011/08/26 05:54:12 | 000,000,000 | -HSD | C] -- C:\Users\Sebastien\Recent
[2011/08/26 05:54:12 | 000,000,000 | -HSD | C] -- C:\Users\Sebastien\PrintHood
[2011/08/26 05:54:12 | 000,000,000 | -HSD | C] -- C:\Users\Sebastien\NetHood
[2011/08/26 05:54:12 | 000,000,000 | -HSD | C] -- C:\Users\Sebastien\Documents\My Videos
[2011/08/26 05:54:12 | 000,000,000 | -HSD | C] -- C:\Users\Sebastien\Documents\My Pictures
[2011/08/26 05:54:12 | 000,000,000 | -HSD | C] -- C:\Users\Sebastien\Documents\My Music
[2011/08/26 05:54:12 | 000,000,000 | -HSD | C] -- C:\Users\Sebastien\My Documents
[2011/08/26 05:54:12 | 000,000,000 | -HSD | C] -- C:\Users\Sebastien\Local Settings
[2011/08/26 05:54:12 | 000,000,000 | -HSD | C] -- C:\Users\Sebastien\AppData\Local\History
[2011/08/26 05:54:12 | 000,000,000 | -HSD | C] -- C:\Users\Sebastien\Cookies
[2011/08/26 05:54:12 | 000,000,000 | -HSD | C] -- C:\Users\Sebastien\Application Data
[2011/08/26 05:54:12 | 000,000,000 | -HSD | C] -- C:\Users\Sebastien\AppData\Local\Application Data
[2011/08/26 05:54:12 | 000,000,000 | -HSD | C] -- C:\Users\Sebastien\「开始」菜单
[2011/08/26 05:54:12 | 000,000,000 | -H-D | C] -- C:\Users\Sebastien\AppData
[2011/08/26 05:54:12 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Local\Microsoft
[2011/08/26 05:54:04 | 000,000,000 | -HSD | C] -- C:\ProgramData\桌面
[2011/08/26 05:54:04 | 000,000,000 | -HSD | C] -- C:\ProgramData\收藏夹
[2011/08/26 05:54:04 | 000,000,000 | -HSD | C] -- C:\ProgramData\「开始」菜单
[2011/08/26 05:24:59 | 000,000,000 | ---D | C] -- C:\ProgramData\{657095DF-DBDB-4B17-8245-B38845C97069}
[2011/08/26 05:24:19 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recovery Manager
[2011/08/26 05:23:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/08/26 05:20:00 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2011/08/26 05:16:29 | 000,000,000 | ---D | C] -- C:\Program Files\Cyberlink
[2011/08/26 05:08:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[2011/08/26 05:08:24 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2011/08/26 05:08:09 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling
[2011/08/26 05:08:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LightScribe
[2011/08/26 05:07:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2011/08/26 05:06:52 | 000,000,000 | ---D | C] -- C:\Windows\System32\Lang
[2011/08/26 05:04:44 | 012,464,220 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\idtcpl.cpl
[2011/08/26 05:04:44 | 003,350,528 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stlang.dll
[2011/08/26 05:04:44 | 000,536,576 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\idtmini1.exe
[2011/08/26 05:04:44 | 000,495,708 | ---- | C] (IDT, Inc.) -- C:\Windows\sttray.exe
[2011/08/26 05:04:43 | 000,000,000 | ---D | C] -- C:\Windows\System32\SRSLabs
[2011/08/26 05:04:03 | 000,175,616 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\staco.dll
[2011/08/26 05:03:29 | 000,945,664 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stapo.dll
[2011/08/26 05:03:29 | 000,527,360 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stapi32.dll
[2011/08/26 05:03:29 | 000,423,424 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\drivers\stwrt.sys
[2011/08/26 05:03:29 | 000,405,504 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stcplx.dll
[2011/08/26 05:03:25 | 000,000,000 | ---D | C] -- C:\Program Files\IDT
[2011/08/26 05:03:01 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\System32\CSVer.dll
[2011/08/26 05:02:48 | 000,000,000 | ---D | C] -- C:\ProgramData\AmUStor
[2011/08/26 05:02:48 | 000,000,000 | ---D | C] -- C:\Program Files\AmIcoSingLun
[2011/08/26 05:02:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\postureAgent
[2011/08/26 05:02:00 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
[2011/08/26 05:01:51 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2011/08/26 05:01:48 | 000,000,000 | ---D | C] -- C:\Intel
[2011/08/26 05:01:14 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2011/08/26 05:01:08 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2011/08/26 04:59:19 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2011/08/26 04:59:18 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2011/08/26 04:58:47 | 000,000,000 | ---D | C] -- C:\Windows\Hewlett-Packard
[2011/08/26 04:57:57 | 001,221,632 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\drivers\athr.sys
[2011/08/26 04:57:54 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2011/08/26 04:57:54 | 000,000,000 | ---D | C] -- C:\Program Files\Atheros
[2011/08/26 04:57:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Atheros
[2011/08/26 04:57:39 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2011/08/26 04:57:37 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2011/08/26 04:57:24 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2011/08/26 04:56:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
[2011/08/26 04:52:08 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2010/07/28 13:20:54 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll

========== Files - Modified Within 30 Days ==========

[2011/09/18 04:48:01 | 000,000,578 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3774822024-294525419-2627115759-1000UA.job
[2011/09/18 04:25:56 | 000,583,168 | ---- | M] (OldTimer Tools) -- C:\Users\Sebastien\Desktop\OTL.exe
[2011/09/17 22:46:52 | 000,021,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/17 22:46:52 | 000,021,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/17 22:39:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/17 22:39:22 | 1501,974,528 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/17 21:48:01 | 000,000,526 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3774822024-294525419-2627115759-1000Core.job
[2011/09/16 07:40:46 | 000,139,264 | ---- | M] () -- C:\Users\Sebastien\Desktop\RKUnhookerLE.EXE
[2011/09/16 03:04:33 | 000,002,983 | ---- | M] () -- C:\Users\Sebastien\Desktop\HiJackThis.lnk
[2011/09/16 02:54:56 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/16 02:44:05 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Sebastien\Desktop\TFC.exe
[2011/09/15 08:18:26 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/09/15 04:31:19 | 001,386,506 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1206000.01D\Cat.DB
[2011/09/14 21:19:43 | 000,000,928 | ---- | M] () -- C:\Users\Sebastien\Application Data\Microsoft\Internet Explorer\Quick Launch\ThreatFire.lnk
[2011/09/14 21:19:43 | 000,000,904 | ---- | M] () -- C:\Users\Public\Desktop\ThreatFire.lnk
[2011/09/14 09:03:16 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2011/09/14 09:03:16 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2011/09/13 07:02:52 | 000,002,464 | ---- | M] () -- C:\{C12DFF20-BA96-4A98-9722-2B7B9AABEB03}
[2011/09/07 20:32:19 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForSebastien.job
[2011/09/07 05:58:09 | 000,000,600 | ---- | M] () -- C:\Users\Sebastien\PUTTY.RND
[2011/09/06 14:37:59 | 000,246,156 | ---- | M] () -- C:\Users\Sebastien\Desktop\new picture.png
[2011/09/04 22:59:43 | 000,002,137 | ---- | M] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2011/09/04 09:21:31 | 000,001,301 | ---- | M] () -- C:\Users\Sebastien\Desktop\Norton Installation Files.lnk
[2011/09/04 09:09:39 | 000,001,491 | ---- | M] () -- C:\Users\Public\Desktop\Norton Bootable Recovery Tool Wizard.LNK
[2011/09/04 09:06:30 | 000,399,032 | ---- | M] (Symantec Corporation) -- C:\Users\Sebastien\Desktop\NBRT-Retail-Downloader.exe
[2011/09/04 09:06:06 | 002,562,040 | ---- | M] (Symantec Corporation) -- C:\Users\Sebastien\Desktop\NPE.exe
[2011/09/04 02:27:51 | 000,002,379 | ---- | M] () -- C:\Users\Sebastien\Desktop\Google Chrome 浏览器.lnk
[2011/09/04 02:17:43 | 000,001,850 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2011/09/04 02:17:11 | 000,002,423 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2011/09/04 02:13:53 | 000,126,584 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011/09/04 02:13:53 | 000,007,468 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011/09/04 02:13:53 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011/09/03 22:47:45 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/09/03 22:47:45 | 000,361,768 | ---- | M] () -- C:\Windows\System32\prfh0804.dat
[2011/09/03 22:47:45 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/09/03 22:47:45 | 000,104,248 | ---- | M] () -- C:\Windows\System32\prfc0804.dat
[2011/09/02 10:36:51 | 000,887,019 | ---- | M] () -- C:\Users\Sebastien\Documents\drweb-livecd-600-en.pdf
[2011/09/02 08:32:17 | 000,000,069 | ---- | M] () -- C:\Windows\wininit.ini
[2011/09/01 10:22:53 | 000,000,943 | ---- | M] () -- C:\Users\Sebastien\Desktop\Alarm Clock.lnk
[2011/09/01 06:26:06 | 000,000,000 | ---- | M] () -- C:\Windows\System32\multbp.cfg
[2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/08/31 03:46:46 | 000,000,000 | ---- | M] () -- C:\Windows\System32\cd.dat
[2011/08/31 03:46:22 | 280,440,347 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/08/28 06:01:37 | 000,003,849 | ---- | M] () -- C:\Users\Sebastien\Documents\HP-help.rtf
[2011/08/27 21:57:40 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011/08/26 11:06:15 | 000,265,576 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/08/26 10:37:34 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011/08/26 10:02:13 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/08/26 07:23:35 | 000,001,407 | ---- | M] () -- C:\Users\Sebastien\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/08/26 06:27:15 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011/08/26 06:22:23 | 000,001,989 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/08/26 06:12:35 | 000,002,432 | ---- | M] () -- C:\Users\Sebastien\Desktop\Windows Live Messenger.lnk
[2011/08/26 06:07:25 | 000,001,131 | ---- | M] () -- C:\Users\Sebastien\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/08/26 06:07:25 | 000,001,107 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2011/08/26 06:00:12 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/08/26 05:52:42 | 000,083,377 | ---- | M] () -- C:\Windows\System32\license.rtf
[2011/08/26 05:07:51 | 000,000,162 | ---- | M] () -- C:\Windows\System32\HPWA.ini
[2011/08/26 05:07:23 | 000,000,310 | ---- | M] () -- C:\Windows\System32\RStoneLog2.ini
[2011/08/26 05:07:18 | 000,000,251 | ---- | M] () -- C:\Windows\System32\RStoneLog.ini
[2011/08/26 05:06:32 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2011/08/26 05:01:18 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf
[2011/08/26 04:57:40 | 000,000,000 | RHS- | M] () -- C:\Windows\System32\drivers\103C_HP_cNB_Pavilion dv3 Notebook PC_Y5335KV_0U_QCNU0280GNF_E593255-AA3_4A_I1433_SHP_V58.1C_F.08_T100516_WU2-0_L804_M1910_J320_7Intel_8652_92.27_#110826_N10EC8168;168C002B_(XG158PA#AB2)_XMOBILE_CN10_Z.MRK

========== Files Created - No Company Name ==========

[2011/09/16 07:40:45 | 000,139,264 | ---- | C] () -- C:\Users\Sebastien\Desktop\RKUnhookerLE.EXE
[2011/09/16 03:04:33 | 000,002,983 | ---- | C] () -- C:\Users\Sebastien\Desktop\HiJackThis.lnk
[2011/09/16 02:54:56 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/14 21:19:43 | 000,000,928 | ---- | C] () -- C:\Users\Sebastien\Application Data\Microsoft\Internet Explorer\Quick Launch\ThreatFire.lnk
[2011/09/14 21:19:43 | 000,000,904 | ---- | C] () -- C:\Users\Public\Desktop\ThreatFire.lnk
[2011/09/13 07:02:44 | 000,002,464 | ---- | C] () -- C:\{C12DFF20-BA96-4A98-9722-2B7B9AABEB03}
[2011/09/07 12:41:51 | 000,000,336 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForSebastien.job
[2011/09/07 05:56:32 | 000,000,600 | ---- | C] () -- C:\Users\Sebastien\PUTTY.RND
[2011/09/06 14:37:58 | 000,246,156 | ---- | C] () -- C:\Users\Sebastien\Desktop\new picture.png
[2011/09/04 22:59:43 | 000,002,137 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2011/09/04 09:09:39 | 000,001,491 | ---- | C] () -- C:\Users\Public\Desktop\Norton Bootable Recovery Tool Wizard.LNK
[2011/09/04 09:09:13 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NBRTWizard\0305000.017\isolate.ini
[2011/09/04 09:06:49 | 000,001,301 | ---- | C] () -- C:\Users\Sebastien\Desktop\Norton Installation Files.lnk
[2011/09/04 02:16:10 | 001,386,506 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\Cat.DB
[2011/09/04 02:13:50 | 000,007,528 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\iron.cat
[2011/09/04 02:13:50 | 000,007,458 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\symnet.cat
[2011/09/04 02:13:50 | 000,007,456 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\symefa.cat
[2011/09/04 02:13:50 | 000,007,454 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\srtspx.cat
[2011/09/04 02:13:50 | 000,007,450 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\srtsp.cat
[2011/09/04 02:13:50 | 000,003,373 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\symefa.inf
[2011/09/04 02:13:50 | 000,002,792 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\symds.inf
[2011/09/04 02:13:50 | 000,001,446 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\symnet.inf
[2011/09/04 02:13:50 | 000,001,389 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\srtspx.inf
[2011/09/04 02:13:50 | 000,001,383 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\srtsp.inf
[2011/09/04 02:13:50 | 000,000,742 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\iron.inf
[2011/09/04 02:13:32 | 000,000,000 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\symds.cat
[2011/09/04 02:13:30 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\isolate.ini
[2011/09/04 02:08:18 | 000,007,468 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011/09/04 02:08:18 | 000,000,806 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011/09/04 02:08:16 | 000,002,423 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2011/09/03 14:42:49 | 000,001,850 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2011/09/02 10:36:51 | 000,887,019 | ---- | C] () -- C:\Users\Sebastien\Documents\drweb-livecd-600-en.pdf
[2011/09/02 08:32:17 | 000,000,069 | ---- | C] () -- C:\Windows\wininit.ini
[2011/09/01 10:22:53 | 000,000,943 | ---- | C] () -- C:\Users\Sebastien\Desktop\Alarm Clock.lnk
[2011/09/01 06:26:06 | 000,000,000 | ---- | C] () -- C:\Windows\System32\multbp.cfg
[2011/08/31 03:46:46 | 000,000,000 | ---- | C] () -- C:\Windows\System32\cd.dat
[2011/08/31 01:29:30 | 280,440,347 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/08/30 22:14:55 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/08/30 22:14:55 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011/08/28 06:01:37 | 000,003,849 | ---- | C] () -- C:\Users\Sebastien\Documents\HP-help.rtf
[2011/08/26 20:45:19 | 000,048,223 | ---- | C] () -- C:\Windows\HomeBasic.xml
[2011/08/26 10:37:34 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011/08/26 10:02:13 | 000,002,503 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/08/26 08:16:43 | 000,146,852 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2011/08/26 08:15:29 | 000,010,429 | ---- | C] () -- C:\Windows\System32\ScavengeSpace.xml
[2011/08/26 08:15:20 | 000,105,559 | ---- | C] () -- C:\Windows\System32\RacRules.xml
[2011/08/26 06:27:15 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/08/26 06:22:23 | 000,001,989 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/08/26 06:22:22 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/08/26 06:18:07 | 000,002,379 | ---- | C] () -- C:\Users\Sebastien\Desktop\Google Chrome 浏览器.lnk
[2011/08/26 06:17:39 | 000,000,578 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3774822024-294525419-2627115759-1000UA.job
[2011/08/26 06:17:38 | 000,000,526 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3774822024-294525419-2627115759-1000Core.job
[2011/08/26 06:13:06 | 000,001,404 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2011/08/26 06:12:35 | 000,002,432 | ---- | C] () -- C:\Users\Sebastien\Desktop\Windows Live Messenger.lnk
[2011/08/26 06:07:25 | 000,001,131 | ---- | C] () -- C:\Users\Sebastien\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/08/26 06:07:25 | 000,001,107 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2011/08/26 05:57:22 | 000,001,407 | ---- | C] () -- C:\Users\Sebastien\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/08/26 05:55:21 | 000,001,413 | ---- | C] () -- C:\Users\Sebastien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/08/26 05:54:12 | 000,000,290 | ---- | C] () -- C:\Users\Sebastien\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/08/26 05:54:12 | 000,000,272 | ---- | C] () -- C:\Users\Sebastien\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/08/26 05:07:51 | 000,000,162 | ---- | C] () -- C:\Windows\System32\HPWA.ini
[2011/08/26 05:06:52 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2011/08/26 05:06:52 | 000,121,232 | ---- | C] () -- C:\Windows\System32\IScrNB.bmp
[2011/08/26 05:06:32 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/08/26 05:01:18 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf
[2011/08/26 05:01:11 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011/08/26 04:59:56 | 000,001,035 | ---- | C] () -- C:\Windows\System32\atipblup.dat
[2011/08/26 04:57:09 | 000,000,310 | ---- | C] () -- C:\Windows\System32\RStoneLog2.ini
[2011/08/26 04:57:09 | 000,000,251 | ---- | C] () -- C:\Windows\System32\RStoneLog.ini
[2011/08/26 04:56:49 | 000,000,000 | RHS- | C] () -- C:\Windows\System32\drivers\103C_HP_cNB_Pavilion dv3 Notebook PC_Y5335KV_0U_QCNU0280GNF_E593255-AA3_4A_I1433_SHP_V58.1C_F.08_T100516_WU2-0_L804_M1910_J320_7Intel_8652_92.27_#110826_N10EC8168;168C002B_(XG158PA#AB2)_XMOBILE_CN10_Z.MRK
[2011/08/26 04:52:02 | 1501,974,528 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/28 14:01:12 | 000,127,868 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin
[2010/07/28 14:01:10 | 000,104,796 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin
[2010/07/28 14:01:08 | 000,870,560 | ---- | C] () -- C:\Windows\System32\igkrng575.bin
[2010/06/16 09:22:58 | 000,219,348 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2010/06/15 18:28:54 | 000,002,857 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2010/03/16 03:00:55 | 000,361,768 | ---- | C] () -- C:\Windows\System32\prfh0804.dat
[2010/03/16 03:00:55 | 000,111,310 | ---- | C] () -- C:\Windows\System32\prfi0804.dat
[2010/03/16 03:00:55 | 000,104,248 | ---- | C] () -- C:\Windows\System32\prfc0804.dat
[2010/03/16 03:00:55 | 000,031,548 | ---- | C] () -- C:\Windows\System32\prfd0804.dat
[2010/01/23 00:08:26 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/01/23 00:08:26 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010/01/23 00:08:22 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2009/07/14 12:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 12:33:53 | 000,265,576 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 10:05:48 | 000,616,008 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 10:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 10:05:48 | 000,106,388 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 10:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 10:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 10:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 07:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 07:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 07:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/14 06:09:19 | 001,498,564 | ---- | C] () -- C:\Windows\System32\igkrng400.bin
[2009/06/11 05:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2008/01/14 17:47:06 | 000,099,712 | ---- | C] () -- C:\Windows\HPBroker.dll
[2005/08/26 15:28:34 | 000,143,360 | ---- | C] () -- C:\Windows\unzip.exe
[2005/08/26 15:28:20 | 000,024,576 | ---- | C] () -- C:\Windows\shortcut.exe
[2005/08/26 15:27:58 | 000,045,056 | ---- | C] () -- C:\Windows\devenum.exe

========== LOP Check ==========

[2011/08/26 22:50:57 | 000,000,000 | ---D | M] -- C:\Users\Sebastien\AppData\Roaming\CheckPoint
[2011/09/01 06:26:03 | 000,000,000 | ---D | M] -- C:\Users\Sebastien\AppData\Roaming\PIPI
[2011/09/07 05:59:07 | 000,000,000 | ---D | M] -- C:\Users\Sebastien\AppData\Roaming\Tific
[2011/08/26 08:28:19 | 000,000,000 | ---D | M] -- C:\Users\Sebastien\AppData\Roaming\Windows Live Writer
[2009/07/14 12:53:46 | 000,024,200 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

Edited by sebss, 18 September 2011 - 11:31 AM.

  • 0

Advertisements

#2
sebss
Posted 21 September 2011 - 07:22 PM

sebss

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hello, but if no one can help me, tell me. It has been 4 days. I opened a new thread in the waiting room and I still haven't receive a reply. I know it's a busy forum but 4 days is a lot. Can someone give me a sign so I can search help somewhere else. Thank You
  • 0

#3
maliprog
Posted 23 September 2011 - 12:40 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello sebss and welcome to G2G! :)

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within 3 days or your topic will be closed
Sorry for delay... Let's see is there malware hidding from us.

Step 1

You have more than one antivirus programs on your PC.

Symantec and PC Tools

Please leave only one antivirus protection on your system and remove all other.

Anti-Virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

Step 2

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    SRV - File not found [On_Demand | Stopped] -- -- (ZKUTCZYKDHJH)
    SRV - File not found [On_Demand | Stopped] -- -- (66E5F876)

    :Reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "Shell"="C:\\Windows\\explorer.exe"

    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 3

Download GMER from Here. Note the file's name and save it to your root folder, such as C:.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "No", save the log and post back the results.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Step 4

Please don't forget to include these items in your reply:

  • OTL fix log
  • GMER log
It would be helpful if you could post each log in separate post
  • 0

#4
sebss
Posted 24 September 2011 - 09:33 AM

sebss

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hello and thank you for helping me! I am sorry for the late reply. Here's are the OTL and GMER logs:


OTL logs:


All processes killed
========== OTL ==========
Error: No service named ZKUTCZYKDHJH was found to stop!
Service\Driver key ZKUTCZYKDHJH not found.
Error: No service named 66E5F876 was found to stop!
Service\Driver key 66E5F876 not found.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\"Shell"|"C:\\Windows\\explorer.exe" /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Sebastien
->Temp folder emptied: 28057940 bytes
->Temporary Internet Files folder emptied: 5931077 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 229261253 bytes
->Flash cache emptied: 11970 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1216 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 251.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: Sebastien
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.29.1 log created on 09242011_224244

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...



GMER logs:


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-09-24 23:29:25
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.PC3O
Running: hbb1g4zv.exe; Driver: C:\Users\SEBAST~1\AppData\Local\Temp\kglyauoc.sys


---- System - GMER 1.0.15 ----

SSDT 89842680 ZwAlertResumeThread
SSDT 89842760 ZwAlertThread
SSDT 898410D8 ZwAllocateVirtualMemory
SSDT 897D5F38 ZwAlpcConnectPort
SSDT 89843998 ZwAssignProcessToJobObject
SSDT 89843008 ZwCreateMutant
SSDT 898436B8 ZwCreateSymbolicLinkObject
SSDT 898415E0 ZwCreateThread
SSDT 898437A8 ZwCreateThreadEx
SSDT 89843A78 ZwDebugActiveProcess
SSDT 898412A8 ZwDuplicateObject
SSDT 89842E90 ZwFreeVirtualMemory
SSDT 898424C0 ZwImpersonateAnonymousToken
SSDT 898425A0 ZwImpersonateThread
SSDT 894E0C88 ZwLoadDriver
SSDT 89842D90 ZwMapViewOfSection
SSDT 89843E60 ZwOpenEvent
SSDT 89841488 ZwOpenProcess
SSDT 898411C8 ZwOpenProcessToken
SSDT 89843CA0 ZwOpenSection
SSDT 89841398 ZwOpenThread
SSDT 898438A8 ZwProtectVirtualMemory
SSDT 89842840 ZwResumeThread
SSDT 89842AE0 ZwSetContextThread
SSDT 89842BC0 ZwSetInformationProcess
SSDT 89843B58 ZwSetSystemInformation
SSDT 89843D80 ZwSuspendProcess
SSDT 89842920 ZwSuspendThread
SSDT 898416E0 ZwTerminateProcess
SSDT 89842A00 ZwTerminateThread
SSDT 89842CB0 ZwUnmapViewOfSection
SSDT 89842F80 ZwWriteVirtualMemory

INT 0x61 ? 9C04D058
INT 0x62 ? 9C04D7D8
INT 0x82 ? 9C04D558
INT 0xA0 ? 9C04DCD8
INT 0xA1 ? 9C04D2D8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKey + 13D1 84046349 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 8407FD52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10DB 84086D90 8 Bytes [80, 26, 84, 89, 60, 27, 84, ...]
.text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 84086DA8 4 Bytes [D8, 10, 84, 89]
.text ntkrnlpa.exe!KeRemoveQueueEx + 10FF 84086DB4 4 Bytes [38, 5F, 7D, 89]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1153 84086E08 4 Bytes [98, 39, 84, 89]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11CF 84086E84 4 Bytes [08, 30, 84, 89]
.text ...
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x9481A000, 0x341EAE, 0xE8000020]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[540] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [7592FFF6] C:\Windows\system32\apphelp.dll (应用程序兼容性客户端库/Microsoft Corporation)
IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[540] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [7592FFF6] C:\Windows\system32\apphelp.dll (应用程序兼容性客户端库/Microsoft Corporation)
IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[540] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [7592FFF6] C:\Windows\system32\apphelp.dll (应用程序兼容性客户端库/Microsoft Corporation)
IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[540] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [7592FFF6] C:\Windows\system32\apphelp.dll (应用程序兼容性客户端库/Microsoft Corporation)
IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[540] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [7592FFF6] C:\Windows\system32\apphelp.dll (应用程序兼容性客户端库/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (内核模式驱动程序框架运行时/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (内核模式驱动程序框架运行时/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\00000052 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft 文件系统筛选器管理器/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
  • 0

#5
maliprog
Posted 25 September 2011 - 11:55 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi sebss,

Step 1

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Step 2

Download Virus Removal Tool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow Virus Removal Tool to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post

Step 3

Please don't forget to include these items in your reply:

  • Combofix log
  • Virus Removal Tool log
It would be helpful if you could post each log in separate post
  • 0

#6
sebss
Posted 26 September 2011 - 03:20 AM

sebss

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hello, here's the ComboFix log:


ComboFix 11-09-26.01 - Sebastien 1/09/26 周一 14:59:55.1.4 - x86
Microsoft Windows 7 家庭普通版 6.1.7601.1.936.86.2052.18.1910.1147 [GMT 8:00]
执行位置: c:\users\Sebastien\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* 成功创造新还原点
.
.
((((((((((((((((((((((((( 2011-08-26 至 2011-09-26 的新的档案 )))))))))))))))))))))))))))))))
.
.
2011-09-26 07:04 . 2011-09-26 07:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-23 23:34 . 2011-09-23 23:34 -------- d-----w- c:\users\Sebastien\AppData\Roaming\WinPatrol
2011-09-23 23:34 . 2011-09-23 23:39 -------- d-----w- c:\programdata\InstallMate
2011-09-23 23:34 . 2011-09-23 23:34 -------- d-----w- c:\program files\BillP Studios
2011-09-23 00:01 . 2011-09-23 00:01 -------- d-----w- C:\_OTL
2011-09-22 14:30 . 2011-09-22 14:30 2420346 ----a-w- C:\MGtools.exe
2011-09-22 13:23 . 2011-09-22 13:23 -------- d-----w- c:\program files\Common Files\Java
2011-09-22 13:23 . 2011-09-22 13:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-22 13:22 . 2011-09-22 13:22 -------- d-----w- c:\program files\Java
2011-09-15 19:04 . 2011-09-15 19:04 -------- d-----w- c:\program files\Trend Micro
2011-09-15 00:15 . 2011-09-26 07:04 -------- d-----w- c:\users\Sebastien\AppData\Local\temp
2011-09-06 22:06 . 2011-09-06 22:07 -------- d-----w- c:\users\Sebastien\AppData\Local\Roozz
2011-09-06 22:06 . 2011-09-14 12:51 -------- d-----w- c:\program files\Roozz
2011-09-06 21:59 . 2011-09-06 21:59 -------- d-----w- c:\users\Sebastien\AppData\Roaming\Tific
2011-09-06 20:13 . 2011-09-06 20:13 -------- d-----w- c:\users\Sebastien\AppData\Roaming\Malwarebytes
2011-09-06 20:13 . 2011-09-06 20:13 -------- d-----w- c:\programdata\Malwarebytes
2011-09-06 07:00 . 2011-09-23 18:27 -------- d-----w- c:\users\Sebastien\AppData\Local\CrashDumps
2011-09-05 12:35 . 2011-09-05 12:35 -------- d-----w- C:\NBRT
2011-09-03 18:07 . 2011-09-03 18:07 -------- d-----w- c:\program files\Norton Internet Security
2011-09-03 18:07 . 2011-09-04 01:08 -------- d-----w- c:\program files\NortonInstaller
2011-09-03 18:02 . 2011-09-03 18:02 -------- d-----w- c:\windows\Internet Logs
2011-09-03 13:14 . 2011-09-03 13:14 -------- d-----w- c:\program files\Microsoft.NET
2011-09-03 13:02 . 2011-09-03 13:02 -------- d-----w- c:\programdata\PrevxCSI
2011-09-03 06:43 . 2011-09-03 06:43 -------- d-----r- C:\Sandbox
2011-09-03 06:42 . 2011-09-03 18:18 -------- d-----w- c:\program files\Sandboxie
2011-09-03 05:19 . 2011-09-03 05:19 -------- d-----w- c:\users\Sebastien\AppData\Local\ESET
2011-09-03 00:52 . 2011-09-23 23:23 -------- d-----w- c:\program files\ESET
2011-09-02 12:59 . 2011-09-02 12:59 -------- d-----w- c:\users\Sebastien\AppData\Roaming\Yahoo!
2011-09-02 12:42 . 2011-08-16 00:48 7152464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BEA86E0D-4870-482A-83D7-E213FABB121A}\mpengine.dll
2011-09-02 00:40 . 2011-09-14 12:52 -------- d-----w- c:\program files\Sophos
2011-09-01 02:22 . 2011-09-01 02:22 -------- d-----w- c:\program files\Alarm Clock
2011-08-31 22:22 . 2011-08-31 22:26 -------- d-----w- c:\users\Sebastien\AppData\Roaming\PIPI
2011-08-30 17:16 . 2011-08-30 19:49 -------- d-----w- c:\programdata\TamoSoft
2011-08-30 13:49 . 2011-09-05 04:09 -------- d-----w- c:\users\Sebastien\AppData\Roaming\Hewlett-Packard
2011-08-30 13:48 . 2011-08-30 13:48 -------- d-----w- c:\users\Sebastien\AppData\Local\CyberLink
2011-08-30 13:48 . 2011-08-30 13:48 -------- d-----w- c:\users\Sebastien\AppData\Local\PowerCinema
2011-08-30 13:48 . 2011-08-30 13:48 -------- d-----w- c:\users\Sebastien\AppData\Roaming\CyberLink
2011-08-30 13:43 . 2011-09-10 22:40 -------- d-----w- c:\users\Sebastien\AppData\Local\Hewlett-Packard
2011-08-29 22:41 . 2011-08-29 22:41 -------- d-----w- c:\users\Sebastien\AppData\Local\Diagnostics
2011-08-29 14:17 . 2011-09-11 20:58 -------- d-----w- c:\users\Sebastien\AppData\Local\Microsoft Games
2011-08-27 20:33 . 2011-08-27 20:33 -------- d-----w- c:\program files\HP
2011-08-27 20:32 . 2011-08-27 20:32 -------- d-----w- c:\windows\Downloaded Installations
2011-08-27 13:57 . 2011-08-27 13:57 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-08-27 13:54 . 2011-09-14 12:53 -------- dc----w- c:\windows\system32\DRVSTORE
2011-08-27 13:54 . 2011-09-14 12:54 -------- d-----w- c:\programdata\Lavasoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-26 01:49 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-08-25 22:27 . 2011-08-25 22:27 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-08-25 22:27 . 2011-08-25 22:27 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-08-25 22:27 . 2011-08-25 22:27 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-08-25 22:27 . 2011-08-25 22:27 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-08-25 22:27 . 2011-08-25 22:27 161792 ----a-w- c:\windows\system32\msls31.dll
2011-08-25 22:27 . 2011-08-25 22:27 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-08-25 22:27 . 2011-08-25 22:27 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-08-25 22:27 . 2011-08-25 22:27 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-08-25 22:27 . 2011-08-25 22:27 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-08-25 22:27 . 2011-08-25 22:27 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-08-25 22:27 . 2011-08-25 22:27 367104 ----a-w- c:\windows\system32\html.iec
2011-08-25 22:27 . 2011-08-25 22:27 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-08-25 22:27 . 2011-08-25 22:27 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-08-25 22:27 . 2011-08-25 22:27 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-25 22:27 . 2011-08-25 22:27 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-08-25 22:27 . 2011-08-25 22:27 152064 ----a-w- c:\windows\system32\wextract.exe
2011-08-25 22:27 . 2011-08-25 22:27 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-08-25 22:27 . 2011-08-25 22:27 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-08-25 22:27 . 2011-08-25 22:27 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-25 22:27 . 2011-08-25 22:27 11776 ----a-w- c:\windows\system32\mshta.exe
2011-08-25 22:27 . 2011-08-25 22:27 101888 ----a-w- c:\windows\system32\admparse.dll
2011-08-25 22:11 . 2011-03-28 10:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-08-25 22:07 . 2011-08-25 22:07 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-16 04:27 . 2011-08-25 22:04 290816 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 04:15 . 2011-08-25 22:04 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 04:15 . 2011-08-25 22:04 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 04:15 . 2011-08-25 22:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-16 04:15 . 2011-08-25 22:04 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-16 04:15 . 2011-08-25 22:04 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 04:15 . 2011-08-25 22:04 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 04:15 . 2011-08-25 22:04 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 04:15 . 2011-08-25 22:04 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 04:15 . 2011-08-25 22:04 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 04:15 . 2011-08-25 22:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 04:15 . 2011-08-25 22:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 04:15 . 2011-08-25 22:04 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 04:15 . 2011-08-25 22:04 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 04:15 . 2011-08-25 22:04 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 04:15 . 2011-08-25 22:04 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 04:15 . 2011-08-25 22:04 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 04:15 . 2011-08-25 22:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 04:15 . 2011-08-25 22:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-16 04:15 . 2011-08-25 22:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 04:15 . 2011-08-25 22:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 04:15 . 2011-08-25 22:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 04:15 . 2011-08-25 22:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 04:15 . 2011-08-25 22:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 04:15 . 2011-08-25 22:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-16 02:17 . 2011-08-25 22:04 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17 . 2011-08-25 22:04 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17 . 2011-08-25 22:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-16 02:17 . 2011-08-25 22:04 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-09 04:29 . 2011-08-25 22:05 2048 ----a-w- c:\windows\system32\tzres.dll
2011-07-09 02:30 . 2011-08-25 22:05 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
.
.
((((((((((((((((((((((((((((((((((((( 重要登入点 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白与合法缺省登录将不会被显示
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-01-22 1684776]
"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-12-23 284696]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2009-12-16 8192]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-28 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-28 170520]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-01-18 17920]
R3 CV2K1;CommView Network Monitor;c:\windows\system32\DRIVERS\cv2k1.sys [x]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-11-06 230912]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1206000.01D\SYMDS.SYS [2011-01-27 340088]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1206000.01D\SYMEFA.SYS [2011-03-15 744568]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110909.001\BHDrvx86.sys [2011-09-09 816760]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110923.030\IDSvix86.sys [2011-09-01 368248]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1206000.01D\Ironx86.SYS [2011-01-27 136312]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NIS\1206000.01D\SYMNETS.SYS [2011-07-08 299640]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_be0aa592be2f1430\aestsrv.exe [2009-03-03 81920]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-01-26 176128]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2009-12-16 102968]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-01-25 92216]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 26168]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-12-23 13336]
S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe [2011-04-17 130008]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-01-26 6380544]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-01-26 222208]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-09-03 105592]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 125696]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd32.sys [2010-07-28 9023488]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-11-20 06:28 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
‘计划任务’ 文件夹 里的内容
.
2011-09-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3774822024-294525419-2627115759-1000Core.job
- c:\users\Sebastien\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-25 22:17]
.
2011-09-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3774822024-294525419-2627115759-1000UA.job
- c:\users\Sebastien\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-25 22:17]
.
2011-09-26 c:\windows\Tasks\HPCeeScheduleForSebastien.job
- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-06 20:22]
.
.
------- 而外的扫描 -------
.
uStart Page = hxxp://msn.com/
uInternet Settings,ProxyOverride = local
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-WinPatrol - c:\program files\BillP Studios\WinPatrol\winpatrol.exe
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\SUPERAntiSpyware\SASSEH.DLL
Notify-!SASWinLogon - c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"
.
完成时间: 2011-09-26 15:05:40
ComboFix-quarantined-files.txt 2011-09-26 07:05
ComboFix2.txt 2011-09-23 18:20
.
Pre-Run: 15 个目录 270,313,615,360 可用字节
Post-Run: 16 个目录 270,336,942,080 可用字节
.
- - End Of File - - 760E0451606E2FF131DDE3D02529D1D4
  • 0

#7
sebss
Posted 26 September 2011 - 03:20 AM

sebss

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
The Kaspersky report:


Status: Deleted (events: 1)
2011/9/26 16:04:08 Deleted Trojan program Trojan-Dropper.Win32.Agent.fvnx C:\MGtools.exe High
  • 0

#8
maliprog
Posted 26 September 2011 - 03:40 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Before we continue... How is your system now? Any changes?
  • 0

#9
sebss
Posted 26 September 2011 - 07:26 AM

sebss

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
The system is still running!! Was there some kind of spyware/rootkit in those logs beside the MGtools.exe??? Thanks
  • 0

#10
maliprog
Posted 26 September 2011 - 11:07 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi sebss,

Yes, there was some bad stuff that we removed with OTL at the beginning. Your logs and system are clean now. I'm glad we fix up your computer. We need to clean up your PC from programs we used.

Step 1

Please start OTL one more time and click CleanUp button. OTL will restart your system at the end. Remove all other application we used to clean your PC.

General recommendations

Here are some recommendations you should follow to minimize infection risk in the future:

1. Enable Windows Update
  • Click Start, click Run, type sysdm.cpl, and then press ENTER.
  • Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them option.
  • Click OK button

2. Delete Temp files

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

3. Make Backups of Important Files

Please read this article Home Computer Data Backup.


4. Regularly update your software

To eliminate design flaws and security vulnerabilities, all software needs to be updated to the latest version or the vendor’s patch installed.

You should download Update Checker from here. The program will automaticly check for newer version of software installed on your system.
  • 0

#11
sebss
Posted 27 September 2011 - 06:18 AM

sebss

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Thank You very much for taking time to answer me and read my logs... I really appreciate it. Continue to help us people you know almost nothing about computers... :)
  • 0

#12
maliprog
Posted 27 September 2011 - 06:20 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Will do! Goodbye and stay safe :)
  • 0

#13
maliprog
Posted 27 September 2011 - 06:21 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP