Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan.FakeAlert : wyWFqiPoNAGy.exe


  • Please log in to reply

#16
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,779 posts
  • MVP
Looks like it is back.

Some kind of stealth program running:

PRC - File not found --

Avast found:

File C:\Windows\assembly\temp\kwrd.dll is infected by Win32:Malware-gen, Moved to chest
File C:\Windows\assembly\temp\U\[email protected]|>[Embedded_R#00290] is infected by Win32:Malware-gen, Moved to chest
File C:\Windows\assembly\temp\U\[email protected] is infected by Win32:DNSChanger-VJ [Trj], Moved to chest
File C:\Windows\System32\consrv.dll

But I don't think it knows how to get rid of it completely.


Click on the Avast ball. Then click on Additional Protections then on AutoSandbox then on Settings then uncheck Enable AutoSandbox. OK


Right click on the Avast Ball and select Avast! Shields Control and Disable Until Computer is Restarted
Run Combofix again (allow it to update) and after it reboots run it a second time. (Remember to Disable Avast) then run TDSSKiller again.

Finally run OTL quickscan again.

Ron
  • 0

Advertisements


#17
Magicless

Magicless

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
ok here goes:

2 x ComboFix logs (attached)

TDSSKiller found nothing (log also attached)

OTL log:

OTL logfile created on: 11/10/2011 5:34:21 PM - Run 5
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Magical\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Netherlands | Language: NLD | Date Format: d-M-yyyy

5.98 Gb Total Physical Memory | 4.20 Gb Available Physical Memory | 70.17% Memory free
11.96 Gb Paging File | 10.16 Gb Available in Paging File | 84.91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 922.95 Gb Total Space | 882.35 Gb Free Space | 95.60% Space Free | Partition Type: NTFS
Drive D: | 488.39 Gb Total Space | 278.45 Gb Free Space | 57.01% Space Free | Partition Type: NTFS
Drive F: | 195.31 Gb Total Space | 152.98 Gb Free Space | 78.33% Space Free | Partition Type: NTFS
Drive G: | 270.44 Gb Total Space | 211.28 Gb Free Space | 78.12% Space Free | Partition Type: NTFS
Drive M: | 434.57 Gb Total Space | 97.21 Gb Free Space | 22.37% Space Free | Partition Type: NTFS

Computer Name: BROOMSTICK | User Name: Magical | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/09 16:49:42 | 001,564,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Magical\Desktop\TDSSKiller.exe
PRC - [2011/11/09 16:27:49 | 000,912,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/11/04 09:18:50 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Magical\Downloads\OTL.com
PRC - [2011/09/06 22:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/09/06 22:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/12/03 07:00:42 | 000,618,600 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
PRC - [2010/10/05 14:08:46 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/10/05 14:08:42 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/09/14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/09/14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/09/14 02:32:32 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/09/14 02:32:30 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/05/27 03:41:24 | 000,349,552 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
PRC - [2010/03/11 06:11:56 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
PRC - [2010/03/11 06:11:42 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
PRC - [2010/01/29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2010/01/08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2009/05/01 12:54:44 | 000,291,496 | ---- | M] () -- C:\Program Files (x86)\Lexmark 3400 Series\lxcymon.exe
PRC - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/09 16:27:49 | 000,849,368 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\js3250.dll
MOD - [2011/11/03 20:00:31 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\60c320dbe033e8ff4830cdc059933f2c\IAStorUtil.ni.dll
MOD - [2011/11/03 20:00:31 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\ebfad289d9759034cd3a887802fadb5b\IAStorCommon.ni.dll
MOD - [2011/11/03 18:53:23 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll
MOD - [2011/11/03 18:52:54 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011/11/03 18:52:46 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011/11/03 18:52:30 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
MOD - [2011/11/03 18:52:25 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011/11/03 18:52:21 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011/11/03 18:52:20 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/11/03 18:51:31 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2010/12/03 07:00:42 | 000,618,600 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
MOD - [2010/12/03 04:44:54 | 000,151,656 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll
MOD - [2009/08/11 12:54:28 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\MultiScreen\TitleBar.dll
MOD - [2009/05/01 12:54:44 | 000,291,496 | ---- | M] () -- C:\Program Files (x86)\Lexmark 3400 Series\lxcymon.exe
MOD - [2006/08/08 14:54:18 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\Lexmark 3400 Series\lxcyscw.dll
MOD - [2006/02/13 08:04:20 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Lexmark 3400 Series\lxcydrec.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/09/06 22:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011/01/10 10:03:43 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/01/29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/03/18 01:26:14 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Stopped] -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2010/10/05 14:08:46 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2010/10/05 14:08:42 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/09/14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/09/14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/09/14 02:32:32 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2010/05/27 03:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/09/06 22:38:18 | 000,601,944 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2011/09/06 22:38:16 | 000,301,912 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011/09/06 22:36:41 | 000,058,200 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011/09/06 22:36:41 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011/09/06 22:36:30 | 000,065,368 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/09/06 22:36:14 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/15 17:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2011/01/10 10:31:20 | 008,283,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/01/10 09:28:18 | 000,295,424 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/12/21 09:31:00 | 000,316,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) Intel®
DRV:64bit: - [2010/12/16 23:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/17 13:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/10/19 22:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2010/09/14 04:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010/09/14 04:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010/09/14 04:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010/09/14 04:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010/09/14 02:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/08/11 04:40:06 | 001,014,624 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2010/05/15 16:30:52 | 000,458,840 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/03 03:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009/06/03 03:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009/06/03 03:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2008/07/26 15:26:34 | 000,050,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2008/07/26 15:22:34 | 002,624,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:4.0.2
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.87
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.12
FF - prefs.js..extensions.enabledItems: {b442f4c0-c292-4998-aabe-48608a73ba75}:1.0.1.3
FF - prefs.js..extensions.enabledItems: {1f91cde0-c040-11da-a94d-0800200c9a66}:9
FF - prefs.js..extensions.enabledItems: {FBF6D7FB-F305-4445-BB3D-FEF66579A033}:5.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..extensions.enabledItems: [email protected]:0.9.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.7
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.19.1
FF - prefs.js..extensions.enabledItems: [email protected]:3.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.12.3.53363
FF - prefs.js..extensions.enabledItems: [email protected]:1.4.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.8.8
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.6
FF - prefs.js..extensions.enabledItems: {7d575baa-b543-11dc-8314-0800200c9a66}:2.0.5
FF - prefs.js..extensions.enabledItems: {89506680-e3f4-484c-a2c0-ed711d481eda}:0.9.5.7
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
FF - prefs.js..extensions.enabledItems: {446c03e0-2c35-11db-a98b-0800200c9a66}:0.6.2.15
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: [email protected]:6.0.1289
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: [email protected]:1.3.6


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/11/05 17:47:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/09 16:27:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/09 16:27:50 | 000,000,000 | ---D | M]

[2011/05/01 18:09:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Magical\AppData\Roaming\Mozilla\Extensions
[2011/11/10 00:10:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Magical\AppData\Roaming\Mozilla\Firefox\Profiles\8ts1yyzy.default\extensions
[2011/05/02 12:16:00 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\Magical\AppData\Roaming\Mozilla\Firefox\Profiles\8ts1yyzy.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2011/05/02 12:15:59 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Users\Magical\AppData\Roaming\Mozilla\Firefox\Profiles\8ts1yyzy.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2011/09/13 12:21:34 | 000,000,000 | ---D | M] (RSS Ticker) -- C:\Users\Magical\AppData\Roaming\Mozilla\Firefox\Profiles\8ts1yyzy.default\extensions\{1f91cde0-c040-11da-a94d-0800200c9a66}
[2011/08/26 08:18:32 | 000,000,000 | ---D | M] (Integrated Gmail) -- C:\Users\Magical\AppData\Roaming\Mozilla\Firefox\Profiles\8ts1yyzy.default\extensions\{28197867-b1ef-4140-8e3b-55c45b9c8460}
[2011/06/16 01:41:34 | 000,000,000 | ---D | M] (Favicon Picker 2) -- C:\Users\Magical\AppData\Roaming\Mozilla\Firefox\Profiles\8ts1yyzy.default\extensions\{446c03e0-2c35-11db-a98b-0800200c9a66}
[2011/06/06 01:55:11 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Magical\AppData\Roaming\Mozilla\Firefox\Profiles\8ts1yyzy.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2011/05/02 12:16:00 | 000,000,000 | ---D | M] (BitmeTV Menu) -- C:\Users\Magical\AppData\Roaming\Mozilla\Firefox\Profiles\8ts1yyzy.default\extensions\{633b7287-e788-4131-a31c-db09d8ebbe51}(2)
[2011/05/02 12:16:00 | 000,000,000 | ---D | M] (DNS Flusher) -- C:\Users\Magical\AppData\Roaming\Mozilla\Firefox\Profiles\8ts1yyzy.default\extensions\{7d575baa-b543-11dc-8314-0800200c9a66}
[2011/08/31 21:54:04 | 000,000,000 | ---D | M] (Showcase) -- C:\Users\Magical\AppData\Roaming\Mozilla\Firefox\Profiles\8ts1yyzy.default\extensions\{89506680-e3f4-484c-a2c0-ed711d481eda}
[2011/08/26 13:00:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Magical\AppData\Roaming\Mozilla\Firefox\Profiles\8ts1yyzy.default\extensions\{961408A3-C970-4577-970A-D97C29839A67}
[2011/05/01 21:32:21 | 000,000,000 | ---D | M] (Smartest Bookmarks Bar) -- C:\Users\Magical\AppData\Roaming\Mozilla\Firefox\Profiles\8ts1yyzy.default\extensions\{b442f4c0-c292-4998-aabe-48608a73ba75}
[2011/10/01 01:21:40 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Magical\AppData\Roaming\Mozilla\Firefox\Profiles\8ts1yyzy.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/10/16 21:04:20 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Magical\AppData\Roaming\Mozilla\Firefox\Profiles\8ts1yyzy.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/05/02 12:16:00 | 000,000,000 | ---D | M] (Multirow Bookmarks Toolbar) -- C:\Users\Magical\AppData\Roaming\Mozilla\Firefox\Profiles\8ts1yyzy.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}
[2011/10/01 01:21:41 | 000,000,000 | ---D | M] (Add-on Compatibility Reporter) -- C:\Users\Magical\AppData\Roaming\Mozilla\Firefox\Profiles\8ts1yyzy.default\extensions\[email protected]
[2011/05/02 12:15:57 | 000,000,000 | ---D | M] (DNS Cache) -- C:\Users\Magical\AppData\Roaming\Mozilla\Firefox\Profiles\8ts1yyzy.default\extensions\[email protected]
[2011/10/01 01:21:40 | 000,000,000 | ---D | M] (Element Hiding Helper for Adblock Plus) -- C:\Users\Magical\AppData\Roaming\Mozilla\Firefox\Profiles\8ts1yyzy.default\extensions\[email protected]
[2011/05/02 12:10:15 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\Magical\AppData\Roaming\Mozilla\Firefox\Profiles\8ts1yyzy.default\extensions\[email protected]
[2011/08/25 20:57:40 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Magical\AppData\Roaming\Mozilla\Firefox\Profiles\8ts1yyzy.default\extensions\[email protected]
[2011/11/09 00:09:11 | 000,000,000 | ---D | M] (Webmail Ad Blocker) -- C:\Users\Magical\AppData\Roaming\Mozilla\Firefox\Profiles\8ts1yyzy.default\extensions\[email protected]
[2011/11/09 00:09:13 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\Magical\AppData\Roaming\Mozilla\Firefox\Profiles\8ts1yyzy.default\extensions\[email protected]
[2011/05/02 12:10:16 | 000,000,000 | ---D | M] (Smart Bookmarks Bar) -- C:\Users\Magical\AppData\Roaming\Mozilla\Firefox\Profiles\8ts1yyzy.default\extensions\[email protected]
[2011/05/02 12:10:17 | 000,000,000 | ---D | M] (Tab Counter) -- C:\Users\Magical\AppData\Roaming\Mozilla\Firefox\Profiles\8ts1yyzy.default\extensions\[email protected]
[2011/10/01 01:21:41 | 000,000,000 | ---D | M] (BlackFox V1-Blue) -- C:\Users\Magical\AppData\Roaming\Mozilla\Firefox\Profiles\8ts1yyzy.default\extensions\[email protected]
[2011/08/26 13:00:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Magical\AppData\Roaming\Mozilla\Firefox\Profiles\8ts1yyzy.default\extensions\[email protected]
[2011/11/08 12:57:38 | 000,001,032 | ---- | M] () -- C:\Users\Magical\AppData\Roaming\Mozilla\Firefox\Profiles\8ts1yyzy.default\searchplugins\exigo.xml
[2010/04/30 18:04:17 | 000,001,504 | ---- | M] () -- C:\Users\Magical\AppData\Roaming\Mozilla\Firefox\Profiles\8ts1yyzy.default\searchplugins\imdb.xml
[2010/04/24 17:18:48 | 000,002,352 | ---- | M] () -- C:\Users\Magical\AppData\Roaming\Mozilla\Firefox\Profiles\8ts1yyzy.default\searchplugins\search-firefox-addons.xml
[2010/05/25 00:38:29 | 000,004,140 | ---- | M] () -- C:\Users\Magical\AppData\Roaming\Mozilla\Firefox\Profiles\8ts1yyzy.default\searchplugins\youtube.xml
[2011/11/10 00:10:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/05/01 20:50:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2011/09/28 09:35:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/11/06 15:16:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/11/05 17:47:39 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/04/21 00:07:17 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/04/21 00:07:17 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/04/21 00:07:17 | 000,000,769 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/04/21 00:07:17 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/11/05 02:23:58 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark 3400 Series\ezprint.exe (Lexmark International Inc.)
O4:64bit: - HKLM..\Run: [LXCYCATS] C:\Windows\SysNative\spool\DRIVERS\x64\3\LXCYtime.DLL (Lexmark International Inc.)
O4:64bit: - HKLM..\Run: [lxcymon.exe] C:\Program Files (x86)\Lexmark 3400 Series\lxcymon.exe ()
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [Aim] C:\Program Files (x86)\AIM\aim.exe (AOL Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [MultiScreen] C:\Program Files (x86)\MultiScreen\MultiScreen.exe ()
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\Magical\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Magical\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4DC80F5F-8843-40AD-930A-E6ECA0C8B00F}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4DC80F5F-8843-40AD-930A-E6ECA0C8B00F}: NameServer = 8.8.8.8,8.8.4.4
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/02/22 11:24:38 | 000,000,000 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/10 17:26:32 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/11/10 06:42:35 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{48BE62A2-36F1-4D79-95E4-A358EC64327B}
[2011/11/10 06:42:12 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{7289CC38-29CC-44F1-8458-CBDE3782EEC7}
[2011/11/09 18:41:46 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{400671E6-B2A7-48B5-8878-F79A86E24D7B}
[2011/11/09 06:41:08 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{75F07E25-59CB-4D87-8C7E-3C534864F231}
[2011/11/08 18:40:25 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{3D4925C8-06F9-48E9-8DA2-EC0FC9A0F25E}
[2011/11/08 06:39:49 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{962A94B5-8635-4C14-B3F5-11B216ACA47C}
[2011/11/07 18:39:13 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{92CF4F49-7D16-4F2D-ABC9-12855CEF9E59}
[2011/11/07 18:38:51 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{B94E1794-073E-4D47-9FA3-E8D3A9A52DDD}
[2011/11/07 09:17:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
[2011/11/07 08:38:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZoneAlarm
[2011/11/07 08:37:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ZoneLabs
[2011/11/07 08:36:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Zone Labs
[2011/11/07 08:35:45 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs
[2011/11/07 08:35:45 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2011/11/07 06:38:25 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{EFA80663-C2C5-4551-A6B3-2ED0A881C96D}
[2011/11/07 06:37:46 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{F8526256-6F02-437A-8657-2838377AA499}
[2011/11/07 03:04:45 | 000,032,920 | ---- | C] (Emsisoft) -- C:\Windows\SysNative\drivers\oanet.sys
[2011/11/06 19:07:24 | 000,167,296 | ---- | C] (Gibson Research Corp.) -- C:\Users\Magical\Desktop\DNSBench.exe
[2011/11/06 18:37:20 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{1F2EA325-926A-4C7D-89DC-A0147BDFACF0}
[2011/11/06 15:16:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/11/06 06:36:41 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{E961B8DC-96D3-4AE1-930D-54B0FA533DE5}
[2011/11/06 00:42:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\logishrd
[2011/11/05 18:35:40 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{69E7E7DA-E3CE-4706-996E-3D1722EF7070}
[2011/11/05 18:35:28 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{3F7BDE34-F4B3-442E-9F76-75569951F066}
[2011/11/05 17:48:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/11/05 17:48:04 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011/11/05 17:48:02 | 000,301,912 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/11/05 17:48:00 | 000,042,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/11/05 17:47:58 | 000,058,200 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/11/05 17:47:57 | 000,601,944 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/11/05 17:47:53 | 000,254,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/11/05 17:47:53 | 000,065,368 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/11/05 17:47:35 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/11/05 17:47:35 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/11/05 17:47:31 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/11/05 17:47:31 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/11/05 16:53:43 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{C3FC1CF1-624F-4DC2-B9C3-ED0D2286541B}
[2011/11/05 16:50:08 | 000,000,000 | ---D | C] -- C:\Windows\assemby
[2011/11/05 03:49:14 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/05 02:41:19 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Magical\Desktop\aswMBR.exe
[2011/11/05 02:31:20 | 001,564,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Magical\Desktop\TDSSKiller.exe
[2011/11/05 02:19:29 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/11/05 02:19:29 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/11/05 02:19:29 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/11/05 02:19:25 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/11/05 02:19:23 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/05 02:13:40 | 004,288,812 | R--- | C] (Swearware) -- C:\Users\Magical\Desktop\ComboFix.exe
[2011/11/05 02:04:45 | 000,000,000 | ---D | C] -- C:\Users\Magical\Desktop\lost
[2011/11/04 20:34:55 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{A74238AF-F985-4C54-B753-3C3E0B5FF6F7}
[2011/11/04 20:34:44 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{1E75554F-0FA9-4128-8F2D-A41333AD2C7A}
[2011/11/04 08:34:11 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{A48E29C5-8D30-46E1-B3DD-A4ACBB35EE02}
[2011/11/04 08:33:59 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{5CBBD8B9-07D0-4110-B258-D84D562E514F}
[2011/11/03 23:33:46 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Roaming\Malwarebytes
[2011/11/03 23:32:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/03 23:32:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/03 23:32:42 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/11/03 23:32:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/11/03 19:32:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011/11/03 18:43:56 | 000,200,976 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysWow64\drivers\tmcomm.sys
[2011/11/03 17:50:36 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{D4C94249-A4BD-4B7D-887D-884E143AAD16}
[2011/11/03 05:49:54 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{D63D7844-9801-42DD-ADE6-4831ED93C8D2}
[2011/11/02 17:49:12 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{87E3EBB1-7FF7-4901-99D7-4DAF46AAF9D3}
[2011/11/02 05:48:33 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{43EDBA0A-6DD0-4C23-B7E8-B1B0A86B9334}
[2011/11/01 17:47:55 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{EE36652D-BAFE-4F17-9AD5-3E4DF5765A31}
[2011/11/01 05:47:18 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{637D5548-7DE6-49B0-8549-1D983001FA07}
[2011/10/31 17:46:40 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{F784FAAE-CC16-49BD-947A-884C8279F464}
[2011/10/31 11:18:29 | 000,000,000 | ---D | C] -- C:\Users\Magical\Documents\Stuff that used to be in dropbox
[2011/10/31 05:46:02 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{92CBC907-2386-47DA-9958-63C7EFF57ED9}
[2011/10/30 17:45:25 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{35E733DD-0BA5-440F-BEC9-749E4867548A}
[2011/10/30 05:44:49 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{5CC4A491-409E-49DE-8278-786C38FA7BDC}
[2011/10/29 17:44:12 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{E6782204-61AC-493C-8AEE-B5AE825874DB}
[2011/10/29 05:43:37 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{3DC0B751-9BC6-48F2-BF39-B648D11D53A9}
[2011/10/28 17:43:01 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{0EB83299-8115-4D51-BAEE-DDCE4741254F}
[2011/10/28 05:42:27 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{F6424066-E600-4DB4-9273-8C01C900025C}
[2011/10/27 17:41:51 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{72A3BAC0-E766-4697-B006-B74608057CE6}
[2011/10/27 05:41:10 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{FEC61A44-90AF-4347-AB20-B68D9194669F}
[2011/10/26 17:40:35 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{B0B050C5-5F13-4BAD-A334-9AE589773182}
[2011/10/26 05:40:03 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{356B0CFB-26EC-426E-BAA3-CE05C2C1E2D8}
[2011/10/25 17:39:32 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{359FCEBE-7990-4F97-8198-6428C2F088D8}
[2011/10/25 05:39:00 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{3423A6EF-E8A0-4978-BDF1-A6F60AC59B71}
[2011/10/24 17:38:30 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{C4A081CD-94AF-4B21-B42F-5497DE775F41}
[2011/10/24 09:28:37 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\Microsoft Games
[2011/10/24 05:38:00 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{1B2D8A7F-970E-4E8D-AF8B-A9C01CBE25A5}
[2011/10/23 17:37:31 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{057FD8D5-C992-49A9-8440-32AE88F0147D}
[2011/10/23 05:37:02 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{74AB5993-50A0-4A03-B589-BBAB27058FAA}
[2011/10/22 17:36:34 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{EF1C193A-AA47-4766-858B-451EE4B2264B}
[2011/10/22 05:36:05 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{C2455C65-BAA2-4CDE-AB5C-564F2B642691}
[2011/10/21 17:35:38 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{B4811046-0A7C-4EB3-AE30-71FDF60F6D3A}
[2011/10/21 05:35:10 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{AB1B270B-9B8F-4DFB-AA09-EFD20202A95F}
[2011/10/20 17:34:42 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{96729716-95F0-4756-B7F6-733504C3DB04}
[2011/10/20 05:34:15 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{E18A4DE2-43C9-4E85-A2F7-B9958155721C}
[2011/10/19 17:33:48 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{914C5AF3-7A88-4746-827F-D8796D7416B3}
[2011/10/19 05:33:22 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{5B50832A-E4C7-4B3A-A7C3-6E89EB1C6274}
[2011/10/18 17:32:56 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{A6BB88B6-104F-415F-8CCD-DC9481BBF595}
[2011/10/18 05:32:29 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{EFEB572C-D1D9-4530-8431-CA99C5A2B1BA}
[2011/10/17 17:32:03 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{3F7D4546-3096-44C8-95F8-66A13E36889A}
[2011/10/17 05:31:38 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{F04A283D-3DF0-4E47-97F6-B0F60FF22E74}
[2011/10/16 17:31:13 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{C77AB15E-D2D2-4D01-AAF2-DAE89EDF0681}
[2011/10/16 17:31:01 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{D32288D7-0AD4-46B7-951E-68DF21812BC2}
[2011/10/16 05:30:36 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{49224AAA-B72B-48D4-AE4D-0E96E06D77E2}
[2011/10/16 05:30:24 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{9B2182A1-7784-4409-B137-583188119E0A}
[2011/10/15 17:30:11 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{12170724-B536-47A0-9536-1D73EE3EC65F}
[2011/10/15 17:29:58 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{41CE4D19-B15E-4373-A390-12C55057950E}
[2011/10/15 05:29:44 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{9AEFF161-36B8-48F0-B59D-4E1EFC764BA3}
[2011/10/15 05:29:33 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{71C7E389-A36B-4DB6-BF3B-BF4F172E8B45}
[2011/10/14 17:29:19 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{C5857948-6208-4D04-A183-16EA4B94E248}
[2011/10/14 17:29:08 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{15AF7EB9-E426-4F55-AC62-471E12838F1C}
[2011/10/14 05:28:54 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{74E29617-D529-4D3B-BDC4-E70078294605}
[2011/10/14 05:28:43 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{7FB1650C-7722-4E51-9422-0F809C002631}
[2011/10/13 17:28:30 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{79B49105-364E-4824-9B35-8CD2544A0E5D}
[2011/10/13 17:28:18 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{E9EA43A9-B45F-4857-A27B-9461F3ABBA75}
[2011/10/13 05:28:05 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{B4F7B2F1-8E62-45A4-83AF-3C9386A96FA0}
[2011/10/13 05:27:54 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{AC2C66DF-C97F-4810-8CE5-91052FB079DB}
[2011/10/12 17:27:40 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{7F16F78E-F53D-4015-A913-CAE75C349B20}
[2011/10/12 17:27:29 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{D9EE5708-1E40-4763-983A-BE05C43E4F0E}
[2011/10/12 05:27:16 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{A9161CE8-0324-47C7-8821-4A20A3F34C92}
[2011/10/12 05:27:05 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{99D0AE6F-359B-4118-919D-FF95612EB0D7}
[2011/06/27 10:56:06 | 000,305,152 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcyhcp.dll
[2011/05/30 09:33:55 | 001,417,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcyserv.dll
[2011/05/30 09:33:55 | 001,099,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcyusb1.dll
[2011/05/30 09:33:55 | 000,695,808 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcycomc.dll
[2011/05/30 09:33:55 | 000,659,456 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcyhbn3.dll
[2011/05/30 09:33:55 | 000,566,192 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcycoms.exe
[2011/05/30 09:33:55 | 000,487,424 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcylmpm.dll
[2011/05/30 09:33:55 | 000,409,600 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcypmui.dll
[2011/05/30 09:33:55 | 000,249,856 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcycomm.dll
[2011/05/30 09:33:55 | 000,238,592 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcyinpa.dll
[2011/05/30 09:33:55 | 000,235,952 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcycfg.exe
[2011/05/30 09:33:55 | 000,233,392 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcyih.exe
[2011/05/30 09:33:55 | 000,226,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcyiesc.dll
[2011/05/30 09:33:55 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcyppls.exe
[2011/05/30 09:33:55 | 000,035,328 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcyprox.dll
[2011/05/30 09:33:55 | 000,010,752 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcypplc.dll
[2011/05/27 23:06:47 | 000,270,128 | ---- | C] (BitTorrent, Inc.) -- C:\Program Files\uTorrent.exe
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/10 17:22:55 | 000,009,920 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/10 17:22:55 | 000,009,920 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/10 17:21:42 | 000,735,702 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/10 17:21:42 | 000,620,608 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/10 17:21:42 | 000,110,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/10 17:14:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/10 17:14:44 | 523,116,543 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/10 16:59:25 | 004,288,812 | R--- | M] (Swearware) -- C:\Users\Magical\Desktop\ComboFix.exe
[2011/11/09 20:22:24 | 000,274,552 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/11/09 16:49:42 | 001,564,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Magical\Desktop\TDSSKiller.exe
[2011/11/07 08:39:31 | 000,420,800 | ---- | M] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2011/11/07 03:04:45 | 000,032,920 | ---- | M] (Emsisoft) -- C:\Windows\SysNative\drivers\oanet.sys
[2011/11/07 02:48:54 | 000,007,626 | ---- | M] () -- C:\Users\Magical\AppData\Local\resmon.resmoncfg
[2011/11/06 19:39:56 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/11/06 19:39:56 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/11/06 19:06:40 | 000,167,296 | ---- | M] (Gibson Research Corp.) -- C:\Users\Magical\Desktop\DNSBench.exe
[2011/11/05 17:47:53 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/11/05 02:41:17 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Magical\Desktop\aswMBR.exe
[2011/11/05 02:23:58 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/11/03 23:07:21 | 004,285,928 | ---- | M] () -- C:\Users\Magical\AppData\Local\census.cache
[2011/11/03 23:03:23 | 000,066,464 | ---- | M] () -- C:\Users\Magical\AppData\Local\ars.cache
[2011/11/03 18:44:38 | 000,000,118 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
[2011/11/03 18:43:17 | 000,000,036 | ---- | M] () -- C:\Users\Magical\AppData\Local\housecall.guid.cache
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/07 08:37:40 | 000,420,800 | ---- | C] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2011/11/05 17:47:53 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2011/11/05 02:21:02 | 000,002,490 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2011/11/05 02:21:02 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/11/05 02:21:02 | 000,002,435 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2010.lnk
[2011/11/05 02:21:02 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2011/11/05 02:21:02 | 000,001,462 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2011/11/05 02:21:02 | 000,001,378 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2011/11/05 02:21:02 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[2011/11/05 02:21:02 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011/11/05 02:21:02 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2011/11/05 02:21:02 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011/11/05 02:21:02 | 000,001,309 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2011/11/05 02:21:02 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2011/11/05 02:21:02 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2011/11/05 02:21:02 | 000,001,192 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
[2011/11/05 02:21:02 | 000,001,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\foobar2000.lnk
[2011/11/05 02:21:02 | 000,000,959 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[2011/11/05 02:19:29 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/05 02:19:29 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/05 02:19:29 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/05 02:19:29 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/05 02:19:29 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/03 18:47:29 | 004,285,928 | ---- | C] () -- C:\Users\Magical\AppData\Local\census.cache
[2011/11/03 18:47:25 | 000,066,464 | ---- | C] () -- C:\Users\Magical\AppData\Local\ars.cache
[2011/11/03 18:44:38 | 000,000,118 | ---- | C] () -- C:\Windows\SysNative\MRT.INI
[2011/11/03 18:43:17 | 000,000,036 | ---- | C] () -- C:\Users\Magical\AppData\Local\housecall.guid.cache
[2011/07/17 19:38:27 | 000,013,082 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp DSP Effects.dat
[2011/07/17 19:38:20 | 004,022,504 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2011/07/17 19:38:20 | 000,018,123 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat
[2011/06/19 20:45:14 | 001,007,358 | ---- | C] () -- C:\Program Files\Windows-Theme-Manager-Setup.exe
[2011/06/02 14:12:06 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011/05/30 09:33:55 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxcycomx.dll
[2011/05/30 09:33:55 | 000,194,048 | ---- | C] () -- C:\Windows\SysWow64\lxcyinst.dll
[2011/05/30 08:25:56 | 000,734,810 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/05/02 21:28:30 | 000,007,626 | ---- | C] () -- C:\Users\Magical\AppData\Local\resmon.resmoncfg
[2011/05/02 11:19:02 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/05/02 11:19:02 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/05/01 20:52:30 | 000,000,600 | ---- | C] () -- C:\Users\Magical\AppData\Roaming\winscp.rnd
[2011/05/01 18:30:50 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/05/01 18:09:29 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/02/10 07:57:24 | 000,002,975 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/10/27 12:02:31 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
[2009/07/14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/05/02 12:33:43 | 000,000,000 | ---D | M] -- C:\Users\Magical\AppData\Roaming\acccore
[2011/09/05 21:21:33 | 000,000,000 | ---D | M] -- C:\Users\Magical\AppData\Roaming\dBpoweramp
[2011/11/10 17:16:36 | 000,000,000 | ---D | M] -- C:\Users\Magical\AppData\Roaming\Dropbox
[2011/11/10 16:57:48 | 000,000,000 | ---D | M] -- C:\Users\Magical\AppData\Roaming\foobar2000
[2011/05/02 12:27:31 | 000,000,000 | ---D | M] -- C:\Users\Magical\AppData\Roaming\Notepad++
[2011/05/01 15:51:51 | 000,000,000 | ---D | M] -- C:\Users\Magical\AppData\Roaming\OEM
[2011/11/10 17:13:43 | 000,000,000 | ---D | M] -- C:\Users\Magical\AppData\Roaming\SoftGrid Client
[2011/11/06 21:55:55 | 000,000,000 | ---D | M] -- C:\Users\Magical\AppData\Roaming\TeraCopy
[2011/06/19 20:47:46 | 000,000,000 | ---D | M] -- C:\Users\Magical\AppData\Roaming\ThemeManager
[2011/05/30 08:26:29 | 000,000,000 | ---D | M] -- C:\Users\Magical\AppData\Roaming\TP
[2011/11/10 17:19:35 | 000,000,000 | ---D | M] -- C:\Users\Magical\AppData\Roaming\uTorrent
[2011/07/31 04:35:25 | 000,000,000 | ---D | M] -- C:\Users\Magical\AppData\Roaming\Windows Live Writer
[2009/07/14 06:08:49 | 000,012,932 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:0B9176C0

< End of report >

Attached Files


  • 0

#18
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,779 posts
  • MVP
This should work if the infection is gone. If not you may need to do a System Restore to get back on line so make sure it is working.


Copy the text in the code box by highlighting and Ctrl + c

:processes
killallprocesses

:OTL
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found

:files
C:\Windows\System32\consrv.dll
mkdir \Windows\System32\consrv.dll /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems" /s /c
     
:Commands
[EMPTYTEMP]
[purity]
[Reboot]


then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done.

Ron
  • 0

#19
Magicless

Magicless

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
I'm not sure if this is related but when OTL was running the system crashed and I got this:

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7601.2.1.0.768.3
Locale ID: 1043

Additional information about the problem:
BCCode: f4
BCP1: 0000000000000006
BCP2: FFFFFA8009C77630
BCP3: FFFFFA8009C77340
BCP4: FFFFF80002FCA880
OS Version: 6_1_7601
Service Pack: 1_0
Product: 768_1

Files that help describe the problem:
C:\Windows\Minidump\111011-21122-01.dmp
C:\Users\Magical\AppData\Local\Temp\WER-30170-0.sysdata.xml

Going to try it again and see if I get the same :)
  • 0

#20
Magicless

Magicless

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
I ended up having a spot of bother - couldn't access the net there was a whole load of error messages I was getting - the windows event service (or something very very similar) was broken and I wasn't able to do much of anything to fix that so I decided to bite the bullet and do a restore from a previous restore date - went back to the 5th in the end and it took 5 tries to manage to actually restore it without it stalling on anti virus stuff that I'd completely turned off. In fact it was only after uninstalling avast and zone alarm that it even worked. Nothing like a nice quiet evening at the computer :)

I'll just wander off and re-do the ComboFix and TDSSKiller stuff as that of course will have been undone by the restore and I'll be back with more logs etc later.


Or perhaps just do a second restore to before the date of the problems? not really sure why I did that one - probably just a date I remember hehe.


Sorry to be a bother :yes:

Edited by Magicless, 10 November 2011 - 04:36 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP