Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Virus or Malware Problem

Started by seeph , Nov 15 2011 12:23 PM

  • Please log in to reply

#1
seeph
Posted 15 November 2011 - 12:23 PM

seeph

    New Member

  • Member
  • Pip
  • 1 posts
after extracting a file on my computer everything started moving very slow and it completely shut down my ability to run norton antivirus in both normal mode and safe mode. initially i saw a process running i did not normally see (atieclxx.exe) and after some research, found it may be what is causing my problem and removed it without resolution. i was able to download a few other antivirus programs (avast, avira) and neither have been able to get results but he virus seems to shut down the antivirus' ability to connect to their update server. also, over time google chrome and firefox will no longer connect to the internet, and now internet explorer is the only browser i can view webpages yet. I have tried to reinstall chrome to no resolution. I have also run malware bytes but it does not seem to find anything. i was able to do a manual update for malware bytes (11/9/10) but does not seem to find anything. I tried to run the scan in safe mode but after contracting the virus my monitor will go into power saving mode while in safe mode after about 10 minutes regardless of wether or not there is activity and power saving mode is turned off. so far i have not met a virus i have not been able to move but this one has got me stumped. any help will be greatly appreciated. thanks!



OTL logfile created on: 11/15/2011 1:05:25 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\seeph\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.99 Gb Total Physical Memory | 5.34 Gb Available Physical Memory | 66.88% Memory free
15.98 Gb Paging File | 13.20 Gb Available in Paging File | 82.61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 604.48 Gb Free Space | 64.90% Space Free | Partition Type: NTFS
Drive D: | 692.63 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: SEEPH-PC | User Name: seeph | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/15 13:05:11 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\seeph\Desktop\OTL.exe
PRC - [2011/10/21 18:30:20 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/10/19 16:56:36 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011/10/19 16:56:24 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/10/19 16:56:24 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/10/04 23:40:30 | 000,092,848 | ---- | M] (Binary Fortress Software) -- C:\Program Files (x86)\DisplayFusion\DisplayFusionHookx86.exe
PRC - [2009/09/25 21:59:18 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009/06/17 12:49:44 | 000,616,408 | ---- | M] () -- C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/07 22:02:56 | 000,420,920 | ---- | M] () -- C:\Users\seeph\AppData\Local\Google\Chrome\Application\15.0.874.120\ppgooglenaclpluginchrome.dll
MOD - [2011/11/07 22:02:55 | 003,702,840 | ---- | M] () -- C:\Users\seeph\AppData\Local\Google\Chrome\Application\15.0.874.120\pdf.dll
MOD - [2011/11/07 22:01:20 | 000,122,952 | ---- | M] () -- C:\Users\seeph\AppData\Local\Google\Chrome\Application\15.0.874.120\avutil-51.dll
MOD - [2011/11/07 22:01:19 | 000,222,280 | ---- | M] () -- C:\Users\seeph\AppData\Local\Google\Chrome\Application\15.0.874.120\avformat-53.dll
MOD - [2011/11/07 22:01:17 | 001,746,504 | ---- | M] () -- C:\Users\seeph\AppData\Local\Google\Chrome\Application\15.0.874.120\avcodec-53.dll
MOD - [2010/01/21 00:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/09 19:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/01/01 21:20:50 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/06/04 15:48:20 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2011/11/06 20:41:29 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/10/21 18:30:20 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/10/19 16:56:36 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/10/19 16:56:24 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/10/11 20:34:47 | 000,117,648 | R--- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Norton Security Suite\Engine\3.8.3.6\ccSvcHst.exe -- (N360)
SRV - [2010/09/30 10:23:48 | 000,023,680 | ---- | M] (Hi-Rez Studios) [Auto | Running] -- C:\Games\HiPatchService.exe -- (HiPatchService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/20 10:55:20 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/06/17 12:49:44 | 000,616,408 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe -- (AntiSpywareService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/10/19 16:56:50 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011/10/19 16:56:49 | 000,130,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/10/19 16:56:49 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/10/11 20:34:47 | 000,561,800 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0308030.006\cchpx64.sys -- (ccHP)
DRV:64bit: - [2011/10/11 20:34:47 | 000,279,160 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0308030.006\symtdi.sys -- (SYMTDI)
DRV:64bit: - [2011/10/11 20:34:47 | 000,120,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0308030.006\symfw.sys -- (SYMFW)
DRV:64bit: - [2011/10/11 20:34:47 | 000,056,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0308030.006\symndisv.sys -- (SYMNDISV)
DRV:64bit: - [2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/01/01 21:20:35 | 000,289,792 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/01/01 21:20:29 | 008,120,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/11/17 07:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/04/19 19:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/04/05 18:12:06 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/03/23 08:18:00 | 000,172,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2010/03/23 08:17:54 | 000,476,720 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0308030.006\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2010/03/23 08:17:54 | 000,402,992 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0308030.006\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2010/03/23 08:17:54 | 000,334,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0308030.006\BHDrvx64.sys -- (BHDrvx64)
DRV:64bit: - [2010/03/23 08:17:54 | 000,034,152 | R--- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2010/03/23 08:17:54 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0308030.006\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2010/03/23 08:17:54 | 000,031,280 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SymIMV.sys -- (SymIM)
DRV:64bit: - [2010/01/28 09:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/09/28 08:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/09/25 21:58:32 | 000,178,688 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2009/09/25 21:58:24 | 000,073,728 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009/07/15 22:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/14 13:14:16 | 000,097,056 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/05/14 13:14:14 | 000,131,360 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/05/14 13:14:10 | 000,019,872 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/04/07 18:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV - [2011/11/08 04:00:00 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011/11/08 04:00:00 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/08/22 23:17:32 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20111107.032\IDSviA64.sys -- (IDSVia64)
DRV - [2011/08/04 03:00:00 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20111108.035\EX64.SYS -- (NAVEX15)
DRV - [2011/08/04 03:00:00 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20111108.035\ENG64.SYS -- (NAVENG)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9B 75 EE 20 34 CA CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://www.bing.com/...form=ZGAADF&q="

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.96.0: C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\seeph\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\seeph\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\seeph\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\seeph\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2011/11/09 14:54:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/11/01 10:57:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/14 00:14:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/03/28 08:52:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\seeph\AppData\Roaming\Move Networks [2011/01/16 17:59:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/11/01 10:57:34 | 000,000,000 | ---D | M]

[2011/03/28 12:19:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\seeph\AppData\Roaming\Mozilla\Extensions
[2011/03/28 08:51:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\seeph\AppData\Roaming\Mozilla\Firefox\Profiles\kpcymgjv.default\extensions
[2011/03/28 08:53:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\seeph\AppData\Roaming\Mozilla\Firefox\Profiles\kpcymgjv.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2011/11/11 19:19:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\seeph\AppData\Roaming\Mozilla\Firefox\Profiles\nv45pa3b.default\extensions
[2011/11/14 00:14:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/12/06 00:23:52 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/11/14 00:14:05 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/02/02 20:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/09 15:51:22 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/14 00:14:05 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\seeph\AppData\Local\Google\Chrome\Application\15.0.874.120\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\seeph\AppData\Local\Google\Chrome\Application\15.0.874.120\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\seeph\AppData\Local\Google\Chrome\Application\15.0.874.120\pdf.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\seeph\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\seeph\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\seeph\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Skype Extension = C:\Users\seeph\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.0.0.6778_0\

O1 HOSTS File: ([2011/11/09 22:41:21 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\3.8.0.41\coIEPlg.dll File not found
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\3.8.0.41\IPSBHO.DLL File not found
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Updater For XFIN_PORTAL) - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files (x86)\xfin_portal\auxi\comcastAu.dll File not found
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\3.8.0.41\coIEPlg.dll File not found
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\3.8.0.41\coIEPlg.dll File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKCU..\Run: [DisplayFusion] C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe (Binary Fortress Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.syste...ri_4.1.72.0.cab (SysInfo Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23E3D4E2-FA5B-41A8-8D42-8D9F91860ACB}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C25CD87A-EB61-4CCC-9484-B45E4955FFFE}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\symres - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Security Suite\Engine\3.8.0.41\coIEPlg.dll File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/15 13:05:06 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\seeph\Desktop\OTL.exe
[2011/11/15 12:22:56 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/11/15 12:10:26 | 000,000,000 | ---D | C] -- C:\MGtools
[2011/11/13 21:04:43 | 000,000,000 | ---D | C] -- C:\Users\seeph\AppData\Roaming\Avira
[2011/11/13 21:01:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011/11/13 21:01:37 | 000,130,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011/11/13 21:01:37 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011/11/13 21:01:37 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2011/11/13 21:01:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011/11/13 21:01:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2011/11/13 20:55:26 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/11/13 20:48:54 | 000,000,000 | ---D | C] -- C:\Users\seeph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/11/09 23:42:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/11/09 23:42:32 | 000,000,000 | ---D | C] -- C:\Users\seeph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/11/09 22:42:45 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/11/09 22:34:35 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/11/09 22:34:35 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/11/09 22:34:35 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/11/09 22:34:03 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/11/09 22:33:51 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/09 22:33:40 | 004,287,205 | R--- | C] (Swearware) -- C:\Users\seeph\Desktop\ComboFix.exe
[2011/11/09 22:31:28 | 000,607,017 | R--- | C] (Swearware) -- C:\Users\seeph\Desktop\dds.pif
[2011/11/09 16:01:10 | 000,254,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/11/09 16:01:03 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/11/09 16:01:03 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/11/09 15:57:50 | 000,000,000 | ---D | C] -- C:\ProgramData\IsolatedStorage
[2011/11/09 15:57:50 | 000,000,000 | ---D | C] -- C:\Users\seeph\AppData\Local\ID Vault
[2011/11/09 15:57:40 | 000,000,000 | ---D | C] -- C:\Users\seeph\AppData\Roaming\ID Vault
[2011/11/09 15:52:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\scanner
[2011/11/09 15:52:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\comcasttb
[2011/11/09 15:52:48 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2011/11/09 15:52:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Constant Guard Protection Suite
[2011/11/09 15:52:11 | 000,000,000 | ---D | C] -- C:\ProgramData\White Sky, Inc
[2011/11/09 15:03:35 | 000,000,000 | ---D | C] -- C:\Users\seeph\AppData\Roaming\Malwarebytes
[2011/11/09 15:03:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/09 15:03:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/09 15:03:28 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/11/09 15:03:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/11/08 09:02:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DisplayFusion
[2011/11/08 09:02:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DisplayFusion
[2011/11/04 18:03:53 | 000,000,000 | ---D | C] -- C:\Users\seeph\Desktop\skyrim good
[2011/11/04 17:52:34 | 000,000,000 | ---D | C] -- C:\Users\seeph\Desktop\skyrimconverted
[2011/11/04 17:49:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free FLAC to MP3 Converter
[2011/11/04 17:45:02 | 000,000,000 | ---D | C] -- C:\tmp
[2011/11/04 17:43:30 | 000,000,000 | ---D | C] -- C:\delete
[2011/11/04 17:30:45 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/11/01 11:00:44 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG
[2011/11/01 11:00:37 | 000,000,000 | ---D | C] -- C:\Users\seeph\AppData\Roaming\HP
[2011/11/01 11:00:08 | 000,000,000 | ---D | C] -- C:\Users\seeph\AppData\Local\HP
[2011/11/01 10:59:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
[2011/11/01 10:57:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2011/11/01 10:57:51 | 000,000,000 | ---D | C] -- C:\Users\seeph\AppData\Roaming\Yahoo!
[2011/11/01 10:57:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[2011/11/01 10:55:55 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
[2011/11/01 10:55:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2011/11/01 10:55:36 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
[2011/11/01 10:54:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\HP
[2011/11/01 10:54:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Hewlett-Packard
[2011/11/01 10:53:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2011/11/01 10:53:13 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/11/01 10:52:52 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2011/11/01 10:52:04 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2011/10/25 21:06:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/10/25 09:52:33 | 000,000,000 | ---D | C] -- C:\Users\seeph\AppData\Local\Broadcom
[2011/10/25 09:52:33 | 000,000,000 | ---D | C] -- C:\Users\seeph\Documents\Bluetooth Exchange Folder
[2011/10/25 09:50:55 | 000,000,000 | ---D | C] -- C:\Program Files\WIDCOMM
[2011/10/24 23:19:12 | 000,000,000 | ---D | C] -- C:\Users\seeph\Documents\Battlefield 3
[2011/10/21 18:30:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/15 13:05:11 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\seeph\Desktop\OTL.exe
[2011/11/15 13:03:49 | 000,084,147 | ---- | M] () -- C:\Users\seeph\Desktop\hghgfdhg.htm
[2011/11/15 12:55:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3246993063-2206096385-299410362-1001UA.job
[2011/11/15 12:51:11 | 000,784,344 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/15 12:51:11 | 000,663,722 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/15 12:51:11 | 000,122,452 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/15 12:46:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/15 12:45:50 | 2140,491,775 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/15 12:37:30 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/11/15 12:21:10 | 000,014,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/15 12:21:10 | 000,014,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/14 21:38:11 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3246993063-2206096385-299410362-1001Core.job
[2011/11/14 00:14:14 | 000,002,048 | ---- | M] () -- C:\Users\seeph\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/11/13 22:13:46 | 001,120,652 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0308030.006\Cat.DB
[2011/11/13 21:01:51 | 000,002,066 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011/11/13 20:49:01 | 000,002,312 | ---- | M] () -- C:\Users\seeph\Desktop\Google Chrome.lnk
[2011/11/12 20:13:37 | 660,654,016 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/11/09 23:42:32 | 000,002,975 | ---- | M] () -- C:\Users\seeph\Desktop\HiJackThis.lnk
[2011/11/09 22:41:21 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/11/09 22:34:09 | 004,287,205 | R--- | M] (Swearware) -- C:\Users\seeph\Desktop\ComboFix.exe
[2011/11/09 22:31:28 | 000,607,017 | R--- | M] (Swearware) -- C:\Users\seeph\Desktop\dds.pif
[2011/11/09 16:01:10 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/11/09 15:06:18 | 001,402,880 | ---- | M] () -- C:\Users\seeph\Desktop\HijackThis.msi
[2011/11/09 15:03:31 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/09 14:54:11 | 000,002,498 | ---- | M] () -- C:\Users\Public\Desktop\Norton Security Suite.lnk
[2011/11/09 14:53:37 | 000,417,440 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/11/06 20:30:40 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0308030.006\isolate.ini
[2011/11/05 17:50:16 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2011/11/05 17:50:16 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/11/05 17:40:54 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2011/11/04 16:58:30 | 000,000,095 | ---- | M] () -- C:\Users\seeph\Desktop\AVG justin.url
[2011/11/01 11:00:37 | 000,211,043 | ---- | M] () -- C:\Windows\hpoins21.dat
[2011/10/31 20:41:33 | 000,000,860 | ---- | M] () -- C:\Windows\SysWow64\unknown_mini_AF95E6FD2A09425DBE7DF5FB2A6B579B.7z
[2011/10/27 20:19:17 | 000,002,397 | ---- | M] () -- C:\Users\seeph\Desktop\Chrome.lnk
[2011/10/25 21:06:04 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/10/21 18:30:53 | 000,001,170 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 3.lnk
[2011/10/21 18:30:20 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/10/20 22:39:14 | 000,000,684 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk
[2011/10/19 16:56:50 | 000,027,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2011/10/19 16:56:49 | 000,130,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011/10/19 16:56:49 | 000,097,312 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/15 13:03:47 | 000,084,147 | ---- | C] () -- C:\Users\seeph\Desktop\hghgfdhg.htm
[2011/11/13 21:01:51 | 000,002,066 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011/11/13 20:49:01 | 000,002,312 | ---- | C] () -- C:\Users\seeph\Desktop\Google Chrome.lnk
[2011/11/09 23:42:32 | 000,002,975 | ---- | C] () -- C:\Users\seeph\Desktop\HiJackThis.lnk
[2011/11/09 22:34:35 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/09 22:34:35 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/09 22:34:35 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/09 22:34:35 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/09 22:34:35 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/09 16:01:10 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2011/11/09 15:06:14 | 001,402,880 | ---- | C] () -- C:\Users\seeph\Desktop\HijackThis.msi
[2011/11/09 15:03:31 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/09 14:58:42 | 000,001,085 | ---- | C] () -- C:\Users\seeph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DisplayFusion.lnk
[2011/11/09 14:54:11 | 000,002,498 | ---- | C] () -- C:\Users\Public\Desktop\Norton Security Suite.lnk
[2011/11/08 09:24:12 | 000,001,939 | ---- | C] () -- C:\Users\seeph\Desktop\Firefox.lnk
[2011/11/08 09:21:29 | 000,002,397 | ---- | C] () -- C:\Users\seeph\Desktop\Chrome.lnk
[2011/11/04 16:58:30 | 000,000,095 | ---- | C] () -- C:\Users\seeph\Desktop\AVG justin.url
[2011/11/01 10:57:12 | 000,001,054 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
[2011/11/01 10:52:19 | 000,211,043 | ---- | C] () -- C:\Windows\hpoins21.dat
[2011/11/01 10:52:19 | 000,005,474 | ---- | C] () -- C:\Windows\hpomdl21.dat
[2011/10/31 20:41:33 | 000,000,860 | ---- | C] () -- C:\Windows\SysWow64\unknown_mini_AF95E6FD2A09425DBE7DF5FB2A6B579B.7z
[2011/10/25 21:06:04 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/10/21 18:30:53 | 000,001,170 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 3.lnk
[2011/08/24 19:19:10 | 000,056,320 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011/06/27 15:23:20 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/05/18 16:09:30 | 000,001,940 | ---- | C] () -- C:\Users\seeph\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/05/04 13:41:56 | 000,778,156 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/03/24 19:39:43 | 000,000,600 | ---- | C] () -- C:\Users\seeph\AppData\Local\PUTTY.RND
[2011/01/01 21:20:23 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/12/06 00:24:41 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/05/04 22:08:49 | 000,000,362 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/03/24 23:09:46 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/03/24 23:09:44 | 000,794,408 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2010/03/24 23:09:44 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/03/22 23:08:51 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/03/22 21:39:19 | 000,035,053 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2010/03/22 21:38:45 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010/03/22 21:38:40 | 000,024,193 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:22:31 | 000,209,920 | ---- | C] () -- C:\Windows\SysWow64\PkgMgr.exe
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/04/02 07:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS

========== LOP Check ==========

[2011/04/23 22:06:44 | 000,000,000 | ---D | M] -- C:\Users\seeph\AppData\Roaming\.minecraft
[2010/03/23 09:44:26 | 000,000,000 | ---D | M] -- C:\Users\seeph\AppData\Roaming\acccore
[2010/04/05 19:02:56 | 000,000,000 | ---D | M] -- C:\Users\seeph\AppData\Roaming\DAEMON Tools Lite
[2011/05/16 11:56:40 | 000,000,000 | ---D | M] -- C:\Users\seeph\AppData\Roaming\Guitar Pro 6
[2011/02/22 09:55:16 | 000,000,000 | ---D | M] -- C:\Users\seeph\AppData\Roaming\Hi-Rez Studios
[2011/11/12 22:46:22 | 000,000,000 | ---D | M] -- C:\Users\seeph\AppData\Roaming\ID Vault
[2010/09/27 22:07:41 | 000,000,000 | ---D | M] -- C:\Users\seeph\AppData\Roaming\JCreator
[2011/08/09 15:56:47 | 000,000,000 | ---D | M] -- C:\Users\seeph\AppData\Roaming\LolClient
[2011/10/19 15:30:17 | 000,000,000 | ---D | M] -- C:\Users\seeph\AppData\Roaming\Origin
[2011/02/11 00:56:51 | 000,000,000 | ---D | M] -- C:\Users\seeph\AppData\Roaming\Unity
[2011/11/13 22:31:27 | 000,000,000 | ---D | M] -- C:\Users\seeph\AppData\Roaming\uTorrent
[2010/12/06 01:47:21 | 000,000,000 | ---D | M] -- C:\Users\seeph\AppData\Roaming\WhiteSmokeSetup
[2010/12/06 01:49:06 | 000,000,000 | ---D | M] -- C:\Users\seeph\AppData\Roaming\WhiteSmokeTranslator
[2011/06/13 16:14:06 | 000,032,538 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP