Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

System Infectected: Tidserv Activity 2

Started by kiwifrost4 , Sep 20 2011 09:49 PM

  • This topic is locked This topic is locked

#1
kiwifrost4
Posted 20 September 2011 - 09:49 PM

kiwifrost4

    New Member

  • Member
  • Pip
  • 8 posts
I have been getting bombarded with pop-ups saying "Threat requiring manual removal detected: System Infected: Tidserv Activity 2". On my history I am seeing an intrusion attempt approx. every 20 minutes. At the same time I have started seeing "80000032.@ (Trojan.Gen.2) detected by Auto-Protect,Blocked,Resolved - No Action Required" every 20 minutes or so as well.

I have attempted various "fixes" etc but all to no avail:

1) used Norton's recommended fix (per the security pop-ip) Backdoor Tidserv Removal Tool FixTDSS.exe - ran scan, no infected files found, no action taken

2) browsed various forums for ideas - ran full system scan in both "regular" and "safe" modes with Norton and Malwarebytes - once again, no infected files found, no action taken. One thing to note here - various forums have said to unhide non-plug and play drivers and delete ones labelled TDSS - I never found any labelled as such.

3) Posted issue on Norton forums - was recommended to run TDSSKiller from kaspersky.com. Did so, and once again no infected files found.

4) upon completion of TDSSKiller, with no results was referred to this forum for further assistance. Apparently you use "more advanced tools".

This has been going on for three days now and is driving me crazy - I don't know if I should even be using this computer. I do not know if it is infected, if it is not and just reading a "false positive", if someone is trying to hack it, if there is someting in that is allowing people to hack, or what. I'm at my wit's end right now and need help.

I will attach a jpeg of the response from Norton on the anti-virus history. This screenshot was taken at 10.05pm tonight, since that time I have had two more Trojan.Gen.2 detection alerts and am about due for my next hack attempt from Tidserv. This is getting stupid.

Also, attached please find, per forum instructions, a copy of the OTL log. Thanks again!

OTL logfile created on: 9/20/2011 9:53:28 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Kiwifrost4\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.52 Gb Available Physical Memory | 37.97% Memory free
8.20 Gb Paging File | 5.64 Gb Available in Paging File | 68.73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 224.00 Gb Free Space | 48.09% Space Free | Partition Type: NTFS

Computer Name: KIWIFROST4-PC | User Name: Kiwifrost4 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/20 21:52:31 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Kiwifrost4\Desktop\OTL.exe
PRC - [2011/09/11 12:10:30 | 000,411,432 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2011/08/31 07:47:27 | 000,243,360 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10w_ActiveX.exe
PRC - [2011/08/16 22:50:04 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/08/02 22:14:29 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\steam.exe
PRC - [2011/07/13 08:27:11 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\real\realplayer\Update\realsched.exe
PRC - [2011/06/30 09:50:40 | 003,029,208 | ---- | M] (Emsi Software GmbH) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
PRC - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton AntiVirus\Engine\18.6.0.29\ccsvchst.exe
PRC - [2011/04/01 05:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/03/22 23:56:40 | 000,687,448 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2011/03/21 16:10:00 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/03/01 23:14:08 | 000,190,808 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011/03/01 23:13:44 | 000,203,096 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2010/10/21 13:53:56 | 001,211,216 | ---- | M] (Logitech, Inc.) -- C:\Program Files (x86)\Logitech\LWS\LU\LogitechUpdate.exe
PRC - [2010/10/21 13:53:48 | 000,341,328 | ---- | M] (Logitech, Inc.) -- C:\Program Files (x86)\Logitech\LWS\LU\LULnchr.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/01/20 21:49:49 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PING.EXE
PRC - [2006/12/28 21:18:00 | 000,122,512 | ---- | M] (B.H.A Corporation) -- C:\Windows\SysWOW64\bgsvcgen.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/11 12:10:30 | 014,407,976 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2011/09/11 12:10:19 | 000,190,248 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2011/09/11 12:10:19 | 000,091,432 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-50.dll
MOD - [2011/09/11 12:10:18 | 000,914,216 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-52.dll
MOD - [2011/09/11 12:10:18 | 000,155,432 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-52.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/30 18:25:42 | 000,331,608 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2011/03/22 23:56:40 | 000,687,448 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2011/03/21 16:10:36 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/03/21 16:10:00 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/03/15 07:13:46 | 004,254,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2011/03/01 23:13:44 | 000,203,096 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2010/05/07 18:37:40 | 000,126,808 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2010/05/07 18:37:40 | 000,027,480 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2010/05/07 18:36:54 | 000,340,824 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2010/05/07 18:35:56 | 007,954,776 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2010/05/07 18:35:44 | 002,143,576 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2010/03/24 22:17:36 | 008,794,464 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2009/04/11 01:28:22 | 000,223,232 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/07/02 12:16:05 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/09/11 12:10:30 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/08/16 22:50:04 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/06/30 09:50:40 | 003,029,208 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe -- (NAV)
SRV - [2011/04/01 05:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2006/12/28 21:18:00 | 000,122,512 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\Windows\SysWOW64\bgsvcgen.exe -- (bgsvcgen)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/05/02 17:04:42 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/04/01 05:07:54 | 004,184,672 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lvuvc64.sys -- (LVUVC64) Logitech HD Webcam C510(UVC)
DRV:64bit: - [2011/03/30 22:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\NAVx64\1206000.01D\SRTSP64.SYS -- (SRTSP)
DRV:64bit: - [2011/03/30 22:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1206000.01D\SRTSPX64.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011/03/21 19:39:49 | 000,432,760 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NAVx64\1206000.01D\SYMTDIV.SYS -- (SYMTDIv)
DRV:64bit: - [2011/03/14 21:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1206000.01D\SYMEFA64.SYS -- (SymEFA)
DRV:64bit: - [2011/01/27 01:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1206000.01D\SYMDS64.SYS -- (SymDS)
DRV:64bit: - [2011/01/27 00:07:06 | 000,171,128 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1206000.01D\Ironx64.SYS -- (SymIRON)
DRV:64bit: - [2010/11/09 21:44:24 | 000,341,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2010/11/09 21:42:34 | 000,024,032 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lvbflt64.sys -- (CompFilter64)
DRV:64bit: - [2010/05/07 18:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2010/05/07 18:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/07/02 12:51:28 | 006,036,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/06/04 06:20:48 | 000,113,168 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/04/22 10:53:36 | 000,012,744 | R--- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ENTECH64.sys -- (ENTECH64)
DRV:64bit: - [2008/01/20 21:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel®
DRV - [2011/09/19 22:55:21 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20110920.019\EX64.SYS -- (NAVEX15)
DRV - [2011/09/19 22:55:21 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20110920.019\ENG64.SYS -- (NAVENG)
DRV - [2011/09/09 12:44:05 | 001,152,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20110909.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2011/09/08 20:05:01 | 000,481,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011/08/23 00:17:32 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20110917.033\IDSviA64.sys -- (IDSVia64)
DRV - [2011/07/27 18:46:05 | 000,136,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/02/20 21:30:06 | 000,085,800 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys -- (a2acc)
DRV - [2006/02/20 19:17:00 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System | Stopped] -- C:\Windows\SysWow64\drivers\cdrbsdrv.sys -- (cdrbsdrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie9
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie9
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 27 B7 BE 01 E1 AA CB 41 8B 6B 9D 63 F1 12 57 9F [binary data]
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\YTNavAssist.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.660: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.660: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.660: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\Kiwifrost4\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Kiwifrost4\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Kiwifrost4\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Kiwifrost4\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\IPSFFPlgn\ [2011/08/17 08:53:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{5D8CB31C-4E86-4C53-AF81-F6A7345EE51A}: C:\Users\Kiwifrost4\AppData\Local\{5D8CB31C-4E86-4C53-AF81-F6A7345EE51A} [2010/08/20 13:48:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/09/18 18:17:25 | 000,000,000 | ---D | M]

[2010/09/23 20:59:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kiwifrost4\AppData\Roaming\Mozilla\Extensions

========== Chrome ==========

CHR - default_search_provider: Live Search (Enabled)
CHR - default_search_provider: search_url = http://search.live.c...ferrer:source?}
CHR - default_search_provider: suggest_url =
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Kiwifrost4\AppData\Local\Google\Chrome\Application\12.0.742.122\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\Kiwifrost4\AppData\Local\Google\Chrome\Application\12.0.742.122\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Kiwifrost4\AppData\Local\Google\Chrome\Application\12.0.742.122\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.170.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java™ Platform SE 6 U17 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Coupon Print Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Users\Kiwifrost4\AppData\Local\Google\Chrome\Application\plugins\NPcol400.dll
CHR - plugin: Coupon Print Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Users\Kiwifrost4\AppData\Local\Google\Chrome\Application\plugins\NPcol500.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Kiwifrost4\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Kiwifrost4\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50917.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Users\Kiwifrost4\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.1.1_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Kiwifrost4\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Skype Extension = C:\Users\Kiwifrost4\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.7896_0\
CHR - Extension: Poppit = C:\Users\Kiwifrost4\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2006/09/18 16:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\18.6.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [BitTorrent] C:\Program Files (x86)\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\SysWOW64\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; WOW64; Trident/5.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET4.0C; InfoPath.3; .NET CLR 3.0.30729)" -"http://www.haelmedia...mc_m2_001.html" File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A38FB7A-51D2-4C8B-8D77-848410063A99}: DhcpNameServer = 192.168.0.1 205.171.3.25
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Kiwifrost4\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Kiwifrost4\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2cf3234a-940c-11de-950c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{2cf3234a-940c-11de-950c-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup\rsrc\Autorun.exe
O33 - MountPoints2\{2cf3234a-940c-11de-950c-806e6f6e6963}\Shell\dinstall\command - "" = D:\Directx\dxsetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/20 21:52:30 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Kiwifrost4\Desktop\OTL.exe
[2011/09/20 21:35:38 | 001,403,184 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Kiwifrost4\Desktop\TDSSKiller.exe
[2011/09/19 21:18:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/09/19 21:18:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/09/19 19:28:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
[2011/09/19 19:28:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware
[2011/09/19 19:28:30 | 000,000,000 | ---D | C] -- C:\Users\Kiwifrost4\Documents\Anti-Malware
[2011/09/19 19:22:32 | 101,856,272 | ---- | C] (Emsi Software GmbH ) -- C:\Users\Kiwifrost4\Desktop\EmsisoftAntiMalwareSetup.exe
[2011/09/19 19:16:40 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/09/19 19:15:59 | 003,480,352 | ---- | C] (Piriform Ltd) -- C:\Users\Kiwifrost4\Desktop\ccsetup310.exe
[2011/09/19 18:36:27 | 000,000,000 | ---D | C] -- C:\Users\Kiwifrost4\AppData\Local\VirtualStore
[2011/09/19 00:21:25 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/09/18 16:33:14 | 000,000,000 | ---D | C] -- C:\Windows\system64
[2011/09/10 00:24:55 | 000,000,000 | ---D | C] -- C:\Users\Kiwifrost4\Documents\Activision
[2011/08/31 08:02:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/08/31 08:01:56 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/08/31 08:01:55 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/08/31 07:56:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/08/31 07:56:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011/08/24 22:51:09 | 000,060,273 | ---- | C] (Open Source Software community project) -- C:\Windows\SysWow64\pthreadGC2.dll
[2011/08/24 22:51:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ffdshow
[2011/08/24 22:51:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Haali
[2011/08/24 22:51:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AviSynth 2.5
[2011/08/24 22:50:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sothink Movie DVD Maker
[2011/08/24 22:50:51 | 000,290,816 | ---- | C] (SourceTec Software Co., LTD) -- C:\Windows\SysWow64\stFLVSource.ax
[2011/08/24 22:50:51 | 000,147,456 | ---- | C] (SourceTec) -- C:\Windows\SysWow64\stQTSource.ax
[2011/08/24 22:50:50 | 000,438,272 | ---- | C] (Gabest) -- C:\Windows\SysWow64\Mpeg2DecFilter.ax
[2011/08/24 22:50:50 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\SysWow64\pncrt.dll
[2011/08/24 22:50:50 | 000,217,088 | ---- | C] (-) -- C:\Windows\SysWow64\CoreFLACDecoder.ax
[2011/08/24 22:50:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SourceTec
[2011/08/24 22:50:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sothink Movie DVD Maker
[2011/08/24 22:49:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\dvdmaker
[2011/08/24 22:48:32 | 028,027,144 | ---- | C] (SourceTec Software Co., LTD ) -- C:\Program Files (x86)\Setup.exe
[2011/08/01 20:13:55 | 005,015,880 | ---- | C] (Canneverbe Limited ) -- C:\Program Files (x86)\cdbxp_setup_4.3.8.2568.exe
[2011/07/31 15:01:18 | 065,981,368 | ---- | C] (Online Media Technologies Ltd. ) -- C:\Program Files (x86)\AVSVideoConverter.exe
[2011/07/13 22:23:00 | 001,030,024 | ---- | C] (Skype Technologies S.A.) -- C:\Program Files (x86)\SkypeSetup.exe
[2011/05/03 20:31:01 | 087,359,831 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Program Files (x86)\Vista_Win7_R259.exe
[2011/04/18 21:40:49 | 020,817,978 | ---- | C] (Shark007) -- C:\Program Files (x86)\VistaCodecs_v593.exe
[2011/04/14 23:13:14 | 013,193,238 | ---- | C] (Shark007) -- C:\Program Files (x86)\x64Components_v285.exe
[2011/02/27 14:29:10 | 681,867,016 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\X16-32250.exe
[2010/09/25 23:34:28 | 002,985,328 | ---- | C] (BitTorrent, Inc.) -- C:\Program Files (x86)\BitTorrent-7.1.exe
[2010/09/16 19:56:06 | 010,255,560 | ---- | C] (iSkysoft Software ) -- C:\Program Files (x86)\mkv-converter-win_full676.exe
[2010/08/29 21:03:58 | 005,881,679 | ---- | C] (Moritz Bunkus) -- C:\Program Files (x86)\mkvtoolnix-unicode-4.2.0-setup.exe
[2010/08/29 19:24:19 | 016,847,824 | ---- | C] (Any-Video-Converter.com ) -- C:\Program Files (x86)\avc-free.exe
[2010/08/29 19:18:42 | 000,866,532 | ---- | C] (CHENGDU WEISHU TECHNOLOGY CO., LTD. ) -- C:\Program Files (x86)\mkv-to-wmv.exe
[2010/07/22 00:14:14 | 000,907,735 | ---- | C] ( ) -- C:\Program Files\DVD43_Plugin_Setup_1.0.0.5.exe
[2010/07/22 00:11:10 | 000,568,900 | ---- | C] ( ) -- C:\Program Files\DVD43_4-6-0_Setup.exe
[2010/07/21 23:51:36 | 054,822,952 | ---- | C] (Online Media Technologies Ltd. ) -- C:\Program Files\AVSVideoConverter.exe
[2010/07/21 23:33:00 | 009,423,386 | ---- | C] (Digiarty Software, Inc. ) -- C:\Program Files\winx-dvd-ripper-pt.exe
[2010/07/21 23:28:45 | 006,971,290 | ---- | C] (Digiarty Software, Inc. ) -- C:\Program Files\winx-free-dvd-ripper.exe
[2010/06/10 01:11:30 | 000,895,256 | ---- | C] (DivX, Inc. ) -- C:\Program Files (x86)\DivXInstaller.exe
[2010/05/04 16:06:17 | 003,382,520 | ---- | C] (Piriform Ltd) -- C:\Program Files (x86)\ccsetup231.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/20 21:52:31 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Kiwifrost4\Desktop\OTL.exe
[2011/09/20 21:35:27 | 001,386,742 | ---- | M] () -- C:\Users\Kiwifrost4\Desktop\tdsskiller.zip
[2011/09/20 21:08:46 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/20 21:08:46 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/20 19:41:55 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1882694805-4187760394-1783181854-1000UA.job
[2011/09/20 19:41:44 | 000,002,067 | ---- | M] () -- C:\Users\Kiwifrost4\Desktop\Google Chrome.lnk
[2011/09/20 19:41:44 | 000,002,029 | ---- | M] () -- C:\Users\Kiwifrost4\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/09/20 19:36:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/20 19:03:00 | 000,000,282 | ---- | M] () -- C:\Windows\tasks\Check Updates for Windows Live Toolbar.job
[2011/09/20 11:41:00 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1882694805-4187760394-1783181854-1000Core.job
[2011/09/20 08:54:14 | 001,403,184 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Kiwifrost4\Desktop\TDSSKiller.exe
[2011/09/20 05:36:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/19 21:08:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/19 20:21:27 | 000,000,732 | ---- | M] () -- C:\Users\Kiwifrost4\AppData\Local\d3d9caps64.dat
[2011/09/19 19:28:43 | 000,000,930 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2011/09/19 19:26:51 | 101,856,272 | ---- | M] (Emsi Software GmbH ) -- C:\Users\Kiwifrost4\Desktop\EmsisoftAntiMalwareSetup.exe
[2011/09/19 19:15:59 | 003,480,352 | ---- | M] (Piriform Ltd) -- C:\Users\Kiwifrost4\Desktop\ccsetup310.exe
[2011/09/19 18:57:29 | 000,206,848 | ---- | M] () -- C:\Users\Kiwifrost4\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/19 07:43:57 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011/09/19 00:21:32 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2011/09/19 00:21:32 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2011/09/18 23:45:57 | 000,111,928 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/09/18 21:44:51 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2011/09/18 21:44:51 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2011/09/18 21:34:51 | 000,707,392 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/09/18 21:34:51 | 000,607,168 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/09/18 21:34:51 | 000,104,808 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/09/18 20:07:11 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2011/09/18 20:07:11 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2011/09/18 18:08:22 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2011/09/18 18:08:22 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2011/09/18 17:53:14 | 000,006,192 | ---- | M] () -- C:\{219ACBFF-33E0-45D7-84B9-FE2B16FB6A5F}
[2011/09/18 17:25:34 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2011/09/18 17:25:34 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2011/09/18 17:17:02 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2011/09/18 17:17:02 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2011/09/18 16:33:31 | 000,000,300 | ---- | M] () -- C:\Users\Kiwifrost4\AppData\Roaming\5F4E.91D
[2011/09/18 15:50:47 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2011/09/18 15:50:47 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2011/09/18 03:30:15 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2011/09/18 03:30:15 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2011/09/18 02:02:59 | 000,000,468 | ---- | M] () -- C:\Windows\tasks\Driver Robot.job
[2011/09/15 03:22:24 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2011/09/15 03:22:24 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2011/09/13 09:09:49 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2011/09/13 09:09:49 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2011/09/12 08:39:37 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2011/09/12 08:39:37 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2011/09/11 11:54:15 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2011/09/11 11:54:15 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2011/09/06 09:09:13 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2011/09/06 09:09:13 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2011/08/31 08:02:12 | 000,001,694 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/08/31 07:50:05 | 000,001,917 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/08/30 23:17:27 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2011/08/30 23:17:26 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2011/08/25 23:08:16 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2011/08/25 23:08:16 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2011/08/25 09:10:01 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2011/08/25 09:10:01 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2011/08/24 22:50:56 | 000,000,975 | ---- | M] () -- C:\Users\Kiwifrost4\Application Data\Microsoft\Internet Explorer\Quick Launch\Sothink Movie DVD Maker.lnk
[2011/08/24 22:48:01 | 027,947,271 | ---- | M] () -- C:\Program Files (x86)\dvdmaker.zip
[2011/08/24 09:04:23 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2011/08/24 09:04:23 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2011/08/22 09:05:06 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2011/08/22 09:05:06 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/20 21:35:27 | 001,386,742 | ---- | C] () -- C:\Users\Kiwifrost4\Desktop\tdsskiller.zip
[2011/09/19 19:28:43 | 000,000,930 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2011/09/19 07:43:57 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/09/19 00:41:32 | 000,000,732 | ---- | C] () -- C:\Users\Kiwifrost4\AppData\Local\d3d9caps64.dat
[2011/09/18 17:53:14 | 000,006,192 | ---- | C] () -- C:\{219ACBFF-33E0-45D7-84B9-FE2B16FB6A5F}
[2011/09/18 16:33:31 | 000,000,300 | ---- | C] () -- C:\Users\Kiwifrost4\AppData\Roaming\5F4E.91D
[2011/08/31 08:02:12 | 000,001,694 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/08/31 07:48:40 | 000,001,917 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/08/31 07:48:39 | 000,002,425 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011/08/24 22:51:09 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/08/24 22:50:56 | 000,000,975 | ---- | C] () -- C:\Users\Kiwifrost4\Application Data\Microsoft\Internet Explorer\Quick Launch\Sothink Movie DVD Maker.lnk
[2011/08/24 22:50:50 | 000,070,656 | ---- | C] () -- C:\Windows\SysWow64\RLAPEDec.ax
[2011/08/24 22:47:16 | 027,947,271 | ---- | C] () -- C:\Program Files (x86)\dvdmaker.zip
[2011/08/16 22:50:04 | 000,682,280 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011/05/12 00:21:25 | 000,201,444 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/05/03 21:25:28 | 085,083,722 | ---- | C] () -- C:\Program Files (x86)\VistaWindows7HD-256.zip
[2011/04/01 05:07:02 | 010,877,272 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2011/04/01 05:07:02 | 000,102,744 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011/04/01 05:06:56 | 000,331,608 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2010/12/19 13:44:30 | 000,000,030 | ---- | C] () -- C:\Windows\MotionSDSTUDIO.INI
[2010/11/15 10:02:58 | 020,953,077 | ---- | C] () -- C:\Program Files (x86)\pod-works.exe
[2010/10/26 21:34:47 | 030,355,045 | ---- | C] () -- C:\Program Files (x86)\mov-converter6.exe
[2010/10/14 23:13:15 | 000,001,940 | ---- | C] () -- C:\Users\Kiwifrost4\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/09/22 17:08:20 | 000,293,144 | ---- | C] () -- C:\Program Files\SoftonicDownloader_for_hjsplit.exe
[2010/09/01 20:25:53 | 001,531,593 | ---- | C] () -- C:\Program Files (x86)\winrar-x64-393.exe
[2010/08/24 18:12:11 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2010/08/24 18:11:31 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2010/08/24 18:10:48 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2010/08/20 13:48:35 | 000,000,120 | ---- | C] () -- C:\Users\Kiwifrost4\AppData\Local\Hsogapakukakad.dat
[2010/08/20 13:48:35 | 000,000,000 | ---- | C] () -- C:\Users\Kiwifrost4\AppData\Local\Isacir.bin
[2010/07/21 23:42:49 | 001,853,399 | ---- | C] () -- C:\Program Files\EasyDVDClonec.exe
[2010/02/10 00:17:38 | 000,708,868 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/12/28 11:14:16 | 000,000,053 | ---- | C] () -- C:\Windows\WININIT.INI
[2009/12/28 11:14:13 | 000,000,000 | ---- | C] () -- C:\Windows\setup32.INI
[2009/10/19 17:33:31 | 000,000,831 | ---- | C] () -- C:\Windows\CoDUO.INI
[2009/10/19 17:09:19 | 000,000,766 | ---- | C] () -- C:\Windows\CoD.INI
[2009/10/19 16:40:08 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
[2009/10/19 14:15:32 | 000,111,928 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2009/10/19 14:15:31 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2009/10/19 14:15:30 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2009/10/18 21:21:34 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009/10/18 16:58:04 | 000,010,922 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/10/18 08:23:13 | 000,149,504 | ---- | C] () -- C:\Windows\UNWISE.EXE
[2009/10/17 22:08:29 | 000,206,848 | ---- | C] () -- C:\Users\Kiwifrost4\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/26 19:09:05 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/07/10 13:39:00 | 000,350,720 | ---- | C] () -- C:\Program Files\hjsplit.exe
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007/07/23 11:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2007/07/23 11:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2007/07/23 11:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2007/07/23 11:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2007/07/23 11:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2007/07/23 11:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2007/07/23 11:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2007/07/23 11:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2007/07/23 11:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2006/11/02 10:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 07:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 07:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 04:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

========== LOP Check ==========

[2010/08/29 19:26:08 | 000,000,000 | ---D | M] -- C:\Users\Kiwifrost4\AppData\Roaming\AnvSoft
[2011/09/20 08:20:15 | 000,000,000 | ---D | M] -- C:\Users\Kiwifrost4\AppData\Roaming\BitTorrent
[2009/10/18 12:28:03 | 000,000,000 | ---D | M] -- C:\Users\Kiwifrost4\AppData\Roaming\Blitware
[2011/08/01 20:15:44 | 000,000,000 | ---D | M] -- C:\Users\Kiwifrost4\AppData\Roaming\Canneverbe Limited
[2011/08/03 23:24:46 | 000,000,000 | ---D | M] -- C:\Users\Kiwifrost4\AppData\Roaming\Canon
[2010/09/06 13:52:24 | 000,000,000 | ---D | M] -- C:\Users\Kiwifrost4\AppData\Roaming\Catalina Marketing Corp
[2010/07/21 23:33:38 | 000,000,000 | ---D | M] -- C:\Users\Kiwifrost4\AppData\Roaming\Digiarty
[2009/12/10 19:46:33 | 000,000,000 | ---D | M] -- C:\Users\Kiwifrost4\AppData\Roaming\E-centives
[2010/03/14 22:49:58 | 000,000,000 | ---D | M] -- C:\Users\Kiwifrost4\AppData\Roaming\Facebook
[2009/12/26 23:32:57 | 000,000,000 | ---D | M] -- C:\Users\Kiwifrost4\AppData\Roaming\GetRightToGo
[2010/11/15 10:03:36 | 000,000,000 | ---D | M] -- C:\Users\Kiwifrost4\AppData\Roaming\ImTOO
[2009/10/18 09:06:35 | 000,000,000 | ---D | M] -- C:\Users\Kiwifrost4\AppData\Roaming\InterTrust
[2009/12/28 11:35:15 | 000,000,000 | ---D | M] -- C:\Users\Kiwifrost4\AppData\Roaming\Leadertech
[2010/08/29 21:04:52 | 000,000,000 | ---D | M] -- C:\Users\Kiwifrost4\AppData\Roaming\mkvtoolnix
[2011/01/04 23:25:25 | 000,000,000 | ---D | M] -- C:\Users\Kiwifrost4\AppData\Roaming\Ogg2MP3
[2011/02/04 20:47:03 | 000,000,000 | ---D | M] -- C:\Users\Kiwifrost4\AppData\Roaming\TaxCut
[2010/08/20 14:52:23 | 000,000,000 | ---D | M] -- C:\Users\Kiwifrost4\AppData\Roaming\Tific
[2011/09/20 19:03:00 | 000,000,282 | ---- | M] () -- C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job
[2011/09/18 02:02:59 | 000,000,468 | ---- | M] () -- C:\Windows\Tasks\Driver Robot.job
[2011/09/19 19:32:14 | 000,032,654 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >
intrusion attempt.jpg
  • 0

Advertisements

#2
sempai
Posted 24 September 2011 - 11:14 AM

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Hello kiwifrost4 and welcome to G2G. :)

Please run OTL again and post the new report for my review.
  • 0

#3
kiwifrost4
Posted 24 September 2011 - 06:57 PM

kiwifrost4

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Here you go:

OTL logfile created on: 9/24/2011 7:47:43 PM - Run 2
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Kiwifrost4\Desktop\Computer Stuff
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.10 Gb Available Physical Memory | 52.40% Memory free
8.20 Gb Paging File | 6.04 Gb Available in Paging File | 73.68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 219.32 Gb Free Space | 47.09% Space Free | Partition Type: NTFS
Drive D: | 6.95 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: KIWIFROST4-PC | User Name: Kiwifrost4 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/22 21:39:05 | 000,419,624 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2011/09/20 21:52:31 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Kiwifrost4\Desktop\Computer Stuff\OTL.exe
PRC - [2011/08/31 07:47:27 | 000,243,360 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10w_ActiveX.exe
PRC - [2011/08/16 22:50:04 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/08/02 22:14:29 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\steam.exe
PRC - [2011/07/13 08:27:11 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\real\realplayer\Update\realsched.exe
PRC - [2011/06/30 09:50:40 | 003,029,208 | ---- | M] (Emsi Software GmbH) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
PRC - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton AntiVirus\Engine\18.6.0.29\ccsvchst.exe
PRC - [2011/04/01 05:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/03/22 23:56:40 | 000,687,448 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2011/03/21 16:10:00 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/03/01 23:14:08 | 000,190,808 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011/03/01 23:13:44 | 000,203,096 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2010/10/21 13:53:56 | 001,211,216 | ---- | M] (Logitech, Inc.) -- C:\Program Files (x86)\Logitech\LWS\LU\LogitechUpdate.exe
PRC - [2010/10/21 13:53:48 | 000,341,328 | ---- | M] (Logitech, Inc.) -- C:\Program Files (x86)\Logitech\LWS\LU\LULnchr.exe
PRC - [2010/09/25 23:35:55 | 002,985,328 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\BitTorrent\BitTorrent.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/01/20 21:49:49 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PING.EXE
PRC - [2006/12/28 21:18:00 | 000,122,512 | ---- | M] (B.H.A Corporation) -- C:\Windows\SysWOW64\bgsvcgen.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/22 21:39:04 | 014,410,024 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2011/09/22 21:38:51 | 000,190,248 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2011/09/22 21:38:51 | 000,155,432 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-52.dll
MOD - [2011/09/22 21:38:51 | 000,091,432 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-50.dll
MOD - [2011/09/22 21:38:50 | 000,914,216 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-52.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/30 18:25:42 | 000,331,608 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2011/03/22 23:56:40 | 000,687,448 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2011/03/21 16:10:36 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/03/21 16:10:00 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/03/01 23:13:44 | 000,203,096 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2010/05/07 18:37:40 | 000,126,808 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2010/05/07 18:37:40 | 000,027,480 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2010/05/07 18:36:54 | 000,340,824 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2010/05/07 18:35:56 | 007,954,776 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2010/05/07 18:35:44 | 002,143,576 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2009/04/11 01:28:22 | 000,223,232 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/07/02 12:16:05 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/09/22 21:39:05 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/08/16 22:50:04 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/06/30 09:50:40 | 003,029,208 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe -- (NAV)
SRV - [2011/04/01 05:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2006/12/28 21:18:00 | 000,122,512 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\Windows\SysWOW64\bgsvcgen.exe -- (bgsvcgen)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/05/02 17:04:42 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/04/01 05:07:54 | 004,184,672 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lvuvc64.sys -- (LVUVC64) Logitech HD Webcam C510(UVC)
DRV:64bit: - [2011/03/30 22:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\NAVx64\1206000.01D\SRTSP64.SYS -- (SRTSP)
DRV:64bit: - [2011/03/30 22:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1206000.01D\SRTSPX64.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011/03/21 19:39:49 | 000,432,760 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NAVx64\1206000.01D\SYMTDIV.SYS -- (SYMTDIv)
DRV:64bit: - [2011/03/14 21:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1206000.01D\SYMEFA64.SYS -- (SymEFA)
DRV:64bit: - [2011/01/27 01:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1206000.01D\SYMDS64.SYS -- (SymDS)
DRV:64bit: - [2011/01/27 00:07:06 | 000,171,128 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1206000.01D\Ironx64.SYS -- (SymIRON)
DRV:64bit: - [2010/11/09 21:44:24 | 000,341,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2010/11/09 21:42:34 | 000,024,032 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lvbflt64.sys -- (CompFilter64)
DRV:64bit: - [2010/05/07 18:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2010/05/07 18:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/07/02 12:51:28 | 006,036,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/06/04 06:20:48 | 000,113,168 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/04/22 10:53:36 | 000,012,744 | R--- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ENTECH64.sys -- (ENTECH64)
DRV:64bit: - [2008/01/20 21:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel®
DRV - [2011/09/19 22:55:21 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20110924.007\EX64.SYS -- (NAVEX15)
DRV - [2011/09/19 22:55:21 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20110924.007\ENG64.SYS -- (NAVENG)
DRV - [2011/09/09 12:44:05 | 001,152,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20110909.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2011/09/08 20:05:01 | 000,481,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011/08/23 00:17:32 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20110923.030\IDSviA64.sys -- (IDSVia64)
DRV - [2011/07/27 18:46:05 | 000,136,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/02/20 21:30:06 | 000,085,800 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys -- (a2acc)
DRV - [2006/02/20 19:17:00 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System | Stopped] -- C:\Windows\SysWow64\drivers\cdrbsdrv.sys -- (cdrbsdrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie9
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie9
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 27 B7 BE 01 E1 AA CB 41 8B 6B 9D 63 F1 12 57 9F [binary data]
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\YTNavAssist.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.660: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.660: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.660: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\Kiwifrost4\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Kiwifrost4\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Kiwifrost4\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Kiwifrost4\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\IPSFFPlgn\ [2011/08/17 08:53:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{5D8CB31C-4E86-4C53-AF81-F6A7345EE51A}: C:\Users\Kiwifrost4\AppData\Local\{5D8CB31C-4E86-4C53-AF81-F6A7345EE51A} [2010/08/20 13:48:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/09/18 18:17:25 | 000,000,000 | ---D | M]

[2010/09/23 20:59:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kiwifrost4\AppData\Roaming\Mozilla\Extensions

========== Chrome ==========

CHR - default_search_provider: Live Search (Enabled)
CHR - default_search_provider: search_url = http://search.live.c...ferrer:source?}
CHR - default_search_provider: suggest_url =
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Kiwifrost4\AppData\Local\Google\Chrome\Application\12.0.742.122\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\Kiwifrost4\AppData\Local\Google\Chrome\Application\12.0.742.122\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Kiwifrost4\AppData\Local\Google\Chrome\Application\12.0.742.122\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.170.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java™ Platform SE 6 U17 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Coupon Print Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Users\Kiwifrost4\AppData\Local\Google\Chrome\Application\plugins\NPcol400.dll
CHR - plugin: Coupon Print Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Users\Kiwifrost4\AppData\Local\Google\Chrome\Application\plugins\NPcol500.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Kiwifrost4\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Kiwifrost4\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50917.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Users\Kiwifrost4\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.1.1_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Kiwifrost4\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Skype Extension = C:\Users\Kiwifrost4\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.7896_0\
CHR - Extension: Poppit = C:\Users\Kiwifrost4\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2006/09/18 16:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\18.6.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [BitTorrent] C:\Program Files (x86)\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\SysWOW64\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; WOW64; Trident/5.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET4.0C; InfoPath.3; .NET CLR 3.0.30729)" -"http://www.haelmedia...mc_m2_001.html" File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A38FB7A-51D2-4C8B-8D77-848410063A99}: DhcpNameServer = 192.168.0.1 205.171.3.25
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Kiwifrost4\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Kiwifrost4\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/15 19:53:55 | 000,000,142 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{2cf3234a-940c-11de-950c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{2cf3234a-940c-11de-950c-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Setup\rsrc\AUTORUN.EXE -- [2007/08/15 20:55:00 | 000,051,048 | R--- | M] (Activision)
O33 - MountPoints2\{2cf3234a-940c-11de-950c-806e6f6e6963}\Shell\dinstall\command - "" = D:\DirectX\DXSETUP.exe -- [2008/05/30 17:34:50 | 000,528,392 | R--- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/22 08:49:15 | 000,000,000 | ---D | C] -- C:\Users\Kiwifrost4\Desktop\Computer Stuff
[2011/09/19 21:18:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/09/19 21:18:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/09/19 21:18:07 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011/09/19 21:18:07 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/09/19 21:18:07 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/09/19 21:18:07 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/09/19 19:28:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
[2011/09/19 19:28:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware
[2011/09/19 19:28:30 | 000,000,000 | ---D | C] -- C:\Users\Kiwifrost4\Documents\Anti-Malware
[2011/09/19 19:16:40 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/09/19 18:36:27 | 000,000,000 | ---D | C] -- C:\Users\Kiwifrost4\AppData\Local\VirtualStore
[2011/09/19 00:21:25 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/09/18 16:33:14 | 000,000,000 | ---D | C] -- C:\Windows\system64
[2011/09/10 00:24:55 | 000,000,000 | ---D | C] -- C:\Users\Kiwifrost4\Documents\Activision
[2011/08/31 08:02:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/08/31 08:01:56 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/08/31 08:01:55 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/08/31 07:56:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/08/31 07:56:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011/08/24 22:48:32 | 028,027,144 | ---- | C] (SourceTec Software Co., LTD ) -- C:\Program Files (x86)\Setup.exe
[2011/08/01 20:13:55 | 005,015,880 | ---- | C] (Canneverbe Limited ) -- C:\Program Files (x86)\cdbxp_setup_4.3.8.2568.exe
[2011/07/31 15:01:18 | 065,981,368 | ---- | C] (Online Media Technologies Ltd. ) -- C:\Program Files (x86)\AVSVideoConverter.exe
[2011/07/13 22:23:00 | 001,030,024 | ---- | C] (Skype Technologies S.A.) -- C:\Program Files (x86)\SkypeSetup.exe
[2011/05/03 20:31:01 | 087,359,831 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Program Files (x86)\Vista_Win7_R259.exe
[2011/04/18 21:40:49 | 020,817,978 | ---- | C] (Shark007) -- C:\Program Files (x86)\VistaCodecs_v593.exe
[2011/04/14 23:13:14 | 013,193,238 | ---- | C] (Shark007) -- C:\Program Files (x86)\x64Components_v285.exe
[2011/02/27 14:29:10 | 681,867,016 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\X16-32250.exe
[2010/09/25 23:34:28 | 002,985,328 | ---- | C] (BitTorrent, Inc.) -- C:\Program Files (x86)\BitTorrent-7.1.exe
[2010/09/16 19:56:06 | 010,255,560 | ---- | C] (iSkysoft Software ) -- C:\Program Files (x86)\mkv-converter-win_full676.exe
[2010/08/29 21:03:58 | 005,881,679 | ---- | C] (Moritz Bunkus) -- C:\Program Files (x86)\mkvtoolnix-unicode-4.2.0-setup.exe
[2010/08/29 19:24:19 | 016,847,824 | ---- | C] (Any-Video-Converter.com ) -- C:\Program Files (x86)\avc-free.exe
[2010/08/29 19:18:42 | 000,866,532 | ---- | C] (CHENGDU WEISHU TECHNOLOGY CO., LTD. ) -- C:\Program Files (x86)\mkv-to-wmv.exe
[2010/07/22 00:14:14 | 000,907,735 | ---- | C] ( ) -- C:\Program Files\DVD43_Plugin_Setup_1.0.0.5.exe
[2010/07/22 00:11:10 | 000,568,900 | ---- | C] ( ) -- C:\Program Files\DVD43_4-6-0_Setup.exe
[2010/07/21 23:51:36 | 054,822,952 | ---- | C] (Online Media Technologies Ltd. ) -- C:\Program Files\AVSVideoConverter.exe
[2010/07/21 23:33:00 | 009,423,386 | ---- | C] (Digiarty Software, Inc. ) -- C:\Program Files\winx-dvd-ripper-pt.exe
[2010/07/21 23:28:45 | 006,971,290 | ---- | C] (Digiarty Software, Inc. ) -- C:\Program Files\winx-free-dvd-ripper.exe
[2010/06/10 01:11:30 | 000,895,256 | ---- | C] (DivX, Inc. ) -- C:\Program Files (x86)\DivXInstaller.exe
[2010/05/04 16:06:17 | 003,382,520 | ---- | C] (Piriform Ltd) -- C:\Program Files (x86)\ccsetup231.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/24 19:03:00 | 000,000,282 | ---- | M] () -- C:\Windows\tasks\Check Updates for Windows Live Toolbar.job
[2011/09/24 18:41:00 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1882694805-4187760394-1783181854-1000UA.job
[2011/09/24 18:36:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/24 18:27:04 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/24 18:27:04 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/24 11:41:00 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1882694805-4187760394-1783181854-1000Core.job
[2011/09/24 05:36:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/23 21:46:07 | 000,111,928 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/09/23 20:26:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/23 07:32:20 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011/09/22 19:11:16 | 000,006,184 | ---- | M] () -- C:\{CE9DE6B9-E30C-47B0-AD4A-7105D5398AD9}
[2011/09/20 19:41:44 | 000,002,067 | ---- | M] () -- C:\Users\Kiwifrost4\Desktop\Google Chrome.lnk
[2011/09/20 19:41:44 | 000,002,029 | ---- | M] () -- C:\Users\Kiwifrost4\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/09/19 20:21:27 | 000,000,732 | ---- | M] () -- C:\Users\Kiwifrost4\AppData\Local\d3d9caps64.dat
[2011/09/19 18:57:29 | 000,206,848 | ---- | M] () -- C:\Users\Kiwifrost4\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/19 00:21:32 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2011/09/19 00:21:32 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2011/09/18 21:44:51 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2011/09/18 21:44:51 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2011/09/18 21:34:51 | 000,707,392 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/09/18 21:34:51 | 000,607,168 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/09/18 21:34:51 | 000,104,808 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/09/18 20:07:11 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2011/09/18 20:07:11 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2011/09/18 18:08:22 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2011/09/18 18:08:22 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2011/09/18 17:53:14 | 000,006,192 | ---- | M] () -- C:\{219ACBFF-33E0-45D7-84B9-FE2B16FB6A5F}
[2011/09/18 17:25:34 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2011/09/18 17:25:34 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2011/09/18 17:17:02 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2011/09/18 17:17:02 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2011/09/18 16:33:31 | 000,000,300 | ---- | M] () -- C:\Users\Kiwifrost4\AppData\Roaming\5F4E.91D
[2011/09/18 15:50:47 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2011/09/18 15:50:47 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2011/09/18 03:30:15 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2011/09/18 03:30:15 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2011/09/18 02:02:59 | 000,000,468 | ---- | M] () -- C:\Windows\tasks\Driver Robot.job
[2011/09/15 03:22:24 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2011/09/15 03:22:24 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2011/09/13 09:09:49 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2011/09/13 09:09:49 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2011/09/12 08:39:37 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2011/09/12 08:39:37 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2011/09/11 11:54:15 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2011/09/11 11:54:15 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2011/09/06 09:09:13 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2011/09/06 09:09:13 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/08/31 08:02:12 | 000,001,694 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/08/31 07:50:05 | 000,001,917 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/08/31 07:47:27 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/08/30 23:17:27 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2011/08/30 23:17:26 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2011/08/25 23:08:16 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2011/08/25 23:08:16 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/22 19:11:16 | 000,006,184 | ---- | C] () -- C:\{CE9DE6B9-E30C-47B0-AD4A-7105D5398AD9}
[2011/09/19 07:43:57 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/09/19 00:41:32 | 000,000,732 | ---- | C] () -- C:\Users\Kiwifrost4\AppData\Local\d3d9caps64.dat
[2011/09/18 17:53:14 | 000,006,192 | ---- | C] () -- C:\{219ACBFF-33E0-45D7-84B9-FE2B16FB6A5F}
[2011/09/18 16:33:31 | 000,000,300 | ---- | C] () -- C:\Users\Kiwifrost4\AppData\Roaming\5F4E.91D
[2011/08/31 08:02:12 | 000,001,694 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/08/31 07:48:40 | 000,001,917 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/08/31 07:48:39 | 000,002,425 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011/08/24 22:51:09 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/08/24 22:47:16 | 027,947,271 | ---- | C] () -- C:\Program Files (x86)\dvdmaker.zip
[2011/08/16 22:50:04 | 000,682,280 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011/05/12 00:21:25 | 000,201,444 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/05/03 21:25:28 | 085,083,722 | ---- | C] () -- C:\Program Files (x86)\VistaWindows7HD-256.zip
[2011/04/01 05:07:02 | 010,877,272 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2011/04/01 05:07:02 | 000,102,744 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011/04/01 05:06:56 | 000,331,608 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2010/12/19 13:44:30 | 000,000,030 | ---- | C] () -- C:\Windows\MotionSDSTUDIO.INI
[2010/11/15 10:02:58 | 020,953,077 | ---- | C] () -- C:\Program Files (x86)\pod-works.exe
[2010/10/26 21:34:47 | 030,355,045 | ---- | C] () -- C:\Program Files (x86)\mov-converter6.exe
[2010/10/14 23:13:15 | 000,001,940 | ---- | C] () -- C:\Users\Kiwifrost4\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/09/22 17:08:20 | 000,293,144 | ---- | C] () -- C:\Program Files\SoftonicDownloader_for_hjsplit.exe
[2010/09/01 20:25:53 | 001,531,593 | ---- | C] () -- C:\Program Files (x86)\winrar-x64-393.exe
[2010/08/24 18:12:11 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2010/08/24 18:11:31 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2010/08/24 18:10:48 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2010/08/20 13:48:35 | 000,000,120 | ---- | C] () -- C:\Users\Kiwifrost4\AppData\Local\Hsogapakukakad.dat
[2010/08/20 13:48:35 | 000,000,000 | ---- | C] () -- C:\Users\Kiwifrost4\AppData\Local\Isacir.bin
[2010/07/21 23:42:49 | 001,853,399 | ---- | C] () -- C:\Program Files\EasyDVDClonec.exe
[2010/02/10 00:17:38 | 000,708,868 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/12/28 11:14:16 | 000,000,053 | ---- | C] () -- C:\Windows\WININIT.INI
[2009/12/28 11:14:13 | 000,000,000 | ---- | C] () -- C:\Windows\setup32.INI
[2009/10/19 17:33:31 | 000,000,831 | ---- | C] () -- C:\Windows\CoDUO.INI
[2009/10/19 17:09:19 | 000,000,766 | ---- | C] () -- C:\Windows\CoD.INI
[2009/10/19 16:40:08 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
[2009/10/19 14:15:32 | 000,111,928 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2009/10/19 14:15:31 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2009/10/19 14:15:30 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2009/10/18 21:21:34 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009/10/18 16:58:04 | 000,010,922 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/10/18 08:23:13 | 000,149,504 | ---- | C] () -- C:\Windows\UNWISE.EXE
[2009/10/17 22:08:29 | 000,206,848 | ---- | C] () -- C:\Users\Kiwifrost4\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/26 19:09:05 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/07/10 13:39:00 | 000,350,720 | ---- | C] () -- C:\Program Files\hjsplit.exe
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007/07/23 11:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2007/07/23 11:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2007/07/23 11:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2007/07/23 11:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2007/07/23 11:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2007/07/23 11:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2007/07/23 11:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2007/07/23 11:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2007/07/23 11:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2006/11/02 10:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 07:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 07:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 04:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

========== Alternate Data Streams ==========

@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >
  • 0

#4
sempai
Posted 24 September 2011 - 11:06 PM

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Hi,

The computer is infected with the nasty ZeroAccess rootkit, let's see what we can do.


P2P Warning:

BitTorrent

Your log(s) show that you are using so called peer-to-peer or file-sharing programmes .

These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."



==================================================



1. Download TDSSKiller.zip from Kaspersky and save it to your Desktop.
  • Extract the zip file to its own folder.
  • Double click TDSSKiller.exe to run the program (Run as Administrator for Vista/Windows 7).
  • Click Start scan to start scanning.
  • If infection is detected, the default setting for "action" is Cure (Please click on it and change it to skip).
  • Click on Report to generate a log.
  • Please post that log when you reply.


2. Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Note: Do not install Avast anti virus when offered.



3. Download Combofix (by Subs) from any of the links below, make sure that you save it to your desktop.

Link 1
Link 2

  • It's important to temporary disable your anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. See HERE
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

*It's strongly recommended to have this pre-installed on your machine before doing any malware removal.
*The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode.
*This allows us to more easily help you should your computer have a problem after an attempted removal of malware.

  • If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. If you did not have it installed, you will see the prompt below. Choose YES.

Posted Image


  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
  • When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Important notes:

  • Leave your computer alone while ComboFix is running.
  • ComboFix will restart your computer if malware is found; allow it to do so.
  • ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
  • Please do not mouseclick combofix's window while its running because it may call it to stall.
  • ComboFix SHOULD NOT be used unless requested by a forum helper. See HERE.


  • 0

#5
kiwifrost4
Posted 25 September 2011 - 09:46 PM

kiwifrost4

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Sempai -
Thanks for the info - here are the two logs for TDSS Killer and aswMBR, will have a crack at the ComboFix tomorrow when I have a little more time.

1) TDSS Killer

19:23:17.0886 6956 TDSS rootkit removing tool 2.6.0.0 Sep 23 2011 07:42:37
19:23:18.0417 6956 ============================================================
19:23:18.0417 6956 Current date / time: 2011/09/25 19:23:18.0417
19:23:18.0417 6956 SystemInfo:
19:23:18.0417 6956
19:23:18.0417 6956 OS Version: 6.0.6002 ServicePack: 2.0
19:23:18.0417 6956 Product type: Workstation
19:23:18.0417 6956 ComputerName: KIWIFROST4-PC
19:23:18.0417 6956 UserName: Kiwifrost4
19:23:18.0417 6956 Windows directory: C:\Windows
19:23:18.0417 6956 System windows directory: C:\Windows
19:23:18.0417 6956 Running under WOW64
19:23:18.0417 6956 Processor architecture: Intel x64
19:23:18.0417 6956 Number of processors: 2
19:23:18.0417 6956 Page size: 0x1000
19:23:18.0417 6956 Boot type: Normal boot
19:23:18.0417 6956 ============================================================
19:23:18.0792 6956 Initialize success
19:23:22.0933 7608 ============================================================
19:23:22.0933 7608 Scan started
19:23:22.0933 7608 Mode: Manual;
19:23:22.0933 7608 ============================================================
19:23:23.0402 7608 a2acc (0b8ed3de81ec30ad50873f033b34b39e) C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys
19:23:23.0402 7608 a2acc - ok
19:23:23.0511 7608 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
19:23:23.0511 7608 ACPI - ok
19:23:23.0573 7608 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
19:23:23.0573 7608 adp94xx - ok
19:23:23.0620 7608 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
19:23:23.0636 7608 adpahci - ok
19:23:23.0683 7608 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
19:23:23.0683 7608 adpu160m - ok
19:23:23.0714 7608 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
19:23:23.0714 7608 adpu320 - ok
19:23:23.0777 7608 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys
19:23:23.0777 7608 AFD - ok
19:23:23.0823 7608 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
19:23:23.0823 7608 agp440 - ok
19:23:23.0902 7608 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
19:23:23.0902 7608 aic78xx - ok
19:23:23.0948 7608 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
19:23:23.0948 7608 aliide - ok
19:23:23.0964 7608 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
19:23:23.0964 7608 amdide - ok
19:23:23.0995 7608 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
19:23:23.0995 7608 AmdK8 - ok
19:23:24.0058 7608 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
19:23:24.0058 7608 arc - ok
19:23:24.0105 7608 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
19:23:24.0105 7608 arcsas - ok
19:23:24.0152 7608 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
19:23:24.0152 7608 AsyncMac - ok
19:23:24.0183 7608 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
19:23:24.0183 7608 atapi - ok
19:23:24.0261 7608 AtiHdmiService (6309d37a01e04eb01a6c15ac87ec8294) C:\Windows\system32\drivers\AtiHdmi.sys
19:23:24.0261 7608 AtiHdmiService - ok
19:23:24.0417 7608 atikmdag (c5758bf1dfd762a5b17041ff061b7750) C:\Windows\system32\DRIVERS\atikmdag.sys
19:23:24.0480 7608 atikmdag - ok
19:23:24.0667 7608 BHDrvx64 (440eee1cf57ed22e8838df6e60c8c45d) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20110909.001\BHDrvx64.sys
19:23:24.0667 7608 BHDrvx64 - ok
19:23:24.0761 7608 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
19:23:24.0777 7608 blbdrive - ok
19:23:24.0839 7608 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
19:23:24.0839 7608 bowser - ok
19:23:24.0870 7608 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
19:23:24.0870 7608 BrFiltLo - ok
19:23:24.0886 7608 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
19:23:24.0886 7608 BrFiltUp - ok
19:23:24.0902 7608 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
19:23:24.0902 7608 Brserid - ok
19:23:24.0995 7608 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
19:23:24.0995 7608 BrSerWdm - ok
19:23:25.0027 7608 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
19:23:25.0027 7608 BrUsbMdm - ok
19:23:25.0058 7608 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
19:23:25.0058 7608 BrUsbSer - ok
19:23:25.0105 7608 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
19:23:25.0105 7608 BTHMODEM - ok
19:23:25.0152 7608 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
19:23:25.0152 7608 cdfs - ok
19:23:25.0214 7608 cdrbsdrv - ok
19:23:25.0245 7608 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
19:23:25.0261 7608 cdrom - ok
19:23:25.0292 7608 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
19:23:25.0292 7608 circlass - ok
19:23:25.0339 7608 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
19:23:25.0339 7608 CLFS - ok
19:23:25.0417 7608 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
19:23:25.0417 7608 cmdide - ok
19:23:25.0433 7608 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
19:23:25.0433 7608 Compbatt - ok
19:23:25.0480 7608 CompFilter64 (553aa50f4d8f80320b59c6566d385a2f) C:\Windows\system32\DRIVERS\lvbflt64.sys
19:23:25.0480 7608 CompFilter64 - ok
19:23:25.0495 7608 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
19:23:25.0495 7608 crcdisk - ok
19:23:25.0542 7608 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
19:23:25.0542 7608 DfsC - ok
19:23:25.0652 7608 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
19:23:25.0652 7608 disk - ok
19:23:25.0683 7608 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
19:23:25.0683 7608 drmkaud - ok
19:23:25.0855 7608 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
19:23:25.0870 7608 DXGKrnl - ok
19:23:26.0058 7608 e1express (17d40652ef3e55eeae187a89df40965a) C:\Windows\system32\DRIVERS\e1e6032e.sys
19:23:26.0058 7608 e1express - ok
19:23:26.0136 7608 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
19:23:26.0136 7608 E1G60 - ok
19:23:26.0183 7608 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
19:23:26.0183 7608 Ecache - ok
19:23:26.0308 7608 eeCtrl (5e3a50930447f464c66032e05a4632f5) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
19:23:26.0323 7608 eeCtrl - ok
19:23:26.0434 7608 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
19:23:26.0465 7608 elxstor - ok
19:23:26.0496 7608 ENTECH64 (12c061d9f9621be916d58191872ec281) C:\Windows\system32\DRIVERS\ENTECH64.sys
19:23:26.0512 7608 ENTECH64 - ok
19:23:26.0590 7608 EraserUtilRebootDrv (dcb76ecc6b50a266fdc16e1963ab98ce) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
19:23:26.0590 7608 EraserUtilRebootDrv - ok
19:23:26.0637 7608 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
19:23:26.0637 7608 ErrDev - ok
19:23:26.0699 7608 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
19:23:26.0699 7608 exfat - ok
19:23:26.0731 7608 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
19:23:26.0731 7608 fastfat - ok
19:23:26.0778 7608 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
19:23:26.0778 7608 fdc - ok
19:23:26.0840 7608 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
19:23:26.0840 7608 FileInfo - ok
19:23:26.0856 7608 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
19:23:26.0856 7608 Filetrace - ok
19:23:26.0887 7608 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
19:23:26.0887 7608 flpydisk - ok
19:23:26.0918 7608 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
19:23:26.0918 7608 FltMgr - ok
19:23:26.0949 7608 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
19:23:26.0949 7608 Fs_Rec - ok
19:23:27.0012 7608 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
19:23:27.0012 7608 gagp30kx - ok
19:23:27.0059 7608 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:23:27.0059 7608 GEARAspiWDM - ok
19:23:27.0059 7608 GMSIPCI - ok
19:23:27.0153 7608 HdAudAddService (68e732382b32417ff61fd663259b4b09) C:\Windows\system32\drivers\HdAudio.sys
19:23:27.0153 7608 HdAudAddService - ok
19:23:27.0215 7608 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:23:27.0215 7608 HDAudBus - ok
19:23:27.0278 7608 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
19:23:27.0293 7608 HidBth - ok
19:23:27.0309 7608 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
19:23:27.0309 7608 HidIr - ok
19:23:27.0356 7608 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
19:23:27.0356 7608 HidUsb - ok
19:23:27.0387 7608 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
19:23:27.0387 7608 HpCISSs - ok
19:23:27.0434 7608 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
19:23:27.0449 7608 HTTP - ok
19:23:27.0512 7608 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
19:23:27.0528 7608 i2omp - ok
19:23:27.0574 7608 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
19:23:27.0574 7608 i8042prt - ok
19:23:27.0590 7608 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
19:23:27.0590 7608 iaStorV - ok
19:23:27.0746 7608 IDSVia64 (0b97f1a640ad3d159a7b5d2164c42e50) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20110923.030\IDSvia64.sys
19:23:27.0746 7608 IDSVia64 - ok
19:23:27.0840 7608 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
19:23:27.0840 7608 iirsp - ok
19:23:27.0871 7608 IntcAzAudAddService - ok
19:23:27.0887 7608 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
19:23:27.0887 7608 intelide - ok
19:23:27.0903 7608 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
19:23:27.0903 7608 intelppm - ok
19:23:27.0949 7608 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:23:27.0949 7608 IpFilterDriver - ok
19:23:27.0996 7608 IpInIp - ok
19:23:28.0043 7608 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
19:23:28.0043 7608 IPMIDRV - ok
19:23:28.0074 7608 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
19:23:28.0074 7608 IPNAT - ok
19:23:28.0106 7608 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
19:23:28.0106 7608 IRENUM - ok
19:23:28.0137 7608 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
19:23:28.0137 7608 isapnp - ok
19:23:28.0184 7608 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
19:23:28.0184 7608 iScsiPrt - ok
19:23:28.0262 7608 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
19:23:28.0262 7608 iteatapi - ok
19:23:28.0293 7608 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
19:23:28.0293 7608 iteraid - ok
19:23:28.0324 7608 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
19:23:28.0324 7608 kbdclass - ok
19:23:28.0340 7608 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
19:23:28.0340 7608 kbdhid - ok
19:23:28.0387 7608 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
19:23:28.0387 7608 KSecDD - ok
19:23:28.0403 7608 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
19:23:28.0403 7608 ksthunk - ok
19:23:28.0481 7608 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
19:23:28.0481 7608 lltdio - ok
19:23:28.0496 7608 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
19:23:28.0496 7608 LSI_FC - ok
19:23:28.0512 7608 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
19:23:28.0512 7608 LSI_SAS - ok
19:23:28.0543 7608 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
19:23:28.0543 7608 LSI_SCSI - ok
19:23:28.0543 7608 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
19:23:28.0559 7608 luafv - ok
19:23:28.0606 7608 LVPr2M64 (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys
19:23:28.0606 7608 LVPr2M64 - ok
19:23:28.0621 7608 LVPr2Mon (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys
19:23:28.0621 7608 LVPr2Mon - ok
19:23:28.0668 7608 LVRS64 (803085f59ec92b3827cc4d90fcbfd335) C:\Windows\system32\DRIVERS\lvrs64.sys
19:23:28.0668 7608 LVRS64 - ok
19:23:28.0793 7608 LVUVC64 (edf73bfa1bd24d74d1d64dc0ed28a7cd) C:\Windows\system32\DRIVERS\lvuvc64.sys
19:23:28.0840 7608 LVUVC64 - ok
19:23:28.0887 7608 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
19:23:28.0887 7608 megasas - ok
19:23:28.0981 7608 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
19:23:28.0981 7608 MegaSR - ok
19:23:29.0043 7608 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
19:23:29.0043 7608 Modem - ok
19:23:29.0090 7608 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
19:23:29.0090 7608 monitor - ok
19:23:29.0106 7608 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
19:23:29.0106 7608 mouclass - ok
19:23:29.0121 7608 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
19:23:29.0121 7608 mouhid - ok
19:23:29.0153 7608 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
19:23:29.0153 7608 MountMgr - ok
19:23:29.0199 7608 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
19:23:29.0199 7608 mpio - ok
19:23:29.0215 7608 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
19:23:29.0215 7608 mpsdrv - ok
19:23:29.0246 7608 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
19:23:29.0246 7608 Mraid35x - ok
19:23:29.0278 7608 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
19:23:29.0278 7608 MRxDAV - ok
19:23:29.0309 7608 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:23:29.0309 7608 mrxsmb - ok
19:23:29.0340 7608 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:23:29.0340 7608 mrxsmb10 - ok
19:23:29.0356 7608 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:23:29.0371 7608 mrxsmb20 - ok
19:23:29.0418 7608 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
19:23:29.0418 7608 msahci - ok
19:23:29.0449 7608 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
19:23:29.0449 7608 msdsm - ok
19:23:29.0465 7608 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
19:23:29.0465 7608 Msfs - ok
19:23:29.0496 7608 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
19:23:29.0496 7608 msisadrv - ok
19:23:29.0528 7608 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
19:23:29.0528 7608 MSKSSRV - ok
19:23:29.0559 7608 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
19:23:29.0559 7608 MSPCLOCK - ok
19:23:29.0590 7608 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
19:23:29.0590 7608 MSPQM - ok
19:23:29.0621 7608 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
19:23:29.0621 7608 MsRPC - ok
19:23:29.0653 7608 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
19:23:29.0653 7608 mssmbios - ok
19:23:29.0668 7608 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
19:23:29.0668 7608 MSTEE - ok
19:23:29.0684 7608 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
19:23:29.0684 7608 Mup - ok
19:23:29.0746 7608 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
19:23:29.0746 7608 NativeWifiP - ok
19:23:29.0887 7608 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20110925.005\ENG64.SYS
19:23:29.0887 7608 NAVENG - ok
19:23:29.0934 7608 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20110925.005\EX64.SYS
19:23:29.0949 7608 NAVEX15 - ok
19:23:30.0043 7608 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
19:23:30.0059 7608 NDIS - ok
19:23:30.0074 7608 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
19:23:30.0074 7608 NdisTapi - ok
19:23:30.0106 7608 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
19:23:30.0106 7608 Ndisuio - ok
19:23:30.0153 7608 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
19:23:30.0153 7608 NdisWan - ok
19:23:30.0184 7608 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
19:23:30.0199 7608 NDProxy - ok
19:23:30.0231 7608 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
19:23:30.0231 7608 NetBIOS - ok
19:23:30.0278 7608 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
19:23:30.0278 7608 netbt - ok
19:23:30.0309 7608 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
19:23:30.0309 7608 nfrd960 - ok
19:23:30.0324 7608 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
19:23:30.0324 7608 Npfs - ok
19:23:30.0356 7608 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
19:23:30.0356 7608 nsiproxy - ok
19:23:30.0371 7608 NTACCESS - ok
19:23:30.0418 7608 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
19:23:30.0434 7608 Ntfs - ok
19:23:30.0481 7608 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
19:23:30.0481 7608 Null - ok
19:23:30.0543 7608 NVENETFD (98350606682594521d56eccb5d01ecf7) C:\Windows\system32\DRIVERS\nvmfdx64.sys
19:23:30.0559 7608 NVENETFD - ok
19:23:30.0590 7608 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
19:23:30.0590 7608 nvraid - ok
19:23:30.0621 7608 nvsmu (76b304c8156779d4d39530118acf1d1a) C:\Windows\system32\DRIVERS\nvsmu.sys
19:23:30.0621 7608 nvsmu - ok
19:23:30.0668 7608 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
19:23:30.0668 7608 nvstor - ok
19:23:30.0715 7608 nvstor64 (e87e17e9fd94ee9f0dbde4b6ad882f26) C:\Windows\system32\DRIVERS\nvstor64.sys
19:23:30.0715 7608 nvstor64 - ok
19:23:30.0746 7608 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
19:23:30.0746 7608 nv_agp - ok
19:23:30.0762 7608 NwlnkFlt - ok
19:23:30.0762 7608 NwlnkFwd - ok
19:23:30.0793 7608 ohci1394 (7b58953e2f263421fdbb09a192712a85) C:\Windows\system32\drivers\ohci1394.sys
19:23:30.0793 7608 ohci1394 - ok
19:23:30.0856 7608 Parport (4c6a7fd04ddf4db88791048382e3edb1) C:\Windows\system32\DRIVERS\parport.sys
19:23:30.0856 7608 Parport - ok
19:23:30.0903 7608 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
19:23:30.0903 7608 partmgr - ok
19:23:30.0949 7608 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
19:23:30.0965 7608 pci - ok
19:23:31.0043 7608 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
19:23:31.0043 7608 pciide - ok
19:23:31.0074 7608 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
19:23:31.0074 7608 pcmcia - ok
19:23:31.0137 7608 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
19:23:31.0153 7608 PEAUTH - ok
19:23:31.0246 7608 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
19:23:31.0246 7608 PptpMiniport - ok
19:23:31.0278 7608 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\DRIVERS\processr.sys
19:23:31.0278 7608 Processor - ok
19:23:31.0371 7608 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
19:23:31.0371 7608 PSched - ok
19:23:31.0434 7608 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
19:23:31.0449 7608 ql2300 - ok
19:23:31.0481 7608 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
19:23:31.0481 7608 ql40xx - ok
19:23:31.0543 7608 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
19:23:31.0543 7608 QWAVEdrv - ok
19:23:31.0590 7608 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
19:23:31.0590 7608 RasAcd - ok
19:23:31.0653 7608 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:23:31.0653 7608 Rasl2tp - ok
19:23:31.0668 7608 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
19:23:31.0668 7608 RasPppoe - ok
19:23:31.0699 7608 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
19:23:31.0699 7608 RasSstp - ok
19:23:31.0731 7608 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
19:23:31.0731 7608 rdbss - ok
19:23:31.0762 7608 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:23:31.0762 7608 RDPCDD - ok
19:23:31.0809 7608 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
19:23:31.0824 7608 rdpdr - ok
19:23:31.0824 7608 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
19:23:31.0824 7608 RDPENCDD - ok
19:23:31.0856 7608 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
19:23:31.0856 7608 RDPWD - ok
19:23:31.0903 7608 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
19:23:31.0903 7608 rspndr - ok
19:23:31.0934 7608 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
19:23:31.0949 7608 sbp2port - ok
19:23:31.0981 7608 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:23:31.0981 7608 secdrv - ok
19:23:32.0012 7608 Serenum (2449316316411d65bd2c761a6ffb2ce2) C:\Windows\system32\DRIVERS\serenum.sys
19:23:32.0012 7608 Serenum - ok
19:23:32.0043 7608 Serial (4b438170be2fc8e0bd35ee87a960f84f) C:\Windows\system32\DRIVERS\serial.sys
19:23:32.0043 7608 Serial - ok
19:23:32.0090 7608 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
19:23:32.0090 7608 sermouse - ok
19:23:32.0106 7608 SetupNTGLM7X - ok
19:23:32.0137 7608 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
19:23:32.0137 7608 sffdisk - ok
19:23:32.0153 7608 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
19:23:32.0168 7608 sffp_mmc - ok
19:23:32.0184 7608 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
19:23:32.0184 7608 sffp_sd - ok
19:23:32.0215 7608 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
19:23:32.0215 7608 sfloppy - ok
19:23:32.0246 7608 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
19:23:32.0246 7608 SiSRaid2 - ok
19:23:32.0278 7608 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
19:23:32.0278 7608 SiSRaid4 - ok
19:23:32.0309 7608 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
19:23:32.0309 7608 Smb - ok
19:23:32.0371 7608 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
19:23:32.0371 7608 spldr - ok
19:23:32.0418 7608 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\Windows\System32\Drivers\NAVx64\1206000.01D\SRTSP64.SYS
19:23:32.0434 7608 SRTSP - ok
19:23:32.0465 7608 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\Windows\system32\drivers\NAVx64\1206000.01D\SRTSPX64.SYS
19:23:32.0465 7608 SRTSPX - ok
19:23:32.0496 7608 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
19:23:32.0496 7608 srv - ok
19:23:32.0559 7608 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
19:23:32.0559 7608 srv2 - ok
19:23:32.0590 7608 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
19:23:32.0590 7608 srvnet - ok
19:23:32.0653 7608 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
19:23:32.0653 7608 swenum - ok
19:23:32.0684 7608 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
19:23:32.0684 7608 Symc8xx - ok
19:23:32.0746 7608 SymDS (6160145c7a87fc7672e8e3b886888176) C:\Windows\system32\drivers\NAVx64\1206000.01D\SYMDS64.SYS
19:23:32.0746 7608 SymDS - ok
19:23:32.0840 7608 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\Windows\system32\drivers\NAVx64\1206000.01D\SYMEFA64.SYS
19:23:32.0856 7608 SymEFA - ok
19:23:32.0887 7608 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
19:23:32.0887 7608 SymEvent - ok
19:23:32.0949 7608 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\NAVx64\1206000.01D\Ironx64.SYS
19:23:32.0949 7608 SymIRON - ok
19:23:33.0012 7608 SYMTDIv (6cb70a5d30e4322bab4ad52866b0a4b8) C:\Windows\System32\Drivers\NAVx64\1206000.01D\SYMTDIV.SYS
19:23:33.0028 7608 SYMTDIv - ok
19:23:33.0059 7608 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
19:23:33.0059 7608 Sym_hi - ok
19:23:33.0106 7608 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
19:23:33.0106 7608 Sym_u3 - ok
19:23:33.0153 7608 Tcpip (4dad14118fbcf7c609f2a4ce21fbcc5f) C:\Windows\system32\drivers\tcpip.sys
19:23:33.0168 7608 Tcpip - ok
19:23:33.0231 7608 Tcpip6 (4dad14118fbcf7c609f2a4ce21fbcc5f) C:\Windows\system32\DRIVERS\tcpip.sys
19:23:33.0231 7608 Tcpip6 - ok
19:23:33.0246 7608 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
19:23:33.0262 7608 tcpipreg - ok
19:23:33.0293 7608 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
19:23:33.0293 7608 TDPIPE - ok
19:23:33.0309 7608 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
19:23:33.0309 7608 TDTCP - ok
19:23:33.0340 7608 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
19:23:33.0340 7608 tdx - ok
19:23:33.0371 7608 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
19:23:33.0371 7608 TermDD - ok
19:23:33.0434 7608 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:23:33.0434 7608 tssecsrv - ok
19:23:33.0465 7608 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
19:23:33.0465 7608 tunmp - ok
19:23:33.0481 7608 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
19:23:33.0496 7608 tunnel - ok
19:23:33.0512 7608 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
19:23:33.0512 7608 uagp35 - ok
19:23:33.0543 7608 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
19:23:33.0543 7608 udfs - ok
19:23:33.0590 7608 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
19:23:33.0590 7608 uliagpkx - ok
19:23:33.0621 7608 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
19:23:33.0621 7608 uliahci - ok
19:23:33.0653 7608 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
19:23:33.0653 7608 UlSata - ok
19:23:33.0746 7608 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
19:23:33.0746 7608 ulsata2 - ok
19:23:33.0762 7608 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
19:23:33.0762 7608 umbus - ok
19:23:33.0809 7608 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
19:23:33.0809 7608 USBAAPL64 - ok
19:23:33.0871 7608 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys
19:23:33.0871 7608 usbaudio - ok
19:23:33.0887 7608 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
19:23:33.0903 7608 usbccgp - ok
19:23:33.0934 7608 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
19:23:33.0934 7608 usbcir - ok
19:23:33.0965 7608 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
19:23:33.0965 7608 usbehci - ok
19:23:33.0996 7608 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
19:23:33.0996 7608 usbhub - ok
19:23:34.0043 7608 usbohci (e406b003a354776d317762694956b0fc) C:\Windows\system32\DRIVERS\usbohci.sys
19:23:34.0043 7608 usbohci - ok
19:23:34.0090 7608 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
19:23:34.0090 7608 usbprint - ok
19:23:34.0137 7608 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
19:23:34.0137 7608 usbscan - ok
19:23:34.0153 7608 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:23:34.0153 7608 USBSTOR - ok
19:23:34.0184 7608 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
19:23:34.0184 7608 usbuhci - ok
19:23:34.0215 7608 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
19:23:34.0215 7608 usbvideo - ok
19:23:34.0278 7608 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
19:23:34.0278 7608 vga - ok
19:23:34.0293 7608 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
19:23:34.0293 7608 VgaSave - ok
19:23:34.0309 7608 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
19:23:34.0309 7608 viaide - ok
19:23:34.0340 7608 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
19:23:34.0340 7608 volmgr - ok
19:23:34.0371 7608 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
19:23:34.0371 7608 volmgrx - ok
19:23:34.0403 7608 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
19:23:34.0403 7608 volsnap - ok
19:23:34.0465 7608 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
19:23:34.0465 7608 vsmraid - ok
19:23:34.0496 7608 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
19:23:34.0496 7608 WacomPen - ok
19:23:34.0528 7608 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
19:23:34.0528 7608 Wanarp - ok
19:23:34.0543 7608 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
19:23:34.0543 7608 Wanarpv6 - ok
19:23:34.0559 7608 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
19:23:34.0559 7608 Wd - ok
19:23:34.0574 7608 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
19:23:34.0590 7608 Wdf01000 - ok
19:23:34.0684 7608 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
19:23:34.0684 7608 WmiAcpi - ok
19:23:34.0731 7608 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
19:23:34.0731 7608 WpdUsb - ok
19:23:34.0746 7608 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
19:23:34.0746 7608 ws2ifsl - ok
19:23:34.0778 7608 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:23:34.0778 7608 WUDFRd - ok
19:23:34.0809 7608 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
19:23:34.0809 7608 \Device\Harddisk0\DR0 - ok
19:23:34.0824 7608 Boot (0x1200) (2bf8d7a6851ab470e54de9a53fd8f35c) \Device\Harddisk0\DR0\Partition0
19:23:34.0824 7608 \Device\Harddisk0\DR0\Partition0 - ok
19:23:34.0824 7608 ============================================================
19:23:34.0824 7608 Scan finished
19:23:34.0824 7608 ============================================================
19:23:34.0824 11020 Detected object count: 0
19:23:34.0824 11020 Actual detected object count: 0

2) aswMBR

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-09-25 19:26:44
-----------------------------
19:26:44.933 OS Version: Windows x64 6.0.6002 Service Pack 2
19:26:44.933 Number of processors: 2 586 0x602
19:26:44.933 ComputerName: KIWIFROST4-PC UserName: Kiwifrost4
19:26:46.870 Initialize success
19:27:06.910 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000057
19:27:06.910 Disk 0 Vendor: Hitachi_ GM4O Size: 476940MB BusType: 6
19:27:08.926 Disk 0 MBR read successfully
19:27:08.926 Disk 0 MBR scan
19:27:08.926 Disk 0 Windows VISTA default MBR code
19:27:08.926 Service scanning
19:27:09.957 Modules scanning
19:27:09.957 Disk 0 trace - called modules:
19:27:09.957 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys storport.sys hal.dll nvstor64.sys
19:27:09.973 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004d9b790]
19:27:09.973 3 CLASSPNP.SYS[fffffa6000fd1c33] -> nt!IofCallDriver -> [0xfffffa80040febf0]
19:27:09.973 5 acpi.sys[fffffa60008f7fde] -> nt!IofCallDriver -> \Device\00000057[0xfffffa8004103440]
19:27:09.973 Scan finished successfully
21:06:10.610 Disk 0 MBR has been saved successfully to "C:\Users\Kiwifrost4\Desktop\MBR.dat"
21:06:10.610 The log file has been saved successfully to "C:\Users\Kiwifrost4\Desktop\aswMBR.txt"
  • 0

#6
sempai
Posted 26 September 2011 - 05:25 AM

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Let's wait for the combofix result. :)
  • 0

#7
kiwifrost4
Posted 27 September 2011 - 10:50 PM

kiwifrost4

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
...and the results are in. Next step? (turning anti-virus protections back on in interim):

ComboFix 11-09-27.04 - Kiwifrost4 09/27/2011 21:06:43.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4094.1949 [GMT -5:00]
Running from: c:\users\Kiwifrost4\Desktop\ComboFix.exe
AV: Emsisoft Anti-Malware *Disabled/Updated* {0ADC9F7D-20C1-240F-01E2-43466EBA893A}
AV: Norton AntiVirus *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Emsisoft Anti-Malware *Disabled/Updated* {B1BD7E99-06FB-2B81-3B52-7834153DC387}
SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\data
c:\data\a8m85heiju_o\us_sres.data
c:\program files (x86)\cdbxp_setup_4.3.8.2568.exe
c:\program files (x86)\Setup.exe
c:\program files (x86)\X16-32250.exe
c:\users\Kiwifrost4\AppData\Roaming\5F4E.91D
c:\users\Public\242.JPG
c:\windows\security\Database\tmp.edb
c:\windows\system32\consrv.dll
c:\windows\System64
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_usnjsvc
.
.
((((((((((((((((((((((((( Files Created from 2011-08-28 to 2011-09-28 )))))))))))))))))))))))))))))))
.
.
2011-09-28 03:36 . 2011-09-28 03:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-20 02:18 . 2011-09-20 02:18 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-09-20 02:18 . 2011-05-04 09:52 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-09-20 00:28 . 2011-09-20 00:28 -------- d-----w- c:\program files (x86)\Emsisoft Anti-Malware
2011-09-20 00:16 . 2011-09-20 00:16 -------- d-----w- c:\program files\CCleaner
2011-09-19 23:36 . 2011-09-19 23:36 -------- d-----w- c:\users\Kiwifrost4\AppData\Local\VirtualStore
2011-09-15 02:57 . 2011-08-10 12:14 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2011-09-15 02:57 . 2011-08-10 12:14 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-08-31 13:01 . 2011-08-31 13:01 -------- d-----w- c:\program files\iPod
2011-08-31 13:01 . 2011-08-31 13:02 -------- d-----w- c:\program files\iTunes
2011-08-31 12:56 . 2011-08-31 12:56 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2011-08-31 12:56 . 2011-08-31 12:56 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2011-08-31 12:56 . 2011-08-31 12:56 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2011-08-31 12:56 . 2011-08-31 12:56 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2011-08-31 12:56 . 2011-08-31 12:56 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2011-08-31 12:56 . 2011-08-31 12:56 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2011-08-31 12:56 . 2011-08-31 12:56 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2011-08-31 12:56 . 2011-08-31 12:56 -------- d-----w- c:\program files (x86)\QuickTime
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-24 02:46 . 2009-10-19 19:15 111928 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-08-31 22:00 . 2010-08-23 15:47 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-31 12:47 . 2011-07-12 21:43 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-17 03:50 . 2011-08-17 03:50 682280 ----a-w- c:\windows\SysWow64\pbsvc.exe
2011-08-17 03:50 . 2009-10-19 19:15 66872 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-07-31 20:07 . 2011-07-31 20:01 65981368 ----a-w- c:\program files (x86)\AVSVideoConverter.exe
2011-07-22 05:42 . 2011-08-10 08:07 2303488 ----a-w- c:\windows\system32\jscript9.dll
2011-07-22 05:36 . 2011-08-10 08:07 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-07-22 05:32 . 2011-08-10 08:07 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-22 02:54 . 2011-08-10 08:07 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-07-22 02:48 . 2011-08-10 08:07 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-07-22 02:44 . 2011-08-10 08:07 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-07-14 14:01 . 2011-07-14 14:01 53248 ----a-r- c:\users\Kiwifrost4\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-07-14 03:23 . 2011-07-14 03:23 1030024 ----a-w- c:\program files (x86)\SkypeSetup.exe
2011-07-13 13:27 . 2009-07-31 12:47 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2011-07-13 13:27 . 2009-07-31 12:47 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2011-07-12 16:34 . 2011-07-12 16:34 96104 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 16:34 . 2011-07-12 16:34 85864 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 16:34 . 2011-07-12 16:34 212840 ----a-w- c:\windows\system32\dnssdX.dll
2011-07-12 16:20 . 2011-07-12 16:20 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-07-12 16:20 . 2011-07-12 16:20 73064 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-07-12 16:20 . 2011-07-12 16:20 178536 ----a-w- c:\windows\SysWow64\dnssdX.dll
2011-07-11 13:45 . 2011-08-23 19:21 2048 ----a-w- c:\windows\system32\tzres.dll
2011-07-11 13:25 . 2011-08-23 19:21 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-07-06 15:49 . 2011-08-10 01:23 275456 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-07-05 23:37 . 2011-07-05 23:37 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-07-05 23:37 . 2011-07-05 23:37 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2011-05-04 01:34 . 2011-05-04 01:31 87359831 ----a-w- c:\program files (x86)\Vista_Win7_R259.exe
2011-04-19 02:53 . 2011-04-19 02:40 20817978 ----a-w- c:\program files (x86)\VistaCodecs_v593.exe
2011-04-15 04:13 . 2011-04-15 04:13 13193238 ----a-w- c:\program files (x86)\x64Components_v285.exe
2010-11-15 15:03 . 2010-11-15 15:02 20953077 ----a-w- c:\program files (x86)\pod-works.exe
2010-10-27 02:34 . 2010-10-27 02:34 30355045 ----a-w- c:\program files (x86)\mov-converter6.exe
2010-09-26 04:34 . 2010-09-26 04:34 2985328 ----a-w- c:\program files (x86)\BitTorrent-7.1.exe
2010-09-22 22:08 . 2010-09-22 22:08 293144 ----a-w- c:\program files\SoftonicDownloader_for_hjsplit.exe
2010-09-17 00:56 . 2010-09-17 00:56 10255560 ----a-w- c:\program files (x86)\mkv-converter-win_full676.exe
2010-09-02 01:25 . 2010-09-02 01:25 1531593 ----a-w- c:\program files (x86)\winrar-x64-393.exe
2010-08-30 02:03 . 2010-08-30 02:03 5881679 ----a-w- c:\program files (x86)\mkvtoolnix-unicode-4.2.0-setup.exe
2010-08-30 00:24 . 2010-08-30 00:24 16847824 ----a-w- c:\program files (x86)\avc-free.exe
2010-08-30 00:18 . 2010-08-30 00:18 866532 ----a-w- c:\program files (x86)\mkv-to-wmv.exe
2010-07-22 05:14 . 2010-07-22 05:14 907735 ----a-w- c:\program files\DVD43_Plugin_Setup_1.0.0.5.exe
2010-07-22 05:11 . 2010-07-22 05:11 568900 ----a-w- c:\program files\DVD43_4-6-0_Setup.exe
2010-07-22 04:51 . 2010-07-22 04:51 54822952 ----a-w- c:\program files\AVSVideoConverter.exe
2010-07-22 04:42 . 2010-07-22 04:42 1853399 ----a-w- c:\program files\EasyDVDClonec.exe
2010-07-22 04:33 . 2010-07-22 04:33 9423386 ----a-w- c:\program files\winx-dvd-ripper-pt.exe
2010-07-22 04:28 . 2010-07-22 04:28 6971290 ----a-w- c:\program files\winx-free-dvd-ripper.exe
2010-06-10 06:11 . 2010-06-10 06:11 895256 ----a-w- c:\program files (x86)\DivXInstaller.exe
2010-05-04 21:06 . 2010-05-04 21:06 3382520 ----a-w- c:\program files (x86)\ccsetup231.exe
2009-07-10 18:39 . 2009-07-10 18:39 350720 ----a-w- c:\program files\hjsplit.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn2\YTNavAssist.dll" [2011-03-16 214840]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"BitTorrent"="c:\program files (x86)\BitTorrent\BitTorrent.exe" [2010-09-26 2985328]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-03 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"TkBellExe"="c:\program files (x86)\real\realplayer\update\realsched.exe" [2011-07-13 273544]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-03-02 190808]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-08-19 421736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-26 135664]
R3 ENTECH64;ENTECH64;c:\windows\system32\DRIVERS\ENTECH64.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-26 135664]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAVx64\1206000.01D\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAVx64\1206000.01D\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20110920.001\BHDrvx64.sys [2011-09-09 1152632]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20110927.030\IDSvia64.sys [2011-08-23 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAVx64\1206000.01D\Ironx64.SYS [x]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NAVx64\1206000.01D\SYMTDIV.SYS [x]
S2 a2AntiMalware;Emsisoft Anti-Malware 5.1 - Service;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe [2011-06-30 3029208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 NAV;Norton AntiVirus;c:\program files (x86)\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe [2011-04-17 130008]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-04-01 428640]
S3 a2acc;a2acc;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [2011-02-21 85800]
S3 CompFilter64;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbflt64.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-07-27 136824]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech HD Webcam C510(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-28 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files (x86)\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 18:20]
.
2011-09-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-26 03:50]
.
2011-09-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-26 03:50]
.
2011-09-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1882694805-4187760394-1783181854-1000Core.job
- c:\users\Kiwifrost4\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-21 03:55]
.
2011-09-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1882694805-4187760394-1783181854-1000UA.job
- c:\users\Kiwifrost4\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-21 03:55]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-03-24 2184520]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
"combofix"="c:\combofix\CF16416.3XE" [2008-01-21 363008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie9
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-YInstHelper - c:\windows\system32\regsvr32
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NAV]
"ImagePath"="\"c:\program files (x86)\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files (x86)\Norton AntiVirus\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\bgsvcgen.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\SysWOW64\DllHost.exe
c:\program files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
c:\program files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files (x86)\Common Files\Steam\SteamService.exe
c:\program files (x86)\Logitech\LWS\LU\LULnchr.exe
c:\program files (x86)\Logitech\LWS\LU\LogitechUpdate.exe
.
**************************************************************************
.
Completion time: 2011-09-27 23:38:56 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-28 04:38
.
Pre-Run: 234,853,990,400 bytes free
Post-Run: 234,497,884,160 bytes free
.
- - End Of File - - D37ACA64A6A68B155AC5447250B2F387
  • 0

#8
sempai
Posted 28 September 2011 - 05:47 AM

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here to run the scan.

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, but make sure you copy the logfile first.
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
  • 0

#9
kiwifrost4
Posted 29 September 2011 - 10:46 PM

kiwifrost4

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
ESET scan log:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=e2f274e5a0c8214dbbdd65f74816898e
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-09-30 04:12:00
# local_time=2011-09-29 11:12:00 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=3587 16777214 85 73 0 135417669 0 0
# compatibility_mode=5892 16776574 100 56 47117272 153948589 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=224185
# found=6
# cleaned=0
# scan_time=6036
C:\Program Files\SoftonicDownloader_for_hjsplit.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\avc-free.exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Program Files (x86)\cdbxp_setup_4.3.8.2568.exe.vir Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Kiwifrost4\avc-free.exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Kiwifrost4\Ogg2Mp3OC.exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Kiwifrost4\AppData\Local\Google\Chrome\User Data\Default\Default\pnnhoobgkolobfipmjaiankbhfchgbfj\contentscript.js Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I
  • 0

#10
sempai
Posted 30 September 2011 - 09:04 AM

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
How's the computer running?


1. Please reopen OTL on your desktop.
  • Copy and Paste the following code into the Custom Scan/Fixes text box. 

    :OTL
C:\Program Files\SoftonicDownloader_for_hjsplit.exe
C:\Program Files (x86)\avc-free.exe
C:\Users\Kiwifrost4\avc-free.exe
C:\Users\Kiwifrost4\Ogg2Mp3OC.exe
C:\Users\Kiwifrost4\AppData\Local\Google\Chrome\User Data\Default\Default\pnnhoobgkolobfipmjaiankbhfchgbfj\contentscript.js
  • Push the Run Fix button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • A massage box "Fix complete! Click OK to open the fix log." will pop-up.
  • Click the OK button and a report will open.
  • Copy and Paste that report in your next reply.


2. Please run OTL and click the "Quick Scan" button, post the new report for my review.
  • 0

#11
kiwifrost4
Posted 30 September 2011 - 09:15 PM

kiwifrost4

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hi -

PC has been running well, absolutely no pops from Norton, so happy about that!

Here's the log after the "fix" was run - was kind of instantaneous, so do not know if it actually worked or not?

========== OTL ==========

OTL by OldTimer - Version 3.2.29.1 log created on 09302011_214419

And heres the full OTL Quick Scan log:

OTL logfile created on: 9/30/2011 9:45:23 PM - Run 3
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Kiwifrost4\Desktop\Computer Stuff
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.88 Gb Available Physical Memory | 46.95% Memory free
8.21 Gb Paging File | 6.13 Gb Available in Paging File | 74.75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 216.17 Gb Free Space | 46.41% Space Free | Partition Type: NTFS

Computer Name: KIWIFROST4-PC | User Name: Kiwifrost4 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/27 23:37:39 | 000,419,624 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2011/09/20 21:52:31 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Kiwifrost4\Desktop\Computer Stuff\OTL.exe
PRC - [2011/08/31 07:47:27 | 000,243,360 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10w_ActiveX.exe
PRC - [2011/08/16 22:50:04 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/08/02 22:14:29 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\steam.exe
PRC - [2011/07/13 08:27:11 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\real\realplayer\Update\realsched.exe
PRC - [2011/06/30 09:50:40 | 003,029,208 | ---- | M] (Emsi Software GmbH) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
PRC - [2011/05/25 14:09:28 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton AntiVirus\Engine\18.6.0.29\ccsvchst.exe
PRC - [2011/04/01 05:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/03/22 23:56:40 | 000,687,448 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2011/03/21 16:10:00 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/03/01 23:14:08 | 000,190,808 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011/03/01 23:13:44 | 000,203,096 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2010/10/21 13:53:56 | 001,211,216 | ---- | M] (Logitech, Inc.) -- C:\Program Files (x86)\Logitech\LWS\LU\LogitechUpdate.exe
PRC - [2010/10/21 13:53:48 | 000,341,328 | ---- | M] (Logitech, Inc.) -- C:\Program Files (x86)\Logitech\LWS\LU\LULnchr.exe
PRC - [2010/09/25 23:35:55 | 002,985,328 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\BitTorrent\BitTorrent.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2006/12/28 21:18:00 | 000,122,512 | ---- | M] (B.H.A Corporation) -- C:\Windows\SysWOW64\bgsvcgen.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/27 23:37:38 | 014,410,024 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2011/09/27 23:37:34 | 000,914,216 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-52.dll
MOD - [2011/09/27 23:37:34 | 000,190,248 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2011/09/27 23:37:34 | 000,155,432 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-52.dll
MOD - [2011/09/27 23:37:34 | 000,091,432 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-50.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/30 18:25:42 | 000,331,608 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2011/03/22 23:56:40 | 000,687,448 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2011/03/21 16:10:36 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/03/21 16:10:00 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/03/15 07:13:46 | 004,254,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2011/03/01 23:13:44 | 000,203,096 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2010/05/07 18:37:40 | 000,126,808 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2010/05/07 18:37:40 | 000,027,480 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2010/05/07 18:36:54 | 000,340,824 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2010/05/07 18:35:56 | 007,954,776 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2010/05/07 18:35:44 | 002,143,576 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2010/03/24 22:17:36 | 008,794,464 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/07/02 12:16:05 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/09/27 23:37:39 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/08/16 22:50:04 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/06/30 09:50:40 | 003,029,208 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe -- (NAV)
SRV - [2011/04/01 05:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2006/12/28 21:18:00 | 000,122,512 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\Windows\SysWOW64\bgsvcgen.exe -- (bgsvcgen)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/05/02 17:04:42 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/04/01 05:07:54 | 004,184,672 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lvuvc64.sys -- (LVUVC64) Logitech HD Webcam C510(UVC)
DRV:64bit: - [2011/03/30 22:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\NAVx64\1206000.01D\SRTSP64.SYS -- (SRTSP)
DRV:64bit: - [2011/03/30 22:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1206000.01D\SRTSPX64.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011/03/21 19:39:49 | 000,432,760 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NAVx64\1206000.01D\SYMTDIV.SYS -- (SYMTDIv)
DRV:64bit: - [2011/03/14 21:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1206000.01D\SYMEFA64.SYS -- (SymEFA)
DRV:64bit: - [2011/01/27 01:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1206000.01D\SYMDS64.SYS -- (SymDS)
DRV:64bit: - [2011/01/27 00:07:06 | 000,171,128 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1206000.01D\Ironx64.SYS -- (SymIRON)
DRV:64bit: - [2010/11/09 21:44:24 | 000,341,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2010/11/09 21:42:34 | 000,024,032 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lvbflt64.sys -- (CompFilter64)
DRV:64bit: - [2010/05/07 18:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2010/05/07 18:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/07/02 12:51:28 | 006,036,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/06/04 06:20:48 | 000,113,168 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/04/22 10:53:36 | 000,012,744 | R--- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ENTECH64.sys -- (ENTECH64)
DRV:64bit: - [2008/01/20 21:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel®
DRV - [2011/09/19 22:55:21 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20110930.021\EX64.SYS -- (NAVEX15)
DRV - [2011/09/19 22:55:21 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20110930.021\ENG64.SYS -- (NAVENG)
DRV - [2011/09/09 12:44:05 | 001,152,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20110920.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2011/09/08 20:05:01 | 000,481,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011/08/23 00:17:32 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20110930.030\IDSviA64.sys -- (IDSVia64)
DRV - [2011/02/20 21:30:06 | 000,085,800 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys -- (a2acc)
DRV - [2006/02/20 19:17:00 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System | Stopped] -- C:\Windows\SysWow64\drivers\cdrbsdrv.sys -- (cdrbsdrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie9
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 27 B7 BE 01 E1 AA CB 41 8B 6B 9D 63 F1 12 57 9F [binary data]
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\YTNavAssist.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.660: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.660: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.660: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\Kiwifrost4\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Kiwifrost4\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Kiwifrost4\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Kiwifrost4\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\IPSFFPlgn\ [2011/09/27 22:39:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{5D8CB31C-4E86-4C53-AF81-F6A7345EE51A}: C:\Users\Kiwifrost4\AppData\Local\{5D8CB31C-4E86-4C53-AF81-F6A7345EE51A} [2010/08/20 13:48:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/09/18 18:17:25 | 000,000,000 | ---D | M]

[2010/09/23 20:59:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kiwifrost4\AppData\Roaming\Mozilla\Extensions

========== Chrome ==========

CHR - default_search_provider: Live Search (Enabled)
CHR - default_search_provider: search_url = http://search.live.c...ferrer:source?}
CHR - default_search_provider: suggest_url =
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Kiwifrost4\AppData\Local\Google\Chrome\Application\12.0.742.122\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\Kiwifrost4\AppData\Local\Google\Chrome\Application\12.0.742.122\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Kiwifrost4\AppData\Local\Google\Chrome\Application\12.0.742.122\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.170.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java™ Platform SE 6 U17 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Coupon Print Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Users\Kiwifrost4\AppData\Local\Google\Chrome\Application\plugins\NPcol400.dll
CHR - plugin: Coupon Print Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Users\Kiwifrost4\AppData\Local\Google\Chrome\Application\plugins\NPcol500.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Kiwifrost4\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Kiwifrost4\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50917.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Users\Kiwifrost4\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.1.1_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Kiwifrost4\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Skype Extension = C:\Users\Kiwifrost4\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.7896_0\
CHR - Extension: Poppit = C:\Users\Kiwifrost4\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2011/09/27 23:36:28 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\18.6.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [BitTorrent] C:\Program Files (x86)\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000028 - %SystemRoot%\system32\rsvpsp.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000029 - %SystemRoot%\system32\rsvpsp.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A38FB7A-51D2-4C8B-8D77-848410063A99}: DhcpNameServer = 192.168.0.1 205.171.3.25
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Kiwifrost4\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Kiwifrost4\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/30 21:42:58 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/09/29 21:28:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011/09/27 23:38:58 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/09/27 23:36:30 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/09/27 21:04:05 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/09/27 21:04:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/09/27 21:04:05 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/09/27 21:02:51 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/09/27 20:59:39 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/09/22 08:49:15 | 000,000,000 | R--D | C] -- C:\Users\Kiwifrost4\Desktop\Computer Stuff
[2011/09/19 21:18:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/09/19 21:18:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/09/19 19:28:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
[2011/09/19 19:28:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware
[2011/09/19 19:28:30 | 000,000,000 | ---D | C] -- C:\Users\Kiwifrost4\Documents\Anti-Malware
[2011/09/19 19:16:40 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/09/19 18:36:27 | 000,000,000 | ---D | C] -- C:\Users\Kiwifrost4\AppData\Local\VirtualStore
[2011/09/19 00:21:25 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/09/10 00:24:55 | 000,000,000 | ---D | C] -- C:\Users\Kiwifrost4\Documents\Activision
[2011/07/31 15:01:18 | 065,981,368 | ---- | C] (Online Media Technologies Ltd. ) -- C:\Program Files (x86)\AVSVideoConverter.exe
[2011/07/13 22:23:00 | 001,030,024 | ---- | C] (Skype Technologies S.A.) -- C:\Program Files (x86)\SkypeSetup.exe
[2011/05/03 20:31:01 | 087,359,831 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Program Files (x86)\Vista_Win7_R259.exe
[2011/04/18 21:40:49 | 020,817,978 | ---- | C] (Shark007) -- C:\Program Files (x86)\VistaCodecs_v593.exe
[2011/04/14 23:13:14 | 013,193,238 | ---- | C] (Shark007) -- C:\Program Files (x86)\x64Components_v285.exe
[2010/09/25 23:34:28 | 002,985,328 | ---- | C] (BitTorrent, Inc.) -- C:\Program Files (x86)\BitTorrent-7.1.exe
[2010/09/16 19:56:06 | 010,255,560 | ---- | C] (iSkysoft Software ) -- C:\Program Files (x86)\mkv-converter-win_full676.exe
[2010/08/29 21:03:58 | 005,881,679 | ---- | C] (Moritz Bunkus) -- C:\Program Files (x86)\mkvtoolnix-unicode-4.2.0-setup.exe
[2010/08/29 19:24:19 | 016,847,824 | ---- | C] (Any-Video-Converter.com ) -- C:\Program Files (x86)\avc-free.exe
[2010/08/29 19:18:42 | 000,866,532 | ---- | C] (CHENGDU WEISHU TECHNOLOGY CO., LTD. ) -- C:\Program Files (x86)\mkv-to-wmv.exe
[2010/07/22 00:14:14 | 000,907,735 | ---- | C] ( ) -- C:\Program Files\DVD43_Plugin_Setup_1.0.0.5.exe
[2010/07/22 00:11:10 | 000,568,900 | ---- | C] ( ) -- C:\Program Files\DVD43_4-6-0_Setup.exe
[2010/07/21 23:51:36 | 054,822,952 | ---- | C] (Online Media Technologies Ltd. ) -- C:\Program Files\AVSVideoConverter.exe
[2010/07/21 23:33:00 | 009,423,386 | ---- | C] (Digiarty Software, Inc. ) -- C:\Program Files\winx-dvd-ripper-pt.exe
[2010/07/21 23:28:45 | 006,971,290 | ---- | C] (Digiarty Software, Inc. ) -- C:\Program Files\winx-free-dvd-ripper.exe
[2010/06/10 01:11:30 | 000,895,256 | ---- | C] (DivX, Inc. ) -- C:\Program Files (x86)\DivXInstaller.exe
[2010/05/04 16:06:17 | 003,382,520 | ---- | C] (Piriform Ltd) -- C:\Program Files (x86)\ccsetup231.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/30 21:41:00 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1882694805-4187760394-1783181854-1000UA.job
[2011/09/30 21:36:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/30 21:31:07 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/30 21:31:07 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/30 21:03:00 | 000,000,282 | ---- | M] () -- C:\Windows\tasks\Check Updates for Windows Live Toolbar.job
[2011/09/30 11:41:00 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1882694805-4187760394-1783181854-1000Core.job
[2011/09/30 05:36:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/29 15:31:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/29 08:50:32 | 000,212,992 | ---- | M] () -- C:\Users\Kiwifrost4\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/27 23:36:28 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/09/23 21:46:07 | 000,111,928 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/09/23 07:32:20 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011/09/22 19:11:16 | 000,006,184 | ---- | M] () -- C:\{CE9DE6B9-E30C-47B0-AD4A-7105D5398AD9}
[2011/09/20 19:41:44 | 000,002,067 | ---- | M] () -- C:\Users\Kiwifrost4\Desktop\Google Chrome.lnk
[2011/09/20 19:41:44 | 000,002,029 | ---- | M] () -- C:\Users\Kiwifrost4\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/09/19 20:21:27 | 000,000,732 | ---- | M] () -- C:\Users\Kiwifrost4\AppData\Local\d3d9caps64.dat
[2011/09/19 00:21:32 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2011/09/19 00:21:32 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2011/09/18 21:44:51 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2011/09/18 21:44:51 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2011/09/18 21:34:51 | 000,707,392 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/09/18 21:34:51 | 000,607,168 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/09/18 21:34:51 | 000,104,808 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/09/18 20:07:11 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2011/09/18 20:07:11 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2011/09/18 18:08:22 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2011/09/18 18:08:22 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2011/09/18 17:53:14 | 000,006,192 | ---- | M] () -- C:\{219ACBFF-33E0-45D7-84B9-FE2B16FB6A5F}
[2011/09/18 17:25:34 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2011/09/18 17:25:34 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2011/09/18 17:17:02 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2011/09/18 17:17:02 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2011/09/18 15:50:47 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2011/09/18 15:50:47 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2011/09/18 03:30:15 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2011/09/18 03:30:15 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2011/09/15 03:22:24 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2011/09/15 03:22:24 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2011/09/13 09:09:49 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2011/09/13 09:09:49 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2011/09/12 08:39:37 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2011/09/12 08:39:37 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2011/09/11 11:54:15 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2011/09/11 11:54:15 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2011/09/06 09:09:13 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2011/09/06 09:09:13 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/27 21:04:05 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/09/27 21:04:05 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/09/27 21:04:05 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/09/27 21:04:05 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/09/27 21:04:05 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/09/22 19:11:16 | 000,006,184 | ---- | C] () -- C:\{CE9DE6B9-E30C-47B0-AD4A-7105D5398AD9}
[2011/09/19 07:43:57 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/09/19 00:41:32 | 000,000,732 | ---- | C] () -- C:\Users\Kiwifrost4\AppData\Local\d3d9caps64.dat
[2011/09/18 17:53:14 | 000,006,192 | ---- | C] () -- C:\{219ACBFF-33E0-45D7-84B9-FE2B16FB6A5F}
[2011/08/24 22:51:09 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/08/24 22:47:16 | 027,947,271 | ---- | C] () -- C:\Program Files (x86)\dvdmaker.zip
[2011/08/16 22:50:04 | 000,682,280 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011/05/12 00:21:25 | 000,201,444 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/05/03 21:25:28 | 085,083,722 | ---- | C] () -- C:\Program Files (x86)\VistaWindows7HD-256.zip
[2011/04/01 05:07:02 | 010,877,272 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2011/04/01 05:07:02 | 000,102,744 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011/04/01 05:06:56 | 000,331,608 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2010/12/19 13:44:30 | 000,000,030 | ---- | C] () -- C:\Windows\MotionSDSTUDIO.INI
[2010/11/15 10:02:58 | 020,953,077 | ---- | C] () -- C:\Program Files (x86)\pod-works.exe
[2010/10/26 21:34:47 | 030,355,045 | ---- | C] () -- C:\Program Files (x86)\mov-converter6.exe
[2010/10/14 23:13:15 | 000,001,940 | ---- | C] () -- C:\Users\Kiwifrost4\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/09/22 17:08:20 | 000,293,144 | ---- | C] () -- C:\Program Files\SoftonicDownloader_for_hjsplit.exe
[2010/09/01 20:25:53 | 001,531,593 | ---- | C] () -- C:\Program Files (x86)\winrar-x64-393.exe
[2010/08/24 18:12:11 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2010/08/24 18:11:31 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2010/08/24 18:10:48 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2010/08/20 13:48:35 | 000,000,120 | ---- | C] () -- C:\Users\Kiwifrost4\AppData\Local\Hsogapakukakad.dat
[2010/08/20 13:48:35 | 000,000,000 | ---- | C] () -- C:\Users\Kiwifrost4\AppData\Local\Isacir.bin
[2010/07/21 23:42:49 | 001,853,399 | ---- | C] () -- C:\Program Files\EasyDVDClonec.exe
[2010/02/10 00:17:38 | 000,708,868 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/12/28 11:14:16 | 000,000,053 | ---- | C] () -- C:\Windows\WININIT.INI
[2009/12/28 11:14:13 | 000,000,000 | ---- | C] () -- C:\Windows\setup32.INI
[2009/10/19 17:33:31 | 000,000,831 | ---- | C] () -- C:\Windows\CoDUO.INI
[2009/10/19 17:09:19 | 000,000,766 | ---- | C] () -- C:\Windows\CoD.INI
[2009/10/19 16:40:08 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
[2009/10/19 14:15:32 | 000,111,928 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2009/10/19 14:15:31 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2009/10/19 14:15:30 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2009/10/18 21:21:34 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009/10/18 16:58:04 | 000,010,922 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/10/18 08:23:13 | 000,149,504 | ---- | C] () -- C:\Windows\UNWISE.EXE
[2009/10/17 22:08:29 | 000,212,992 | ---- | C] () -- C:\Users\Kiwifrost4\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/26 19:09:05 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/07/10 13:39:00 | 000,350,720 | ---- | C] () -- C:\Program Files\hjsplit.exe
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007/07/23 11:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2007/07/23 11:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2007/07/23 11:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2007/07/23 11:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2007/07/23 11:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2007/07/23 11:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2007/07/23 11:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2007/07/23 11:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2007/07/23 11:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2006/11/02 10:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 07:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 07:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 04:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

========== LOP Check ==========

[2010/08/29 19:26:08 | 000,000,000 | ---D | M] -- C:\Users\Kiwifrost4\AppData\Roaming\AnvSoft
[2011/09/30 21:41:45 | 000,000,000 | ---D | M] -- C:\Users\Kiwifrost4\AppData\Roaming\BitTorrent
[2009/10/18 12:28:03 | 000,000,000 | ---D | M] -- C:\Users\Kiwifrost4\AppData\Roaming\Blitware
[2011/08/01 20:15:44 | 000,000,000 | ---D | M] -- C:\Users\Kiwifrost4\AppData\Roaming\Canneverbe Limited
[2011/08/03 23:24:46 | 000,000,000 | ---D | M] -- C:\Users\Kiwifrost4\AppData\Roaming\Canon
[2010/09/06 13:52:24 | 000,000,000 | ---D | M] -- C:\Users\Kiwifrost4\AppData\Roaming\Catalina Marketing Corp
[2010/07/21 23:33:38 | 000,000,000 | ---D | M] -- C:\Users\Kiwifrost4\AppData\Roaming\Digiarty
[2009/12/10 19:46:33 | 000,000,000 | ---D | M] -- C:\Users\Kiwifrost4\AppData\Roaming\E-centives
[2010/03/14 22:49:58 | 000,000,000 | ---D | M] -- C:\Users\Kiwifrost4\AppData\Roaming\Facebook
[2009/12/26 23:32:57 | 000,000,000 | ---D | M] -- C:\Users\Kiwifrost4\AppData\Roaming\GetRightToGo
[2010/11/15 10:03:36 | 000,000,000 | ---D | M] -- C:\Users\Kiwifrost4\AppData\Roaming\ImTOO
[2009/10/18 09:06:35 | 000,000,000 | ---D | M] -- C:\Users\Kiwifrost4\AppData\Roaming\InterTrust
[2009/12/28 11:35:15 | 000,000,000 | ---D | M] -- C:\Users\Kiwifrost4\AppData\Roaming\Leadertech
[2010/08/29 21:04:52 | 000,000,000 | ---D | M] -- C:\Users\Kiwifrost4\AppData\Roaming\mkvtoolnix
[2011/01/04 23:25:25 | 000,000,000 | ---D | M] -- C:\Users\Kiwifrost4\AppData\Roaming\Ogg2MP3
[2011/02/04 20:47:03 | 000,000,000 | ---D | M] -- C:\Users\Kiwifrost4\AppData\Roaming\TaxCut
[2010/08/20 14:52:23 | 000,000,000 | ---D | M] -- C:\Users\Kiwifrost4\AppData\Roaming\Tific
[2011/09/30 21:03:00 | 000,000,282 | ---- | M] () -- C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job
[2011/09/29 09:05:01 | 000,032,654 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >

Thanks!
  • 0

#12
sempai
Posted 01 October 2011 - 08:33 AM

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Hi kiwifrost4,

Just a minor fix needed and it's the last one, we can proceed with the housekeeping afterward.


Please reopen OTL on your desktop.
  • Copy and Paste the following code into the Custom Scan/Fixes text box. 

    :OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{5D8CB31C-4E86-4C53-AF81-F6A7345EE51A}: C:\Users\Kiwifrost4\AppData\Local\{5D8CB31C-4E86-4C53-AF81-F6A7345EE51A} [2010/08/20 13:48:34 | 000,000,000 | ---D | M]
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
[2010/08/20 13:48:35 | 000,000,120 | ---- | C] () -- C:\Users\Kiwifrost4\AppData\Local\Hsogapakukakad.dat
[2010/08/20 13:48:35 | 000,000,000 | ---- | C] () -- C:\Users\Kiwifrost4\AppData\Local\Isacir.bin
  • Push the Run Fix button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • A massage box "Fix complete! Click OK to open the fix log." will pop-up.
  • Click the OK button and a report will open.
  • Copy and Paste that report in your next reply.

  • 0

#13
kiwifrost4
Posted 01 October 2011 - 09:51 AM

kiwifrost4

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Here you go (no reboot required):

========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{5D8CB31C-4E86-4C53-AF81-F6A7345EE51A}: C:\Users\Kiwifrost4\AppData\Local\{5D8CB31C not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
C:\Users\Kiwifrost4\AppData\Local\Hsogapakukakad.dat moved successfully.
C:\Users\Kiwifrost4\AppData\Local\Isacir.bin moved successfully.

OTL by OldTimer - Version 3.2.29.1 log created on 10012011_105058
  • 0

#14
sempai
Posted 01 October 2011 - 11:33 AM

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Great, let's do the housekeeping.


Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
  • Download the latest version of Java Runtime Environment (JRE) Version 7.
  • Look for "Java SE 7".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".

    • Select "Windows x64" and click on jre-7-windows-x64.exe
  • Save it to your desktop
  • Close any programs you may have running - especially your web browser.
  • Uninstall all older versions of Java (any item with Java Runtime Environment, JRE or J2SE in the name).
  • Reboot your computer once all Java components are removed.
  • Install the newest version by double clicking (run as Administrator for Windows Vista/Seven) the downloaded file.


==========================


Uninstall:

1. ComboFix

  • Click Start > Run > copy-paste the following bolded text into the Run box and click OK:

    ComboFix /Uninstall


Delete:

1. TDSSKiller
2. aswMBR



Clean-up with OTL:
  • Run OTL
  • Click on the CleanUp! button.
  • Reboot when ask.




Your log is clean, please change all your offline and online passwords.

Take the time to read below to secure your machine and take the necessary steps to keep it Clean :)

How to prevent malware

How to increase PC speed


Practice Safe Internet
One of the main reasons people get infected in the first place is that they are not practicing Safe Internet. You practice Safe Internet when you educate yourself on how to properly use the Internet through the use of security tools and good practice. Knowing how you can get infected and what types of files and sites to avoid will be the most crucial step in keeping your computer malware free. The reality is that the majority of people who are infected with malware are ones who click on things they shouldn't be clicking on. Whether these things are files or sites it doesn't really matter. If something is out to get you, and you click on it, it most likely will. Below are a list of simple precautions to take to keep your computer clean and running securely:

  • If you receive an attachment from someone you do not know, DO NOT OPEN IT! Simple as that. Opening attachments from people you do not know is a very common method for viruses or worms to infect your computer.
  • If you receive an attachment and it ends with a .exe, .com, .bat, or .pif do not open the attachment unless you know for a fact that it is clean. For the casual computer user, you will almost never receive a valid attachment of this type.
  • If you receive an attachment from someone you know, and it looks suspicious, then it probably is. The email could be from someone you know infected with a malware that is trying to infect everyone in their address book.
  • If you are browsing the Internet and a popup appears saying that you are infected, ignore it!. These are, as far as I am concerned, scams that are being used to scare you into purchasing a piece of software. For an example of these types of popups, or Foistware, you should read this article: Foistware, And how to avoid it.
    There are also programs that disguise themselves as Anti-Spyware or security products but are instead scams. For a list of these types of programs we recommend you visit this link: Rogue/Suspect Anti-Spyware Products & Web Sites
  • Another tactic to fool you on the web is when a site displays a popup that looks like a normal Windows message or alert. When you click on them, though, they instead bring you to another site that is trying to push a product on you. We suggest that you close these windows by clicking on the X instead of the OK button. Alternatively, you can check to see if it's a real alert by right-clicking on the window. If there is a menu that comes up saying Add to Favorites... you know it's a fake.
  • Do not go to adult sites. I know this may bother some of you, but the fact is that a large amount of malware is pushed through these types of sites. I am not saying all adult sites do this, but a lot do.
  • When using an Instant Messaging program be cautious about clicking on links people send to you. It is not uncommon for infections to send a message to everyone in the infected person's contact list that contains a link to an infection. Instead when you receive a message that contains a link, message back to the person asking if it is legit before you click on it.
  • Stay away from Warez and Crack sites! In addition to the obvious copyright issues, the downloads from these sites are typically overrun with infections.
  • Be careful of what you download off of web sites and Peer-2-Peer networks. Some sites disguise malware as legitimate software to trick you into installing them and Peer-2-Peer networks are crawling with it. If you want to download a piece of software a from a site, and are not sure if they are legitimate, you can use McAfee Siteadvisor to look up info on the site.
  • DO NOT INSTALL any software without first reading the End User License Agreement, otherwise known as the EULA. A tactic that some developers use is to offer their software for free, but have spyware and other programs you do not want bundled with it. This is where they make their money. By reading the agreement there is a good chance you can spot this and not install the software.


  • 0

#15
sempai
Posted 04 October 2011 - 08:05 AM

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP