ok here goes:
2 x ComboFix logs (attached)
TDSSKiller found nothing (log also attached)
OTL log:
OTL logfile created on: 11/10/2011 5:34:21 PM - Run 5
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Magical\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Netherlands | Language: NLD | Date Format: d-M-yyyy
5.98 Gb Total Physical Memory | 4.20 Gb Available Physical Memory | 70.17% Memory free
11.96 Gb Paging File | 10.16 Gb Available in Paging File | 84.91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 922.95 Gb Total Space | 882.35 Gb Free Space | 95.60% Space Free | Partition Type: NTFS
Drive D: | 488.39 Gb Total Space | 278.45 Gb Free Space | 57.01% Space Free | Partition Type: NTFS
Drive F: | 195.31 Gb Total Space | 152.98 Gb Free Space | 78.33% Space Free | Partition Type: NTFS
Drive G: | 270.44 Gb Total Space | 211.28 Gb Free Space | 78.12% Space Free | Partition Type: NTFS
Drive M: | 434.57 Gb Total Space | 97.21 Gb Free Space | 22.37% Space Free | Partition Type: NTFS
Computer Name: BROOMSTICK | User Name: Magical | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - [2011/11/09 16:49:42 | 001,564,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Magical\Desktop\TDSSKiller.exe
PRC - [2011/11/09 16:27:49 | 000,912,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/11/04 09:18:50 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Magical\Downloads\OTL.com
PRC - [2011/09/06 22:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/09/06 22:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/12/03 07:00:42 | 000,618,600 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
PRC - [2010/10/05 14:08:46 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/10/05 14:08:42 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/09/14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/09/14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/09/14 02:32:32 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/09/14 02:32:30 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/05/27 03:41:24 | 000,349,552 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
PRC - [2010/03/11 06:11:56 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
PRC - [2010/03/11 06:11:42 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
PRC - [2010/01/29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2010/01/08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2009/05/01 12:54:44 | 000,291,496 | ---- | M] () -- C:\Program Files (x86)\Lexmark 3400 Series\lxcymon.exe
PRC - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
========== Modules (No Company Name) ========== MOD - [2011/11/09 16:27:49 | 000,849,368 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\js3250.dll
MOD - [2011/11/03 20:00:31 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\60c320dbe033e8ff4830cdc059933f2c\IAStorUtil.ni.dll
MOD - [2011/11/03 20:00:31 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\ebfad289d9759034cd3a887802fadb5b\IAStorCommon.ni.dll
MOD - [2011/11/03 18:53:23 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll
MOD - [2011/11/03 18:52:54 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011/11/03 18:52:46 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011/11/03 18:52:30 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
MOD - [2011/11/03 18:52:25 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011/11/03 18:52:21 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011/11/03 18:52:20 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/11/03 18:51:31 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2010/12/03 07:00:42 | 000,618,600 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
MOD - [2010/12/03 04:44:54 | 000,151,656 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll
MOD - [2009/08/11 12:54:28 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\MultiScreen\TitleBar.dll
MOD - [2009/05/01 12:54:44 | 000,291,496 | ---- | M] () -- C:\Program Files (x86)\Lexmark 3400 Series\lxcymon.exe
MOD - [2006/08/08 14:54:18 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\Lexmark 3400 Series\lxcyscw.dll
MOD - [2006/02/13 08:04:20 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Lexmark 3400 Series\lxcydrec.dll
========== Win32 Services (SafeList) ========== SRV:
64bit: - [2011/09/06 22:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:
64bit: - [2011/01/10 10:03:43 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:
64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:
64bit: - [2010/01/29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV:
64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/03/18 01:26:14 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Stopped] -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2010/10/05 14:08:46 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2010/10/05 14:08:42 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/09/14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/09/14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/09/14 02:32:32 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2010/05/27 03:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
========== Driver Services (SafeList) ========== DRV:
64bit: - [2011/09/06 22:38:18 | 000,601,944 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:
64bit: - [2011/09/06 22:38:16 | 000,301,912 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:
64bit: - [2011/09/06 22:36:41 | 000,058,200 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:
64bit: - [2011/09/06 22:36:41 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:
64bit: - [2011/09/06 22:36:30 | 000,065,368 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:
64bit: - [2011/09/06 22:36:14 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:
64bit: - [2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:
64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:
64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:
64bit: - [2011/01/15 17:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:
64bit: - [2011/01/10 10:31:20 | 008,283,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:
64bit: - [2011/01/10 09:28:18 | 000,295,424 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:
64bit: - [2010/12/21 09:31:00 | 000,316,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) Intel®
DRV:
64bit: - [2010/12/16 23:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:
64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:
64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:
64bit: - [2010/11/17 13:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:
64bit: - [2010/10/19 22:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:
64bit: - [2010/09/14 04:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:
64bit: - [2010/09/14 04:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:
64bit: - [2010/09/14 04:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:
64bit: - [2010/09/14 04:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:
64bit: - [2010/09/14 02:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:
64bit: - [2010/08/11 04:40:06 | 001,014,624 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:
64bit: - [2010/05/15 16:30:52 | 000,458,840 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant)
DRV:
64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:
64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:
64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:
64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:
64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:
64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:
64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:
64bit: - [2009/06/03 03:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:
64bit: - [2009/06/03 03:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:
64bit: - [2009/06/03 03:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:
64bit: - [2008/07/26 15:26:34 | 000,050,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:
64bit: - [2008/07/26 15:22:34 | 002,624,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:
64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://acer.msn.comIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://acer.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ========== FF - prefs.js..extensions.enabledItems:
[email protected]:4.0.2
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.87
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.12
FF - prefs.js..extensions.enabledItems: {b442f4c0-c292-4998-aabe-48608a73ba75}:1.0.1.3
FF - prefs.js..extensions.enabledItems: {1f91cde0-c040-11da-a94d-0800200c9a66}:9
FF - prefs.js..extensions.enabledItems: {FBF6D7FB-F305-4445-BB3D-FEF66579A033}:5.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..extensions.enabledItems:
[email protected]:0.9.2
FF - prefs.js..extensions.enabledItems:
[email protected]:1.7
FF - prefs.js..extensions.enabledItems:
[email protected]:1.1.2
FF - prefs.js..extensions.enabledItems:
[email protected]:1.19.1
FF - prefs.js..extensions.enabledItems:
[email protected]:3.5
FF - prefs.js..extensions.enabledItems:
[email protected]:1.12.3.53363
FF - prefs.js..extensions.enabledItems:
[email protected]:1.4.3
FF - prefs.js..extensions.enabledItems: tabcounter@morac:1.8.8
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.6
FF - prefs.js..extensions.enabledItems: {7d575baa-b543-11dc-8314-0800200c9a66}:2.0.5
FF - prefs.js..extensions.enabledItems: {89506680-e3f4-484c-a2c0-ed711d481eda}:0.9.5.7
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
FF - prefs.js..extensions.enabledItems: {446c03e0-2c35-11db-a98b-0800200c9a66}:0.6.2.15
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems:
[email protected]:6.0.1289
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems:
[email protected]:1.3.6
FF:
64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\
[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/11/05 17:47:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/09 16:27:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/09 16:27:50 | 000,000,000 | ---D | M]
[2011/05/01 18:09:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Magical\AppData\Roaming\Mozilla\Extensions
[2011/11/10 00:10:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Magical\AppData\Roaming\Mozilla\Firefox\Profiles\8ts1yyzy.default\extensions
[2011/05/02 12:16:00 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\Magical\AppData\Roaming\Mozilla\Firefox\Profiles\8ts1yyzy.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2011/05/02 12:15:59 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Users\Magical\AppData\Roaming\Mozilla\Firefox\Profiles\8ts1yyzy.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2011/09/13 12:21:34 | 000,000,000 | ---D | M] (RSS Ticker) -- C:\Users\Magical\AppData\Roaming\Mozilla\Firefox\Profiles\8ts1yyzy.default\extensions\{1f91cde0-c040-11da-a94d-0800200c9a66}
[2011/08/26 08:18:32 | 000,000,000 | ---D | M] (Integrated Gmail) -- C:\Users\Magical\AppData\Roaming\Mozilla\Firefox\Profiles\8ts1yyzy.default\extensions\{28197867-b1ef-4140-8e3b-55c45b9c8460}
[2011/06/16 01:41:34 | 000,000,000 | ---D | M] (Favicon Picker 2) -- C:\Users\Magical\AppData\Roaming\Mozilla\Firefox\Profiles\8ts1yyzy.default\extensions\{446c03e0-2c35-11db-a98b-0800200c9a66}
[2011/06/06 01:55:11 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Magical\AppData\Roaming\Mozilla\Firefox\Profiles\8ts1yyzy.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2011/05/02 12:16:00 | 000,000,000 | ---D | M] (BitmeTV Menu) -- C:\Users\Magical\AppData\Roaming\Mozilla\Firefox\Profiles\8ts1yyzy.default\extensions\{633b7287-e788-4131-a31c-db09d8ebbe51}(2)
[2011/05/02 12:16:00 | 000,000,000 | ---D | M] (DNS Flusher) -- C:\Users\Magical\AppData\Roaming\Mozilla\Firefox\Profiles\8ts1yyzy.default\extensions\{7d575baa-b543-11dc-8314-0800200c9a66}
[2011/08/31 21:54:04 | 000,000,000 | ---D | M] (Showcase) -- C:\Users\Magical\AppData\Roaming\Mozilla\Firefox\Profiles\8ts1yyzy.default\extensions\{89506680-e3f4-484c-a2c0-ed711d481eda}
[2011/08/26 13:00:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Magical\AppData\Roaming\Mozilla\Firefox\Profiles\8ts1yyzy.default\extensions\{961408A3-C970-4577-970A-D97C29839A67}
[2011/05/01 21:32:21 | 000,000,000 | ---D | M] (Smartest Bookmarks Bar) -- C:\Users\Magical\AppData\Roaming\Mozilla\Firefox\Profiles\8ts1yyzy.default\extensions\{b442f4c0-c292-4998-aabe-48608a73ba75}
[2011/10/01 01:21:40 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Magical\AppData\Roaming\Mozilla\Firefox\Profiles\8ts1yyzy.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/10/16 21:04:20 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Magical\AppData\Roaming\Mozilla\Firefox\Profiles\8ts1yyzy.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/05/02 12:16:00 | 000,000,000 | ---D | M] (Multirow Bookmarks Toolbar) -- C:\Users\Magical\AppData\Roaming\Mozilla\Firefox\Profiles\8ts1yyzy.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}
[2011/10/01 01:21:41 | 000,000,000 | ---D | M] (Add-on Compatibility Reporter) -- C:\Users\Magical\AppData\Roaming\Mozilla\Firefox\Profiles\8ts1yyzy.default\extensions\
[email protected][2011/05/02 12:15:57 | 000,000,000 | ---D | M] (DNS Cache) -- C:\Users\Magical\AppData\Roaming\Mozilla\Firefox\Profiles\8ts1yyzy.default\extensions\
[email protected][2011/10/01 01:21:40 | 000,000,000 | ---D | M] (Element Hiding Helper for Adblock Plus) -- C:\Users\Magical\AppData\Roaming\Mozilla\Firefox\Profiles\8ts1yyzy.default\extensions\
[email protected][2011/05/02 12:10:15 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\Magical\AppData\Roaming\Mozilla\Firefox\Profiles\8ts1yyzy.default\extensions\
[email protected][2011/08/25 20:57:40 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Magical\AppData\Roaming\Mozilla\Firefox\Profiles\8ts1yyzy.default\extensions\
[email protected][2011/11/09 00:09:11 | 000,000,000 | ---D | M] (Webmail Ad Blocker) -- C:\Users\Magical\AppData\Roaming\Mozilla\Firefox\Profiles\8ts1yyzy.default\extensions\
[email protected][2011/11/09 00:09:13 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\Magical\AppData\Roaming\Mozilla\Firefox\Profiles\8ts1yyzy.default\extensions\
[email protected][2011/05/02 12:10:16 | 000,000,000 | ---D | M] (Smart Bookmarks Bar) -- C:\Users\Magical\AppData\Roaming\Mozilla\Firefox\Profiles\8ts1yyzy.default\extensions\
[email protected][2011/05/02 12:10:17 | 000,000,000 | ---D | M] (Tab Counter) -- C:\Users\Magical\AppData\Roaming\Mozilla\Firefox\Profiles\8ts1yyzy.default\extensions\tabcounter@morac
[2011/10/01 01:21:41 | 000,000,000 | ---D | M] (BlackFox V1-Blue) -- C:\Users\Magical\AppData\Roaming\Mozilla\Firefox\Profiles\8ts1yyzy.default\extensions\
[email protected][2011/08/26 13:00:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Magical\AppData\Roaming\Mozilla\Firefox\Profiles\8ts1yyzy.default\extensions\
[email protected][2011/11/08 12:57:38 | 000,001,032 | ---- | M] () -- C:\Users\Magical\AppData\Roaming\Mozilla\Firefox\Profiles\8ts1yyzy.default\searchplugins\exigo.xml
[2010/04/30 18:04:17 | 000,001,504 | ---- | M] () -- C:\Users\Magical\AppData\Roaming\Mozilla\Firefox\Profiles\8ts1yyzy.default\searchplugins\imdb.xml
[2010/04/24 17:18:48 | 000,002,352 | ---- | M] () -- C:\Users\Magical\AppData\Roaming\Mozilla\Firefox\Profiles\8ts1yyzy.default\searchplugins\search-firefox-addons.xml
[2010/05/25 00:38:29 | 000,004,140 | ---- | M] () -- C:\Users\Magical\AppData\Roaming\Mozilla\Firefox\Profiles\8ts1yyzy.default\searchplugins\youtube.xml
[2011/11/10 00:10:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/05/01 20:50:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2011/09/28 09:35:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/11/06 15:16:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/11/05 17:47:39 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/04/21 00:07:17 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/04/21 00:07:17 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/04/21 00:07:17 | 000,000,769 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/04/21 00:07:17 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml
O1 HOSTS File: ([2011/11/05 02:23:58 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:
64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:
64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:
64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark 3400 Series\ezprint.exe (Lexmark International Inc.)
O4:
64bit: - HKLM..\Run: [LXCYCATS] C:\Windows\SysNative\spool\DRIVERS\x64\3\LXCYtime.DLL (Lexmark International Inc.)
O4:
64bit: - HKLM..\Run: [lxcymon.exe] C:\Program Files (x86)\Lexmark 3400 Series\lxcymon.exe ()
O4:
64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:
64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [Aim] C:\Program Files (x86)\AIM\aim.exe (AOL Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [MultiScreen] C:\Program Files (x86)\MultiScreen\MultiScreen.exe ()
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\Magical\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Magical\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:
64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:
64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:
64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:
64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4DC80F5F-8843-40AD-930A-E6ECA0C8B00F}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4DC80F5F-8843-40AD-930A-E6ECA0C8B00F}: NameServer = 8.8.8.8,8.8.4.4
O18:
64bit: - Protocol\Handler\livecall - No CLSID value found
O18:
64bit: - Protocol\Handler\msnim - No CLSID value found
O18:
64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:
64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:
64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:
64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:
64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:
64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/02/22 11:24:38 | 000,000,000 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:
64bit: - HKLM\..comfile [open] -- "%1" %*
O35:
64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:
64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:
64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ========== [2011/11/10 17:26:32 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/11/10 06:42:35 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{48BE62A2-36F1-4D79-95E4-A358EC64327B}
[2011/11/10 06:42:12 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{7289CC38-29CC-44F1-8458-CBDE3782EEC7}
[2011/11/09 18:41:46 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{400671E6-B2A7-48B5-8878-F79A86E24D7B}
[2011/11/09 06:41:08 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{75F07E25-59CB-4D87-8C7E-3C534864F231}
[2011/11/08 18:40:25 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{3D4925C8-06F9-48E9-8DA2-EC0FC9A0F25E}
[2011/11/08 06:39:49 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{962A94B5-8635-4C14-B3F5-11B216ACA47C}
[2011/11/07 18:39:13 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{92CF4F49-7D16-4F2D-ABC9-12855CEF9E59}
[2011/11/07 18:38:51 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{B94E1794-073E-4D47-9FA3-E8D3A9A52DDD}
[2011/11/07 09:17:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
[2011/11/07 08:38:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZoneAlarm
[2011/11/07 08:37:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ZoneLabs
[2011/11/07 08:36:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Zone Labs
[2011/11/07 08:35:45 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs
[2011/11/07 08:35:45 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2011/11/07 06:38:25 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{EFA80663-C2C5-4551-A6B3-2ED0A881C96D}
[2011/11/07 06:37:46 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{F8526256-6F02-437A-8657-2838377AA499}
[2011/11/07 03:04:45 | 000,032,920 | ---- | C] (Emsisoft) -- C:\Windows\SysNative\drivers\oanet.sys
[2011/11/06 19:07:24 | 000,167,296 | ---- | C] (Gibson Research Corp.) -- C:\Users\Magical\Desktop\DNSBench.exe
[2011/11/06 18:37:20 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{1F2EA325-926A-4C7D-89DC-A0147BDFACF0}
[2011/11/06 15:16:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/11/06 06:36:41 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{E961B8DC-96D3-4AE1-930D-54B0FA533DE5}
[2011/11/06 00:42:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\logishrd
[2011/11/05 18:35:40 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{69E7E7DA-E3CE-4706-996E-3D1722EF7070}
[2011/11/05 18:35:28 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{3F7BDE34-F4B3-442E-9F76-75569951F066}
[2011/11/05 17:48:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/11/05 17:48:04 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011/11/05 17:48:02 | 000,301,912 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/11/05 17:48:00 | 000,042,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/11/05 17:47:58 | 000,058,200 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/11/05 17:47:57 | 000,601,944 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/11/05 17:47:53 | 000,254,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/11/05 17:47:53 | 000,065,368 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/11/05 17:47:35 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/11/05 17:47:35 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/11/05 17:47:31 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/11/05 17:47:31 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/11/05 16:53:43 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{C3FC1CF1-624F-4DC2-B9C3-ED0D2286541B}
[2011/11/05 16:50:08 | 000,000,000 | ---D | C] -- C:\Windows\assemby
[2011/11/05 03:49:14 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/05 02:41:19 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Magical\Desktop\aswMBR.exe
[2011/11/05 02:31:20 | 001,564,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Magical\Desktop\TDSSKiller.exe
[2011/11/05 02:19:29 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/11/05 02:19:29 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/11/05 02:19:29 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/11/05 02:19:25 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/11/05 02:19:23 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/05 02:13:40 | 004,288,812 | R--- | C] (Swearware) -- C:\Users\Magical\Desktop\ComboFix.exe
[2011/11/05 02:04:45 | 000,000,000 | ---D | C] -- C:\Users\Magical\Desktop\lost
[2011/11/04 20:34:55 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{A74238AF-F985-4C54-B753-3C3E0B5FF6F7}
[2011/11/04 20:34:44 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{1E75554F-0FA9-4128-8F2D-A41333AD2C7A}
[2011/11/04 08:34:11 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{A48E29C5-8D30-46E1-B3DD-A4ACBB35EE02}
[2011/11/04 08:33:59 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{5CBBD8B9-07D0-4110-B258-D84D562E514F}
[2011/11/03 23:33:46 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Roaming\Malwarebytes
[2011/11/03 23:32:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/03 23:32:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/03 23:32:42 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/11/03 23:32:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/11/03 19:32:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011/11/03 18:43:56 | 000,200,976 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysWow64\drivers\tmcomm.sys
[2011/11/03 17:50:36 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{D4C94249-A4BD-4B7D-887D-884E143AAD16}
[2011/11/03 05:49:54 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{D63D7844-9801-42DD-ADE6-4831ED93C8D2}
[2011/11/02 17:49:12 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{87E3EBB1-7FF7-4901-99D7-4DAF46AAF9D3}
[2011/11/02 05:48:33 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{43EDBA0A-6DD0-4C23-B7E8-B1B0A86B9334}
[2011/11/01 17:47:55 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{EE36652D-BAFE-4F17-9AD5-3E4DF5765A31}
[2011/11/01 05:47:18 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{637D5548-7DE6-49B0-8549-1D983001FA07}
[2011/10/31 17:46:40 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{F784FAAE-CC16-49BD-947A-884C8279F464}
[2011/10/31 11:18:29 | 000,000,000 | ---D | C] -- C:\Users\Magical\Documents\Stuff that used to be in dropbox
[2011/10/31 05:46:02 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{92CBC907-2386-47DA-9958-63C7EFF57ED9}
[2011/10/30 17:45:25 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{35E733DD-0BA5-440F-BEC9-749E4867548A}
[2011/10/30 05:44:49 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{5CC4A491-409E-49DE-8278-786C38FA7BDC}
[2011/10/29 17:44:12 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{E6782204-61AC-493C-8AEE-B5AE825874DB}
[2011/10/29 05:43:37 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{3DC0B751-9BC6-48F2-BF39-B648D11D53A9}
[2011/10/28 17:43:01 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{0EB83299-8115-4D51-BAEE-DDCE4741254F}
[2011/10/28 05:42:27 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{F6424066-E600-4DB4-9273-8C01C900025C}
[2011/10/27 17:41:51 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{72A3BAC0-E766-4697-B006-B74608057CE6}
[2011/10/27 05:41:10 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{FEC61A44-90AF-4347-AB20-B68D9194669F}
[2011/10/26 17:40:35 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{B0B050C5-5F13-4BAD-A334-9AE589773182}
[2011/10/26 05:40:03 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{356B0CFB-26EC-426E-BAA3-CE05C2C1E2D8}
[2011/10/25 17:39:32 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{359FCEBE-7990-4F97-8198-6428C2F088D8}
[2011/10/25 05:39:00 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{3423A6EF-E8A0-4978-BDF1-A6F60AC59B71}
[2011/10/24 17:38:30 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{C4A081CD-94AF-4B21-B42F-5497DE775F41}
[2011/10/24 09:28:37 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\Microsoft Games
[2011/10/24 05:38:00 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{1B2D8A7F-970E-4E8D-AF8B-A9C01CBE25A5}
[2011/10/23 17:37:31 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{057FD8D5-C992-49A9-8440-32AE88F0147D}
[2011/10/23 05:37:02 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{74AB5993-50A0-4A03-B589-BBAB27058FAA}
[2011/10/22 17:36:34 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{EF1C193A-AA47-4766-858B-451EE4B2264B}
[2011/10/22 05:36:05 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{C2455C65-BAA2-4CDE-AB5C-564F2B642691}
[2011/10/21 17:35:38 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{B4811046-0A7C-4EB3-AE30-71FDF60F6D3A}
[2011/10/21 05:35:10 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{AB1B270B-9B8F-4DFB-AA09-EFD20202A95F}
[2011/10/20 17:34:42 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{96729716-95F0-4756-B7F6-733504C3DB04}
[2011/10/20 05:34:15 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{E18A4DE2-43C9-4E85-A2F7-B9958155721C}
[2011/10/19 17:33:48 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{914C5AF3-7A88-4746-827F-D8796D7416B3}
[2011/10/19 05:33:22 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{5B50832A-E4C7-4B3A-A7C3-6E89EB1C6274}
[2011/10/18 17:32:56 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{A6BB88B6-104F-415F-8CCD-DC9481BBF595}
[2011/10/18 05:32:29 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{EFEB572C-D1D9-4530-8431-CA99C5A2B1BA}
[2011/10/17 17:32:03 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{3F7D4546-3096-44C8-95F8-66A13E36889A}
[2011/10/17 05:31:38 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{F04A283D-3DF0-4E47-97F6-B0F60FF22E74}
[2011/10/16 17:31:13 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{C77AB15E-D2D2-4D01-AAF2-DAE89EDF0681}
[2011/10/16 17:31:01 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{D32288D7-0AD4-46B7-951E-68DF21812BC2}
[2011/10/16 05:30:36 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{49224AAA-B72B-48D4-AE4D-0E96E06D77E2}
[2011/10/16 05:30:24 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{9B2182A1-7784-4409-B137-583188119E0A}
[2011/10/15 17:30:11 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{12170724-B536-47A0-9536-1D73EE3EC65F}
[2011/10/15 17:29:58 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{41CE4D19-B15E-4373-A390-12C55057950E}
[2011/10/15 05:29:44 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{9AEFF161-36B8-48F0-B59D-4E1EFC764BA3}
[2011/10/15 05:29:33 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{71C7E389-A36B-4DB6-BF3B-BF4F172E8B45}
[2011/10/14 17:29:19 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{C5857948-6208-4D04-A183-16EA4B94E248}
[2011/10/14 17:29:08 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{15AF7EB9-E426-4F55-AC62-471E12838F1C}
[2011/10/14 05:28:54 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{74E29617-D529-4D3B-BDC4-E70078294605}
[2011/10/14 05:28:43 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{7FB1650C-7722-4E51-9422-0F809C002631}
[2011/10/13 17:28:30 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{79B49105-364E-4824-9B35-8CD2544A0E5D}
[2011/10/13 17:28:18 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{E9EA43A9-B45F-4857-A27B-9461F3ABBA75}
[2011/10/13 05:28:05 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{B4F7B2F1-8E62-45A4-83AF-3C9386A96FA0}
[2011/10/13 05:27:54 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{AC2C66DF-C97F-4810-8CE5-91052FB079DB}
[2011/10/12 17:27:40 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{7F16F78E-F53D-4015-A913-CAE75C349B20}
[2011/10/12 17:27:29 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{D9EE5708-1E40-4763-983A-BE05C43E4F0E}
[2011/10/12 05:27:16 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{A9161CE8-0324-47C7-8821-4A20A3F34C92}
[2011/10/12 05:27:05 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{99D0AE6F-359B-4118-919D-FF95612EB0D7}
[2011/06/27 10:56:06 | 000,305,152 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcyhcp.dll
[2011/05/30 09:33:55 | 001,417,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcyserv.dll
[2011/05/30 09:33:55 | 001,099,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcyusb1.dll
[2011/05/30 09:33:55 | 000,695,808 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcycomc.dll
[2011/05/30 09:33:55 | 000,659,456 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcyhbn3.dll
[2011/05/30 09:33:55 | 000,566,192 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcycoms.exe
[2011/05/30 09:33:55 | 000,487,424 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcylmpm.dll
[2011/05/30 09:33:55 | 000,409,600 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcypmui.dll
[2011/05/30 09:33:55 | 000,249,856 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcycomm.dll
[2011/05/30 09:33:55 | 000,238,592 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcyinpa.dll
[2011/05/30 09:33:55 | 000,235,952 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcycfg.exe
[2011/05/30 09:33:55 | 000,233,392 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcyih.exe
[2011/05/30 09:33:55 | 000,226,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcyiesc.dll
[2011/05/30 09:33:55 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcyppls.exe
[2011/05/30 09:33:55 | 000,035,328 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcyprox.dll
[2011/05/30 09:33:55 | 000,010,752 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcypplc.dll
[2011/05/27 23:06:47 | 000,270,128 | ---- | C] (BitTorrent, Inc.) -- C:\Program Files\uTorrent.exe
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2011/11/10 17:22:55 | 000,009,920 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/10 17:22:55 | 000,009,920 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/10 17:21:42 | 000,735,702 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/10 17:21:42 | 000,620,608 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/10 17:21:42 | 000,110,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/10 17:14:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/10 17:14:44 | 523,116,543 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/10 16:59:25 | 004,288,812 | R--- | M] (Swearware) -- C:\Users\Magical\Desktop\ComboFix.exe
[2011/11/09 20:22:24 | 000,274,552 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/11/09 16:49:42 | 001,564,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Magical\Desktop\TDSSKiller.exe
[2011/11/07 08:39:31 | 000,420,800 | ---- | M] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2011/11/07 03:04:45 | 000,032,920 | ---- | M] (Emsisoft) -- C:\Windows\SysNative\drivers\oanet.sys
[2011/11/07 02:48:54 | 000,007,626 | ---- | M] () -- C:\Users\Magical\AppData\Local\resmon.resmoncfg
[2011/11/06 19:39:56 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/11/06 19:39:56 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/11/06 19:06:40 | 000,167,296 | ---- | M] (Gibson Research Corp.) -- C:\Users\Magical\Desktop\DNSBench.exe
[2011/11/05 17:47:53 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/11/05 02:41:17 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Magical\Desktop\aswMBR.exe
[2011/11/05 02:23:58 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/11/03 23:07:21 | 004,285,928 | ---- | M] () -- C:\Users\Magical\AppData\Local\census.cache
[2011/11/03 23:03:23 | 000,066,464 | ---- | M] () -- C:\Users\Magical\AppData\Local\ars.cache
[2011/11/03 18:44:38 | 000,000,118 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
[2011/11/03 18:43:17 | 000,000,036 | ---- | M] () -- C:\Users\Magical\AppData\Local\housecall.guid.cache
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
========== Files Created - No Company Name ========== [2011/11/07 08:37:40 | 000,420,800 | ---- | C] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2011/11/05 17:47:53 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2011/11/05 02:21:02 | 000,002,490 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2011/11/05 02:21:02 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/11/05 02:21:02 | 000,002,435 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2010.lnk
[2011/11/05 02:21:02 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2011/11/05 02:21:02 | 000,001,462 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2011/11/05 02:21:02 | 000,001,378 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2011/11/05 02:21:02 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[2011/11/05 02:21:02 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011/11/05 02:21:02 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2011/11/05 02:21:02 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011/11/05 02:21:02 | 000,001,309 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2011/11/05 02:21:02 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2011/11/05 02:21:02 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2011/11/05 02:21:02 | 000,001,192 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
[2011/11/05 02:21:02 | 000,001,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\foobar2000.lnk
[2011/11/05 02:21:02 | 000,000,959 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[2011/11/05 02:19:29 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/05 02:19:29 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/05 02:19:29 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/05 02:19:29 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/05 02:19:29 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/03 18:47:29 | 004,285,928 | ---- | C] () -- C:\Users\Magical\AppData\Local\census.cache
[2011/11/03 18:47:25 | 000,066,464 | ---- | C] () -- C:\Users\Magical\AppData\Local\ars.cache
[2011/11/03 18:44:38 | 000,000,118 | ---- | C] () -- C:\Windows\SysNative\MRT.INI
[2011/11/03 18:43:17 | 000,000,036 | ---- | C] () -- C:\Users\Magical\AppData\Local\housecall.guid.cache
[2011/07/17 19:38:27 | 000,013,082 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp DSP Effects.dat
[2011/07/17 19:38:20 | 004,022,504 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2011/07/17 19:38:20 | 000,018,123 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat
[2011/06/19 20:45:14 | 001,007,358 | ---- | C] () -- C:\Program Files\Windows-Theme-Manager-Setup.exe
[2011/06/02 14:12:06 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011/05/30 09:33:55 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxcycomx.dll
[2011/05/30 09:33:55 | 000,194,048 | ---- | C] () -- C:\Windows\SysWow64\lxcyinst.dll
[2011/05/30 08:25:56 | 000,734,810 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/05/02 21:28:30 | 000,007,626 | ---- | C] () -- C:\Users\Magical\AppData\Local\resmon.resmoncfg
[2011/05/02 11:19:02 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/05/02 11:19:02 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/05/01 20:52:30 | 000,000,600 | ---- | C] () -- C:\Users\Magical\AppData\Roaming\winscp.rnd
[2011/05/01 18:30:50 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/05/01 18:09:29 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/02/10 07:57:24 | 000,002,975 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/10/27 12:02:31 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
[2009/07/14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
========== LOP Check ========== [2011/05/02 12:33:43 | 000,000,000 | ---D | M] -- C:\Users\Magical\AppData\Roaming\acccore
[2011/09/05 21:21:33 | 000,000,000 | ---D | M] -- C:\Users\Magical\AppData\Roaming\dBpoweramp
[2011/11/10 17:16:36 | 000,000,000 | ---D | M] -- C:\Users\Magical\AppData\Roaming\Dropbox
[2011/11/10 16:57:48 | 000,000,000 | ---D | M] -- C:\Users\Magical\AppData\Roaming\foobar2000
[2011/05/02 12:27:31 | 000,000,000 | ---D | M] -- C:\Users\Magical\AppData\Roaming\Notepad++
[2011/05/01 15:51:51 | 000,000,000 | ---D | M] -- C:\Users\Magical\AppData\Roaming\OEM
[2011/11/10 17:13:43 | 000,000,000 | ---D | M] -- C:\Users\Magical\AppData\Roaming\SoftGrid Client
[2011/11/06 21:55:55 | 000,000,000 | ---D | M] -- C:\Users\Magical\AppData\Roaming\TeraCopy
[2011/06/19 20:47:46 | 000,000,000 | ---D | M] -- C:\Users\Magical\AppData\Roaming\ThemeManager
[2011/05/30 08:26:29 | 000,000,000 | ---D | M] -- C:\Users\Magical\AppData\Roaming\TP
[2011/11/10 17:19:35 | 000,000,000 | ---D | M] -- C:\Users\Magical\AppData\Roaming\uTorrent
[2011/07/31 04:35:25 | 000,000,000 | ---D | M] -- C:\Users\Magical\AppData\Roaming\Windows Live Writer
[2009/07/14 06:08:49 | 000,012,932 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:0B9176C0
< End of report >