Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Win32/Olmarik.TDL4 trojan

Started by easeuk , Nov 07 2011 03:40 PM

  • Please log in to reply

#1
easeuk
Posted 07 November 2011 - 03:40 PM

easeuk

    New Member

  • Member
  • Pip
  • 1 posts
Hi there, 2 days ago I opened a link NTS RADIO and then NOD32 kept giving notifications saying that various different trojans were detected and cleaned, but then shortly after about 30 windows quickly opened saying something about system 32. Ever since then NOD32 has been giving me a notification saying "Operating memory - Win32/Olmarik.TDL4 trojan - unable to clean", I have searched around for a fix and tried numerous things but I am still infected.

I have tried using:
tdsskiller - which wont even detect the infection
EOlmarikTdl4Cleaner - which also says there is no infection
MBRcheck - which tells me my MBR Code is faked
and aswMBR - which gives the following log:

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-07 21:36:06
-----------------------------
21:36:06.691    OS Version: Windows x64 6.1.7601 Service Pack 1
21:36:06.691    Number of processors: 2 586 0x170A
21:36:06.691    ComputerName: SEAN-PC  UserName: Sean
21:36:07.684    Initialize success
21:36:09.661    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3
21:36:09.663    Disk 0 Vendor: SAMSUNG_HD502IJ 1AA01113 Size: 476938MB BusType: 3
21:36:09.672    Disk 0 MBR read successfully
21:36:09.674    Disk 0 MBR scan
21:36:09.676    Disk 0 Windows 7 default MBR code
21:36:09.678    Disk 0 MBR hidden
21:36:09.681    Service scanning
21:36:10.740    Modules scanning
21:36:10.743    Disk 0 trace - called modules:
21:36:10.757    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa800494e334]<<
21:36:10.760    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80049345e0]
21:36:10.763    3 CLASSPNP.SYS[fffff8800161743f] -> nt!IofCallDriver -> [0xfffffa8004516520]
21:36:10.766    5 ACPI.sys[fffff88000eee7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-3[0xfffffa8004505060]
21:36:10.770    \Driver\atapi[0xfffffa8004493d00] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa800494e334
21:36:10.778    Scan finished successfully
21:36:18.283    Disk 0 MBR has been saved successfully to "C:\Users\Sean\Desktop\MBR.dat"
21:36:18.290    The log file has been saved successfully to "C:\Users\Sean\Desktop\aswMBR.txt"

Any help on this subject will be greatly appreciated. I also plan to reinstall windows after removing this infection and backing up all my files onto my HDD, will I be able to do that without the worry that this virus will transfer over?

Cheers in advance, here is the OTL log:

OTL logfile created on: 07/11/2011 21:24:50 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Sean\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.44 Gb Available Physical Memory | 61.07% Memory free
7.99 Gb Paging File | 6.29 Gb Available in Paging File | 78.72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 128.69 Gb Free Space | 27.64% Space Free | Partition Type: NTFS
Drive E: | 3.00 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: SEAN-PC | User Name: Sean | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/07 21:24:15 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Sean\Downloads\OTL.exe
PRC - [2011/10/01 11:19:07 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/08/09 20:39:22 | 000,974,944 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
PRC - [2011/07/28 23:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/02/18 10:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2007/04/13 06:49:00 | 000,101,528 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
PRC - [2006/11/03 11:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\Pac207\Monitor.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/18 19:37:15 | 008,522,400 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/10/01 11:19:07 | 001,833,944 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/07/28 23:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 23:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/01/21 00:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/09 19:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/08/09 20:39:22 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2011/06/28 16:09:26 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 01:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/04/13 06:49:00 | 000,101,528 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/11/07 17:47:02 | 000,287,304 | ---- | M] (BitDefender S.R.L.) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TrufosAlt.sys -- (TrufosAlt)
DRV:64bit: - [2011/08/09 12:57:12 | 000,202,576 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2011/08/04 08:20:38 | 000,187,632 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
DRV:64bit: - [2011/08/04 08:20:38 | 000,146,432 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2011/08/04 08:20:38 | 000,062,496 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:64bit: - [2011/08/04 08:20:38 | 000,038,288 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EpfwLWF.sys -- (EpfwLWF)
DRV:64bit: - [2011/08/01 14:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/06/28 16:09:31 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/06/28 16:08:56 | 000,114,704 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/06/28 16:08:50 | 009,359,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011/06/28 16:08:50 | 009,359,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 13:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 11:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 11:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/07/13 00:36:47 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 00:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/02/24 17:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2009/01/09 16:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2008/06/27 07:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2007/04/04 12:43:16 | 000,130,312 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s716unic.sys -- (s716unic) Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM)
DRV:64bit: - [2007/04/04 12:43:14 | 000,031,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s716nd5.sys -- (s716nd5) Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS)
DRV:64bit: - [2007/04/04 12:43:12 | 000,144,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s716mdm.sys -- (s716mdm)
DRV:64bit: - [2007/04/04 12:43:10 | 000,019,720 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s716mdfl.sys -- (s716mdfl)
DRV:64bit: - [2007/04/04 12:43:08 | 000,108,296 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s716bus.sys -- (s716bus) Sony Ericsson Device 716 driver (WDM)
DRV:64bit: - [2006/12/05 11:34:26 | 000,572,416 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PFC027.SYS -- (PAC207)
DRV - [2009/11/12 23:13:16 | 000,020,544 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2006/07/24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 17 73 F2 00 B6 9C CC 01 [binary data]
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========



FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\Sean\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Sean\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Sean\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sean\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sean\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD [2011/09/17 00:29:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/10/25 00:30:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/03 19:29:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/03 19:29:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2011/09/17 00:29:35 | 000,000,000 | ---D | M]

[2011/02/08 20:04:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sean\AppData\Roaming\Mozilla\Extensions
[2010/11/03 15:26:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sean\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/07/25 17:48:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/05/16 11:11:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/10/01 11:19:07 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/04/12 16:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 08:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2010/01/01 08:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010/01/01 08:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2010/01/01 08:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2010/01/01 08:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/01/27 14:00:57 | 000,001,211 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
O1 - Hosts: 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AgVQVkFpNfmITWf.exe] C:\ProgramData\AgVQVkFpNfmITWf.exe File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKCU..\Run: [{D147FE78-5352-83E7-9C88-20FD4C1739B2}] C:\Users\Sean\AppData\Roaming\Voosyxy\buuximy.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6A7B0504-F0F0-4EBB-BEE3-D408FECBEC54}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7D9EAEF9-5D69-4CD1-9A39-75086DB7AC2E}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7D9EAEF9-5D69-4CD1-9A39-75086DB7AC2E}: NameServer = 8.26.56.26,156.154.70.22
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/14 09:29:38 | 000,000,122 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{57261861-cfa1-11de-851e-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{57261861-cfa1-11de-851e-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe -- [2009/07/14 09:29:38 | 000,106,760 | R--- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/07 19:31:05 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Sean\Desktop\dds.scr
[2011/11/07 19:28:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/07 19:28:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/11/07 18:08:10 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2011/11/07 17:32:21 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\COMODO
[2011/11/07 17:15:00 | 000,287,304 | ---- | C] (BitDefender S.R.L.) -- C:\Windows\SysNative\drivers\TrufosAlt.sys
[2011/11/07 17:09:14 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{39CD8EA0-2454-4FAA-9A36-7A149A3F67BC}
[2011/11/07 17:09:00 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{F9755E9C-6534-47D4-A3A9-AF853453046B}
[2011/11/07 16:47:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo Downloader
[2011/11/07 16:36:44 | 000,000,000 | ---D | C] -- C:\Users\Sean\Desktop\kill
[2011/11/07 16:35:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/11/07 16:04:58 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Roaming\Voosyxy
[2011/11/07 16:04:58 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Roaming\Oqqoo
[2011/11/06 19:08:47 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/11/04 19:28:33 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Roaming\Malwarebytes
[2011/11/04 19:26:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/03 19:29:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/10/28 14:40:03 | 000,000,000 | ---D | C] -- C:\Users\Sean\Desktop\APPS
[2011/10/26 23:37:13 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{400463C3-B714-4FF4-BCE2-D0B3930D00D8}
[2011/10/26 23:36:57 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{7926138F-C99A-4C8F-93D7-789DA48EC004}
[2011/10/25 14:11:18 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{FBA62121-B086-431B-AFB4-DDBA2B28D157}
[2011/10/25 14:11:07 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{A5606872-DAF6-4D93-BE16-FA7D7AA9A0AD}
[2011/10/24 14:16:13 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{586BF1B2-94CF-4850-8991-74BBA6E94396}
[2011/10/24 14:16:01 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{E8D0C3BC-4A6F-44AE-89DE-FC112AA48D89}
[2011/10/23 15:34:56 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{32D670F4-C4CE-4D97-A6A9-B647BA2F8393}
[2011/10/23 15:34:44 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{ED1209DA-0196-4132-92FE-4C62357E7E8D}
[2011/10/20 20:23:05 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{82758FED-7DA1-488F-9C5D-1421798BAC57}
[2011/10/19 19:49:29 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{2599B1E1-7D02-4DF8-8B2C-A7D8A11DB24E}
[2011/10/19 19:49:15 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{CDEF2DCF-75C5-4ED7-BD5F-19816251C887}
[2011/10/18 23:09:36 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{05A1313A-2ACE-408A-B018-F60D5DF27312}
[2011/10/18 23:09:24 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{F8E1A08D-AA89-4F85-BAFA-59D01CA9776C}
[2011/10/16 11:57:12 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{E25CC965-FB50-41D3-B3C2-3C8F2D3DE19A}
[2011/10/16 11:57:00 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{E6B11D15-CA3F-41E3-B425-8E7542B79D09}
[2011/10/15 21:02:14 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{A9A677E3-372E-460F-A99A-B0DDAE5FFD72}
[2011/10/15 21:02:02 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{5D22FA4F-F7F7-4AF1-874D-EE0E171BE2A9}
[2011/10/15 12:17:07 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Roaming\BUFFALO
[2011/10/15 12:16:34 | 000,000,000 | ---D | C] -- C:\Program Files\BUFFALO
[2011/10/15 12:16:30 | 000,456,056 | ---- | C] (BUFFALO INC.) -- C:\Windows\UN091222.EXE
[2011/10/15 12:16:28 | 000,456,056 | ---- | C] (BUFFALO INC.) -- C:\Windows\UN091114.EXE
[2011/10/15 12:16:25 | 000,456,056 | ---- | C] (BUFFALO INC.) -- C:\Windows\UN091111.EXE
[2011/10/15 12:16:23 | 000,456,056 | ---- | C] (BUFFALO INC.) -- C:\Windows\UN091201.EXE
[2011/10/15 12:16:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BUFFALO
[2011/10/12 19:50:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/10/12 19:49:55 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/10/12 19:49:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/10/12 19:49:55 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/10/12 19:47:18 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/10/12 19:47:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/10/10 18:14:24 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{8A40EB5F-5C4C-4DB7-BC73-3EF2C7303FC5}
[2011/10/10 18:14:12 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{92B1AD55-19D9-4EEA-B692-EF9C30E19BEF}
[2010/07/13 00:36:47 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Sean\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2011/11/07 21:23:12 | 000,020,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/07 21:23:12 | 000,020,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/07 21:15:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/07 21:15:51 | 3219,890,176 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/07 20:52:14 | 000,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml
[2011/11/07 20:52:14 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2011/11/07 20:06:01 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4108230135-737405117-301441030-1000UA.job
[2011/11/07 19:31:03 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Sean\Desktop\dds.scr
[2011/11/07 19:26:13 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
[2011/11/07 19:08:06 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4108230135-737405117-301441030-1000UA.job
[2011/11/07 19:07:36 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4108230135-737405117-301441030-1000Core.job
[2011/11/07 18:08:10 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2011/11/07 17:58:04 | 000,025,160 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011/11/07 17:47:02 | 000,287,304 | ---- | M] (BitDefender S.R.L.) -- C:\Windows\SysNative\drivers\TrufosAlt.sys
[2011/11/06 21:00:00 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\At1.job
[2011/11/06 19:11:26 | 001,804,954 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2011/11/04 23:52:38 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/04 23:52:38 | 000,628,024 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/04 23:52:38 | 000,110,208 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/10/29 12:08:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4108230135-737405117-301441030-1000Core.job
[2011/10/18 09:12:16 | 004,998,568 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2011/11/07 17:13:59 | 000,025,160 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011/11/07 16:53:01 | 001,474,832 | ---- | C] () -- C:\Windows\SysNative\drivers\sfi.dat
[2011/11/06 23:18:45 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/11/06 23:18:45 | 000,002,446 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2011/11/06 23:18:45 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011/11/06 23:18:45 | 000,001,837 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
[2011/11/06 23:18:45 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2011/11/06 23:18:45 | 000,001,418 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2011/11/06 23:18:45 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011/11/06 23:18:45 | 000,001,334 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2011/11/06 23:18:45 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2011/11/06 23:18:45 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011/11/06 23:18:45 | 000,001,265 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2011/11/06 23:18:45 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2011/11/06 23:18:45 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2011/11/06 23:18:45 | 000,001,167 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Fireworks CS5.lnk
[2011/11/06 23:18:45 | 000,001,116 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity 1.3 Beta (Unicode).lnk
[2011/11/06 23:18:45 | 000,001,106 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/11/06 19:11:07 | 001,804,954 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2011/06/16 12:55:31 | 000,000,218 | ---- | C] () -- C:\Users\Sean\AppData\Local\recently-used.xbel
[2011/05/24 22:44:26 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/05/13 20:29:45 | 000,001,456 | ---- | C] () -- C:\Users\Sean\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/04/07 12:57:04 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/03/17 16:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/12/09 22:33:05 | 000,000,056 | ---- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/10/11 16:09:47 | 000,000,132 | ---- | C] () -- C:\Users\Sean\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/07/13 00:36:47 | 000,099,384 | ---- | C] () -- C:\Users\Sean\AppData\Roaming\inst.exe
[2010/07/13 00:36:47 | 000,007,859 | ---- | C] () -- C:\Users\Sean\AppData\Roaming\pcouffin.cat
[2010/07/13 00:36:47 | 000,001,167 | ---- | C] () -- C:\Users\Sean\AppData\Roaming\pcouffin.inf
[2010/07/13 00:36:00 | 000,001,041 | ---- | C] () -- C:\Users\Sean\AppData\Roaming\vso_ts_preview.xml
[2010/04/19 17:55:18 | 000,000,424 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2010/01/21 22:22:37 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\otopapi.sys
[2010/01/21 22:22:37 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\jeibapi.sys
[2010/01/11 22:24:21 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2010/01/11 22:20:26 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2009/12/25 04:05:13 | 000,035,328 | ---- | C] () -- C:\Users\Sean\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/25 03:30:35 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2009/11/12 22:33:27 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2009/11/12 15:40:05 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/07/14 05:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 02:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 02:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 00:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 23:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 21:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 21:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2007/06/21 06:34:08 | 000,203,328 | R--- | C] () -- C:\Windows\GSetup.exe
[2006/11/02 09:27:46 | 000,000,518 | ---- | C] () -- C:\Windows\SysWow64\SP207.INI

========== LOP Check ==========

[2011/09/09 19:35:46 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\.minecraft
[2010/07/19 16:14:02 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\Ableton
[2011/10/27 15:06:59 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\Audacity
[2011/10/15 12:17:07 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\BUFFALO
[2010/05/10 16:13:30 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\Cakewalk
[2010/04/19 18:02:02 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\Canon
[2011/03/31 14:08:15 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/09/10 12:33:34 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\ESET
[2011/11/07 18:01:41 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\Facebook
[2010/04/23 17:31:36 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\Hardcore
[2011/07/25 23:59:15 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\ImgBurn
[2010/04/23 17:36:20 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\Juce VST Host
[2010/01/20 21:35:27 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\nod32 updater
[2011/11/07 17:26:23 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\Oqqoo
[2011/02/16 19:53:44 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\Propellerhead Software
[2010/07/11 22:35:49 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\Qayvvi
[2011/02/10 00:08:03 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\REAPER
[2010/11/14 00:38:22 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\Research In Motion
[2010/01/12 00:58:17 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\Samsung
[2010/04/23 17:36:34 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\Sawer
[2010/04/19 17:55:10 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\ScanSoft
[2010/07/14 01:32:33 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\Soldat
[2011/06/16 12:53:43 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\SoundSpectrum
[2011/05/16 13:05:56 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/11/03 15:26:00 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\TomTom
[2011/11/01 00:49:23 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\uTorrent
[2011/11/07 17:48:59 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\Voosyxy
[2010/12/01 15:50:58 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\Windows Live Writer
[2010/07/12 23:33:02 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\Xilisoft
[2011/11/06 21:00:00 | 000,000,378 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2011/10/29 12:08:00 | 000,000,900 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4108230135-737405117-301441030-1000Core.job
[2011/11/07 19:08:06 | 000,000,922 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4108230135-737405117-301441030-1000UA.job
[2011/10/04 06:31:06 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP