Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Bloodhound.SONAR.1 Detection [Solved]


  • This topic is locked This topic is locked

#1
Devonasa

Devonasa

    Member

  • Member
  • PipPip
  • 37 posts
Hi, my Symantec keeps popping up with a "Bloodhound.SONAR.1 Detection" notice. Even when I run the scan and "remove risks", it never truly leaves, I'm finding Symantec to be rather useless these days. I hope you guys can help me get rid of it. My system seems to also be lagging, I don't know if that has to do with whatever this Bloodhound thing is, but its definitely been slower than usual.

Thanks for taking the time to help me out!

Here is my OTL Log

OTL logfile created on: 12/23/2011 7:01:09 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Devonasa\Videos
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.38 Mb Total Physical Memory | 112.13 Mb Available Physical Memory | 11.06% Memory free
2.56 Gb Paging File | 0.44 Gb Available in Paging File | 17.13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 101.64 Gb Total Space | 24.41 Gb Free Space | 24.02% Space Free | Partition Type: NTFS
Drive D: | 10.15 Gb Total Space | 0.09 Gb Free Space | 0.89% Space Free | Partition Type: NTFS

Computer Name: DEVONASA-PC | User Name: Devonasa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/23 19:00:38 | 000,016,896 | ---- | M] () -- C:\Windows\system\svchost.exe
PRC - [2011/12/23 18:58:45 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Devonasa\Videos\OTL.exe
PRC - [2011/11/23 22:08:18 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/11/15 20:49:32 | 004,062,720 | ---- | M] () -- C:\Program Files\SoMud\somud.exe
PRC - [2011/11/10 04:17:04 | 003,514,176 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2011/09/26 12:34:16 | 000,296,088 | ---- | M] (Impulse Point, LLC) -- C:\Program Files\SafeConnect\SCClient.exe
PRC - [2011/09/26 12:34:08 | 000,175,968 | ---- | M] (Impulse Point, LLC) -- C:\Program Files\SafeConnect\scManager.sys
PRC - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/03/15 16:59:32 | 000,312,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2010/10/29 14:00:00 | 000,612,168 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2009/12/16 15:44:36 | 003,750,400 | ---- | M] (SafeNet Inc.) -- C:\Windows\System32\hasplms.exe
PRC - [2009/09/17 17:56:58 | 002,477,304 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2009/09/17 17:48:36 | 000,181,616 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SavUI.exe
PRC - [2009/09/17 17:38:02 | 001,864,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2009/09/17 17:27:26 | 001,455,432 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2009/07/08 19:14:40 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2009/07/08 19:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2006/11/15 21:03:36 | 000,109,344 | ---- | M] (Logitech Inc.) -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
PRC - [2006/11/15 21:01:52 | 000,244,512 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
PRC - [2006/11/15 20:58:40 | 000,746,520 | ---- | M] () -- C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
PRC - [2006/11/15 20:57:20 | 000,171,544 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
PRC - [2006/10/31 00:03:48 | 000,284,184 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/23 22:08:13 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/11/23 22:04:31 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011/11/15 20:49:32 | 004,062,720 | ---- | M] () -- C:\Program Files\SoMud\somud.exe
MOD - [2011/10/13 12:39:47 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
MOD - [2011/10/13 12:33:16 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011/10/13 12:31:38 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011/10/07 21:40:40 | 000,028,672 | ---- | M] () -- C:\Program Files\SoMud\imageformats\qico4.dll
MOD - [2011/10/07 21:40:38 | 000,284,672 | ---- | M] () -- C:\Program Files\SoMud\imageformats\qtiff4.dll
MOD - [2011/10/07 21:40:30 | 000,220,672 | ---- | M] () -- C:\Program Files\SoMud\imageformats\qmng4.dll
MOD - [2011/10/07 21:40:24 | 000,026,624 | ---- | M] () -- C:\Program Files\SoMud\imageformats\qgif4.dll
MOD - [2011/10/07 21:40:20 | 000,196,608 | ---- | M] () -- C:\Program Files\SoMud\imageformats\qjpeg4.dll
MOD - [2011/10/07 21:40:14 | 000,077,824 | ---- | M] () -- C:\Program Files\SoMud\codecs\qkrcodecs4.dll
MOD - [2011/10/07 21:40:12 | 000,155,136 | ---- | M] () -- C:\Program Files\SoMud\codecs\qtwcodecs4.dll
MOD - [2011/10/07 21:40:10 | 000,167,936 | ---- | M] () -- C:\Program Files\SoMud\codecs\qjpcodecs4.dll
MOD - [2011/10/07 21:40:08 | 000,141,824 | ---- | M] () -- C:\Program Files\SoMud\codecs\qcncodecs4.dll
MOD - [2011/10/07 21:38:12 | 010,862,592 | ---- | M] () -- C:\Program Files\SoMud\QtWebKit4.dll
MOD - [2011/10/07 20:33:36 | 001,294,848 | ---- | M] () -- C:\Program Files\SoMud\QtScript4.dll
MOD - [2011/10/07 20:26:54 | 000,266,752 | ---- | M] () -- C:\Program Files\SoMud\phonon4.dll
MOD - [2011/10/07 20:20:28 | 008,222,720 | ---- | M] () -- C:\Program Files\SoMud\QtGui4.dll
MOD - [2011/10/07 20:11:46 | 000,975,360 | ---- | M] () -- C:\Program Files\SoMud\QtNetwork4.dll
MOD - [2011/10/07 20:10:38 | 002,292,224 | ---- | M] () -- C:\Program Files\SoMud\QtCore4.dll
MOD - [2011/07/28 18:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/03/02 11:40:51 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009/11/03 18:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2006/11/15 21:01:08 | 001,058,328 | ---- | M] () -- C:\Program Files\Logitech\QuickCam10\LAppRes.DLL
MOD - [2006/11/15 20:58:40 | 000,746,520 | ---- | M] () -- C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
MOD - [2006/11/02 04:46:05 | 000,061,440 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll
MOD - [2006/10/31 00:04:12 | 000,022,040 | ---- | M] () -- C:\Program Files\Common Files\Logitech\LComMgr\LCMServerPS.dll
MOD - [2006/10/26 12:56:46 | 000,757,008 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)
SRV - File not found [Auto | Stopped] -- -- (itlperf)
SRV - [2011/11/03 20:49:14 | 000,161,792 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Windows\System32\vmusbw32.dll -- (vmusb)
SRV - [2011/09/26 12:34:08 | 000,175,968 | ---- | M] (Impulse Point, LLC) [Auto | Running] -- C:\Program Files\SafeConnect\scManager.sys -- (SCManager)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/02/05 00:31:56 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/12/16 15:44:36 | 003,750,400 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\Windows\System32\hasplms.exe -- (hasplms)
SRV - [2009/09/17 17:56:58 | 002,477,304 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2009/09/17 17:38:02 | 001,864,888 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2009/09/17 16:21:10 | 000,341,320 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2009/07/13 11:06:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2009/07/08 19:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2009/07/08 19:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2006/11/15 21:05:40 | 000,101,152 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2006/11/15 21:03:36 | 000,109,344 | ---- | M] (Logitech Inc.) [Auto | Running] -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)


========== Driver Services (SafeList) ==========

DRV - [2011/12/20 16:00:52 | 000,428,088 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2011/11/08 04:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/11/08 04:00:00 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/08/03 03:00:00 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20111222.019\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/08/03 03:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20111222.019\NAVENG.SYS -- (NAVENG)
DRV - [2011/07/06 18:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/06/22 19:05:28 | 000,167,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wpshelper.sys -- (WpsHelper)
DRV - [2011/03/21 19:33:42 | 000,015,408 | ---- | M] (Windows ® Codename Longhorn DDK provider) [File_System | Auto | Running] -- C:\Windows\System32\drivers\SymAFR.sys -- (SymAFR)
DRV - [2010/06/24 11:01:36 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/12/09 20:27:18 | 000,588,800 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (hardlock)
DRV - [2009/11/04 19:53:40 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/09/17 17:38:10 | 000,092,488 | ---- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SYSTEM32\Drivers\SysPlant.sys -- (SysPlant)
DRV - [2009/09/17 17:31:50 | 000,042,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2009/09/03 15:03:48 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/09/03 15:03:48 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2009/08/26 10:54:38 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2009/08/25 19:05:44 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2009/08/25 19:05:42 | 000,320,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2009/08/25 19:05:42 | 000,281,648 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2009/08/20 06:01:50 | 000,356,864 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2009/07/14 11:51:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2009/06/10 08:52:58 | 000,347,648 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2009/05/27 13:31:18 | 000,050,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Teefer2.sys -- (Teefer2)
DRV - [2006/11/15 21:03:12 | 000,024,736 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2006/11/15 21:02:50 | 001,962,912 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2006/11/15 21:00:56 | 001,678,368 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2006/11/10 22:48:11 | 001,083,680 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam Ultra Vision(UVC)
DRV - [2006/11/10 22:48:00 | 000,040,352 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2006/11/10 22:46:29 | 001,512,224 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2006/11/02 02:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..extensions.enabledItems: {99210d54-6321-41e8-bd1b-2b4c55874efb}:1.16
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}:6.0.27

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Devonasa\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Devonasa\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Devonasa\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Devonasa\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/09/14 00:10:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/23 22:08:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/29 15:33:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{6B05BDE5-EBAC-4D82-ABE7-1A6F070E09C0}: C:\Users\Devonasa\AppData\Local\{6B05BDE5-EBAC-4D82-ABE7-1A6F070E09C0}
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\SoMud\scripts\mozilla [2011/12/08 14:53:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\SoMud\scripts\mozilla [2011/12/08 14:53:45 | 000,000,000 | ---D | M]

[2010/03/24 10:50:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Devonasa\AppData\Roaming\Mozilla\Extensions
[2011/12/14 19:50:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Devonasa\AppData\Roaming\Mozilla\Firefox\Profiles\m0xqq5lg.default\extensions
[2011/08/17 00:23:36 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\Devonasa\AppData\Roaming\Mozilla\Firefox\Profiles\m0xqq5lg.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2010/07/08 20:13:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Devonasa\AppData\Roaming\Mozilla\Firefox\Profiles\m0xqq5lg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/08 14:58:55 | 000,000,000 | ---D | M] (Somoto Toolbar) -- C:\Users\Devonasa\AppData\Roaming\Mozilla\Firefox\Profiles\m0xqq5lg.default\extensions\{652853ad-5592-4231-88c6-706613a52e61}
[2011/10/03 17:48:57 | 000,000,000 | ---D | M] ("Tumblr Post") -- C:\Users\Devonasa\AppData\Roaming\Mozilla\Firefox\Profiles\m0xqq5lg.default\extensions\{99210d54-6321-41e8-bd1b-2b4c55874efb}
[2011/11/23 22:10:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/09/06 00:17:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2008/11/06 23:35:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\App\Photoshop\Plug-ins\Extensions
() (No name found) -- C:\USERS\DEVONASA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\M0XQQ5LG.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/11/23 22:08:18 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/07/19 04:05:25 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/02 18:25:59 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/23 22:08:19 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/09/12 21:09:18 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Somoto Toolbar) - {652853ad-5592-4231-88c6-706613a52e61} - C:\Program Files\somototoolbar\vmntemplateX.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.)
O2 - BHO: (AP Suggestor) - {D0984FD4-FA9A-46ee-9072-70B0735FF852} - C:\Program Files\AP Suggestor\APSuggestor.dll (Think Tank Labs, LLC)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (Somoto Toolbar) - {652853ad-5592-4231-88c6-706613a52e61} - C:\Program Files\somototoolbar\vmntemplateX.dll ()
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam10\QuickCam10.exe ()
O4 - HKLM..\Run: [LVCOMSX] C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe (Logitech Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [SoMud] C:\Program Files\SoMud\somud.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O8 - Extra context menu item: Download Web &Images with SoMud - C:\Program Files\SoMud\scripts\ie\images-url.html ()
O8 - Extra context menu item: Download with SoMud - C:\Program Files\SoMud\scripts\ie\link-url.html ()
O9 - Extra Button: AP Suggestor - {02E2473F-766B-4ce2-8FD0-C4E8071EF1C4} - C:\Program Files\AP Suggestor\APSuggestor.dll (Think Tank Labs, LLC)
O9 - Extra 'Tools' menuitem : AP Suggestor options - {02E2473F-766B-4ce2-8FD0-C4E8071EF1C4} - C:\Program Files\AP Suggestor\APSuggestor.dll (Think Tank Labs, LLC)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FB3AA8F6-0159-4F70-994A-780FCEE470F9}: DhcpNameServer = 10.0.0.1
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop BackupWallPaper: C:\Users\Devonasa\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/21 00:25:07 | 000,000,000 | ---D | C] -- C:\Users\Devonasa\AppData\Roaming\GamesCafe
[2011/12/21 00:06:32 | 000,000,000 | ---D | C] -- C:\Users\Devonasa\Documents\My Games
[2011/12/20 16:49:15 | 000,000,000 | ---D | C] -- C:\Users\Devonasa\AppData\Roaming\Atari
[2011/12/20 16:32:04 | 000,000,000 | ---D | C] -- C:\Users\Devonasa\AppData\Roaming\Leadertech
[2011/12/20 16:00:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2011/12/20 15:58:47 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2011/12/20 15:58:17 | 000,000,000 | ---D | C] -- C:\Users\Devonasa\AppData\Roaming\DAEMON Tools Lite
[2011/12/20 15:58:09 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2011/12/18 01:54:15 | 000,000,000 | ---D | C] -- C:\Users\Devonasa\AppData\Roaming\GOL_byHasbro
[2011/12/15 18:43:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DJS Sims
[2011/12/08 15:05:14 | 000,000,000 | ---D | C] -- C:\Users\Devonasa\Documents\SoMud
[2011/12/08 14:59:35 | 000,000,000 | ---D | C] -- C:\Users\Devonasa\AppData\Roaming\SoMud
[2011/12/08 14:58:00 | 000,000,000 | ---D | C] -- C:\Program Files\somototoolbar
[2011/12/08 14:57:35 | 000,000,000 | ---D | C] -- C:\Program Files\SoMud FileBulldog Toolbar
[2011/12/08 14:54:07 | 000,000,000 | ---D | C] -- C:\Program Files\AP Suggestor
[2011/12/08 14:53:58 | 000,000,000 | ---D | C] -- C:\ProgramData\APSuggestor
[2011/12/08 14:53:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoMud
[2011/12/08 14:53:39 | 000,000,000 | ---D | C] -- C:\Program Files\SoMud
[2011/12/08 14:33:04 | 000,000,000 | ---D | C] -- C:\Users\Devonasa\Desktop\My Shared Folder
[2011/11/24 12:07:18 | 000,000,000 | ---D | C] -- C:\Users\Devonasa\Desktop\b
[28 C:\Users\Devonasa\Documents\*.tmp files -> C:\Users\Devonasa\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/23 19:00:38 | 000,016,896 | ---- | M] () -- C:\Windows\System\svchost.exe
[2011/12/23 19:00:13 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1663229470-2338449591-2720500769-1000UA.job
[2011/12/23 18:54:04 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/23 18:24:47 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/23 18:24:47 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/23 17:08:52 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8ED58AD3-8ABB-401C-95E3-4D53772E5585}.job
[2011/12/23 16:22:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/23 13:54:30 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/23 02:00:14 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1663229470-2338449591-2720500769-1000Core.job
[2011/12/21 18:52:49 | 000,150,016 | ---- | M] () -- C:\Users\Devonasa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/21 10:19:49 | 000,000,196 | ---- | M] () -- C:\Windows\System32\itlsvc.dat
[2011/12/21 10:19:48 | 000,103,733 | ---- | M] () -- C:\Windows\System32\itusbcore.dat
[2011/12/21 00:17:09 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/12/21 00:17:09 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/12/21 00:06:03 | 000,000,933 | ---- | M] () -- C:\Users\Devonasa\Desktop\HG2 - Shortcut.lnk
[2011/12/20 16:48:59 | 000,001,074 | ---- | M] () -- C:\Users\Devonasa\Desktop\RCT3plus - Shortcut.lnk
[2011/12/20 16:19:21 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/20 16:19:21 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/20 16:02:31 | 000,001,742 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2011/12/15 03:35:25 | 003,730,792 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/13 01:27:21 | 000,000,000 | ---- | M] () -- C:\t1bg.5
[2011/12/08 14:53:50 | 000,000,791 | ---- | M] () -- C:\Users\Devonasa\Application Data\Microsoft\Internet Explorer\Quick Launch\SoMud.lnk
[2011/12/08 14:53:50 | 000,000,767 | ---- | M] () -- C:\Users\Public\Desktop\SoMud.lnk
[2011/11/29 15:33:43 | 000,001,894 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[28 C:\Users\Devonasa\Documents\*.tmp files -> C:\Users\Devonasa\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/23 19:00:36 | 000,016,896 | ---- | C] () -- C:\Windows\System\svchost.exe
[2011/12/21 00:17:09 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011/12/21 00:17:09 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011/12/21 00:06:03 | 000,000,933 | ---- | C] () -- C:\Users\Devonasa\Desktop\HG2 - Shortcut.lnk
[2011/12/20 16:48:59 | 000,001,074 | ---- | C] () -- C:\Users\Devonasa\Desktop\RCT3plus - Shortcut.lnk
[2011/12/20 16:02:31 | 000,001,742 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2011/12/15 18:41:25 | 003,844,711 | ---- | C] () -- C:\Users\Devonasa\Documents\WardrobeWranglerManual.pdf
[2011/12/15 18:41:25 | 001,464,604 | ---- | C] () -- C:\Users\Devonasa\Documents\InstallWardrobeWranger1.1.exe
[2011/12/13 01:27:21 | 000,000,000 | ---- | C] () -- C:\t1bg.5
[2011/12/08 14:53:50 | 000,000,791 | ---- | C] () -- C:\Users\Devonasa\Application Data\Microsoft\Internet Explorer\Quick Launch\SoMud.lnk
[2011/12/08 14:53:49 | 000,000,767 | ---- | C] () -- C:\Users\Public\Desktop\SoMud.lnk
[2011/11/29 15:30:51 | 000,002,425 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011/11/29 15:30:51 | 000,001,894 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/11/03 20:54:21 | 000,000,196 | ---- | C] () -- C:\Windows\System32\itlsvc.dat
[2011/11/03 20:54:20 | 000,103,733 | ---- | C] () -- C:\Windows\System32\itusbcore.dat
[2011/09/15 02:39:32 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011/09/14 00:34:52 | 000,074,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/08/13 18:51:08 | 000,000,000 | ---- | C] () -- C:\Users\Devonasa\AppData\Local\{09D65B15-4284-4663-AB55-38DC4CF5780E}
[2011/08/10 17:10:51 | 000,000,274 | ---- | C] () -- C:\Windows\ulead32.ini
[2011/08/03 18:53:38 | 000,000,000 | ---- | C] () -- C:\Users\Devonasa\AppData\Local\{1CF3071A-A136-4BBC-A174-D3B2CFC1128A}
[2011/05/11 17:58:58 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2010/09/05 16:41:21 | 000,001,356 | ---- | C] () -- C:\Users\Devonasa\AppData\Local\d3d9caps.dat
[2010/09/05 16:36:58 | 000,042,594 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2010/02/07 23:10:21 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/02/07 23:10:20 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/02/06 06:04:48 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/01/30 20:01:11 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/01/30 16:56:39 | 000,150,016 | ---- | C] () -- C:\Users\Devonasa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/11/15 21:03:12 | 000,024,736 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2006/11/15 21:00:56 | 001,678,368 | ---- | C] () -- C:\Windows\System32\drivers\Lvckap.sys
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 003,730,792 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,604,502 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,104,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/12/21 00:17:36 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\Atari
[2011/03/30 22:45:19 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\Audacity
[2011/08/17 12:44:30 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/08/17 01:45:18 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011/12/21 00:00:51 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\DAEMON Tools Lite
[2010/02/05 06:01:23 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\DAEMON Tools Pro
[2010/02/26 19:24:52 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\Elluminate
[2011/12/21 00:25:07 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\GamesCafe
[2010/01/30 17:28:23 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\GetRightToGo
[2011/12/18 01:54:15 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\GOL_byHasbro
[2011/12/20 16:32:04 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\Leadertech
[2011/08/09 00:23:38 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\QuickScan
[2010/12/01 21:49:18 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\Research In Motion
[2011/12/08 15:07:48 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\SoMud
[2011/10/06 22:35:16 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\Spotify
[2010/01/30 18:34:45 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\Thinstall
[2010/03/29 20:16:44 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\Tific
[2010/05/24 16:42:41 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\Yandex
[2011/12/20 16:08:59 | 000,032,618 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/12/23 17:08:52 | 000,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{8ED58AD3-8ABB-401C-95E3-4D53772E5585}.job

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hi
:welcome: . I'm Michael and I'm going to help you fix your computer :)

Note: Before we start the process you should:
  • POST your logs, don't attach them, as it makes it harder to read. Also please don't edit any log in any case
  • Disable ANY programs that offer real-time protection features while executing my instructions. That includes your antivirus, antispyware, windows defender or any other program that offers protection. When you're clean or waiting for my next set of instructions, re-enable them .If you need any help disabling them, ask.
  • Topics that are idle for 4 days after I post instructions will be closed, unless I'm notified of the delay.
  • Last, as most of the tools we use here need administrative rights in order to function properly, I expect that you will be running them from an administrator account.

What is the name and location of the file found by your antivirus?


Next:

Please uninstall:

Yontoo Layers
Somoto Toolbar
Java™ 6 Update 27



Next:

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image

Also in Desktop there should be a file called MBR.dat after that, zip it and then attach it here :thumbsup:


Next:

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**



Next:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O2 - BHO: (Somoto Toolbar) - {652853ad-5592-4231-88c6-706613a52e61} - C:\Program Files\somototoolbar\vmntemplateX.dll ()
    O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
    O3 - HKLM\..\Toolbar: (Somoto Toolbar) - {652853ad-5592-4231-88c6-706613a52e61} - C:\Program Files\somototoolbar\vmntemplateX.dll ()
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
    O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
    [2011/12/08 14:58:00 | 000,000,000 | ---D | C] -- C:\Program Files\somototoolbar
    [28 C:\Users\Devonasa\Documents\*.tmp files -> C:\Users\Devonasa\Documents\*.tmp -> ]

    :Services

    :Reg

    :Files

    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again.
  • Under Extra Registry select Use SafeList
  • Click the Run Scan button. Post the two logs (OTL.txt and Extras.txt) it produces in your next reply.

  • 0

#3
Devonasa

Devonasa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

What is the name and location of the file found by your antivirus?


The filename and location is, scvhost.exe and c:\windows\system\, respectively. And I believe there is a tracking cookie involved with it, cause when Symantec brings up the Bloodhound thing, it also brings up that to each time.


aswMBR log:


aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-29 13:46:41
-----------------------------
13:46:41.182 OS Version: Windows 6.0.6002 Service Pack 2
13:46:41.182 Number of processors: 2 586 0xE0C
13:46:41.182 ComputerName: DEVONASA-PC UserName: Devonasa
13:46:50.216 Initialize success
13:47:15.915 AVAST engine defs: 11122900
13:48:01.104 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
13:48:01.104 Disk 0 Vendor: WDC_WD1200BEVS-00UST0 01.01A01 Size: 114473MB BusType: 3
13:48:03.445 Disk 0 MBR read successfully
13:48:03.445 Disk 0 MBR scan
13:48:04.194 Disk 0 Windows VISTA default MBR code
13:48:04.475 Disk 0 scanning sectors +234436608
13:48:05.145 Disk 0 scanning C:\Windows\system32\drivers
13:49:23.884 Service scanning
13:49:48.665 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
13:49:48.781 Service SysPlant C:\Windows\SYSTEM32\Drivers\SysPlant.sys **LOCKED** 32
13:49:48.915 Service Teefer2 C:\Windows\system32\DRIVERS\teefer2.sys **LOCKED** 32
13:49:49.226 Service WPS C:\Windows\system32\drivers\wpsdrvnt.sys **LOCKED** 32
13:49:49.227 Service WpsHelper C:\Windows\system32\drivers\WpsHelper.sys **LOCKED** 32
13:49:49.863 Modules scanning
13:50:33.401 Disk 0 trace - called modules:
13:50:33.432 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x83d5a1e8]<<
13:50:33.433 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84e88780]
13:50:33.434 3 CLASSPNP.SYS[86da88b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0x84761b98]
13:50:33.435 \Driver\atapi[0x84700130] -> IRP_MJ_CREATE -> 0x83d5a1e8
13:50:37.297 AVAST engine scan C:\Windows
13:50:51.544 AVAST engine scan C:\Windows\system32
13:57:29.627 File: C:\Windows\system32\vmusbw32.dll **INFECTED** Win32:Delf-RFE [Trj]
13:58:08.766 AVAST engine scan C:\Windows\system32\drivers
13:58:39.029 AVAST engine scan C:\Users\Devonasa
14:29:41.243 AVAST engine scan C:\ProgramData
14:35:38.202 Scan finished successfully
15:52:31.953 Disk 0 MBR has been saved successfully to "C:\Users\Devonasa\Desktop\MBR.dat"
15:52:31.978 The log file has been saved successfully to "C:\Users\Devonasa\Desktop\aswMBR.txt"


combofix log:


ComboFix 11-12-29.04 - Devonasa 12/29/2011 16:03:55.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1013.222 [GMT -5:00]
Running from: c:\users\Devonasa\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files\somototoolbar\vmNTemplatex.dll
c:\users\Devonasa\AppData\Roaming\Adobe\plugs
c:\users\Devonasa\AppData\Roaming\Adobe\shed
c:\users\Devonasa\Documents\~WRL0257.tmp
c:\users\Devonasa\Documents\~WRL0559.tmp
c:\users\Devonasa\Documents\~WRL0614.tmp
c:\users\Devonasa\Documents\~WRL0956.tmp
c:\users\Devonasa\Documents\~WRL1108.tmp
c:\users\Devonasa\Documents\~WRL1173.tmp
c:\users\Devonasa\Documents\~WRL1597.tmp
c:\users\Devonasa\Documents\~WRL1629.tmp
c:\users\Devonasa\Documents\~WRL1696.tmp
c:\users\Devonasa\Documents\~WRL1895.tmp
c:\users\Devonasa\Documents\~WRL2030.tmp
c:\users\Devonasa\Documents\~WRL2387.tmp
c:\users\Devonasa\Documents\~WRL2419.tmp
c:\users\Devonasa\Documents\~WRL2439.tmp
c:\users\Devonasa\Documents\~WRL2528.tmp
c:\users\Devonasa\Documents\~WRL2680.tmp
c:\users\Devonasa\Documents\~WRL2860.tmp
c:\users\Devonasa\Documents\~WRL2914.tmp
c:\users\Devonasa\Documents\~WRL2947.tmp
c:\users\Devonasa\Documents\~WRL2965.tmp
c:\users\Devonasa\Documents\~WRL3043.tmp
c:\users\Devonasa\Documents\~WRL3132.tmp
c:\users\Devonasa\Documents\~WRL3264.tmp
c:\users\Devonasa\Documents\~WRL3298.tmp
c:\users\Devonasa\Documents\~WRL3439.tmp
c:\users\Devonasa\Documents\~WRL3737.tmp
c:\users\Devonasa\Documents\~WRL3783.tmp
c:\users\Devonasa\Documents\~WRL3872.tmp
c:\users\Devonasa\Documents\~WRL4012.tmp
c:\users\Devonasa\videos\bitdefender_is_2012_32b.exe
c:\users\Devonasa\videos\DTLite4451-0236.exe
c:\users\Devonasa\videos\hjsplit.exe
c:\users\Devonasa\videos\OTL.exe
c:\users\Devonasa\videos\W7-SimTracker_Setup.exe
c:\windows\system\msvcr71.dll
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\winservices
c:\windows\system32\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_itlperf
.
.
((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-29 )))))))))))))))))))))))))))))))
.
.
2011-12-29 21:15 . 2011-12-29 21:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-26 06:05 . 2011-12-29 21:23 16896 ----a-w- c:\windows\system\svchost.exe
2011-12-25 20:51 . 2011-12-25 20:51 -------- d-----w- C:\Sim0
2011-12-25 20:51 . 2011-12-25 20:51 858 ----a-w- C:\HH0_HouseData.bin
2011-12-25 20:50 . 2011-12-25 20:50 -------- d-----w- C:\RLMsoft
2011-12-25 20:50 . 2011-12-25 20:50 -------- d-----w- c:\program files\RLMsoft
2011-12-21 05:25 . 2011-12-21 05:25 -------- d-----w- c:\users\Devonasa\AppData\Roaming\GamesCafe
2011-12-20 21:49 . 2011-12-21 05:17 -------- d-----w- c:\users\Devonasa\AppData\Roaming\Atari
2011-12-20 21:32 . 2011-12-20 21:32 -------- d-----w- c:\users\Devonasa\AppData\Roaming\Leadertech
2011-12-20 20:58 . 2011-12-20 20:58 -------- d-----w- c:\program files\DAEMON Tools Lite
2011-12-20 20:58 . 2011-12-21 05:00 -------- d-----w- c:\users\Devonasa\AppData\Roaming\DAEMON Tools Lite
2011-12-18 06:54 . 2011-12-18 06:54 -------- d-----w- c:\users\Devonasa\AppData\Roaming\GOL_byHasbro
2011-12-15 01:12 . 2011-11-08 12:10 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-12-15 01:12 . 2011-11-23 13:37 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-12-15 01:12 . 2011-10-25 15:56 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-15 01:12 . 2011-10-27 08:01 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-15 01:12 . 2011-10-27 08:01 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-15 01:12 . 2011-10-14 16:02 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-12-15 01:10 . 2011-11-08 14:42 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-15 01:00 . 2011-11-03 06:22 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-15 01:00 . 2011-11-03 06:17 743424 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2011-12-08 19:59 . 2011-12-08 20:07 -------- d-----w- c:\users\Devonasa\AppData\Roaming\SoMud
2011-12-08 19:58 . 2011-12-29 21:14 -------- d-----w- c:\program files\somototoolbar
2011-12-08 19:57 . 2011-12-08 19:59 -------- d-----w- c:\program files\SoMud FileBulldog Toolbar
2011-12-08 19:54 . 2011-12-08 19:54 -------- d-----w- c:\program files\AP Suggestor
2011-12-08 19:53 . 2011-12-08 19:58 -------- d-----w- c:\program files\SoMud
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-20 21:00 . 2010-01-31 02:11 428088 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-11-24 03:04 . 2011-10-25 04:02 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-04 01:49 . 2011-11-04 01:49 161792 ----a-w- c:\windows\system32\vmusbw32.dll
2011-11-24 03:08 . 2011-09-08 18:10 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D0984FD4-FA9A-46ee-9072-70B0735FF852}]
2011-11-10 21:42 167216 ----a-w- c:\program files\AP Suggestor\APSuggestor.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2011-07-15 04:46 195360 ------w- c:\program files\Yontoo Layers Runtime\YontooIEClient.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-21 39408]
"SoMud"="c:\program files\SoMud\somud.exe" [2011-11-16 4062720]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-07-09 115560]
"LogitechCommunicationsManager"="c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-10-31 284184]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2006-11-16 746520]
"LVCOMSX"="c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-11-16 244512]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-11-02 8704]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10d.exe" [2009-11-03 257440]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SafeConnect.lnk - c:\program files\SafeConnect\scClient.exe [2009-3-31 296088]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2010-10-29 612168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-21 135664]
R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [2009-07-14 23888]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-21 135664]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-07-06 41272]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S2 hasplms;Sentinel HASP License Manager;c:\windows\system32\hasplms.exe -run [x]
S2 SCManager;SafeConnect Manager;c:\program files\SafeConnect\scManager.sys servicestart [x]
S2 SymAFR;SymAFR;c:\windows\system32\DRIVERS\SymAFR.sys [2011-03-22 15408]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-08 106104]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2009-06-10 347648]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
vmwareusb REG_MULTI_SZ vmusb
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-21 00:03]
.
2011-12-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-21 00:03]
.
2011-12-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1663229470-2338449591-2720500769-1000Core.job
- c:\users\Devonasa\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-05 02:19]
.
2011-12-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1663229470-2338449591-2720500769-1000UA.job
- c:\users\Devonasa\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-05 02:19]
.
2011-12-29 c:\windows\Tasks\User_Feed_Synchronization-{8ED58AD3-8ABB-401C-95E3-4D53772E5585}.job
- c:\windows\system32\msfeedssync.exe [2011-12-15 04:44]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyOverride = <local>
IE: Download Web &Images with SoMud - c:\program files\SoMud\scripts\ie\images-url.html
IE: Download with SoMud - c:\program files\SoMud\scripts\ie\link-url.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{02E2473F-766B-4ce2-8FD0-C4E8071EF1C4} - {D0984FD4-FA9A-46ee-9072-70B0735FF852} - c:\program files\AP Suggestor\APSuggestor.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Devonasa\AppData\Roaming\Mozilla\Firefox\Profiles\m0xqq5lg.default\
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-AdobeBridge - (no file)
HKCU-Run-ares - c:\program files\Ares\Ares.exe
SafeBoot-Symantec Antvirus
.
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(12060)
c:\program files\Common Files\Logitech\LVMVFM\LVPrcInj.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\hasplms.exe
c:\program files\SafeConnect\scManager.sys
c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\windows\system\svchost.exe
c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2011-12-29 16:38:16 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-29 21:36
.
Pre-Run: 27,785,457,664 bytes free
Post-Run: 28,756,049,920 bytes free
.
- - End Of File - - EF47C7646D27CB8FA652912E6EA34DB4

OTLlog.txt

OTL logfile created on: 12/29/2011 5:13:50 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Devonasa\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.38 Mb Total Physical Memory | 79.21 Mb Available Physical Memory | 7.82% Memory free
2.24 Gb Paging File | 1.20 Gb Available in Paging File | 53.46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 101.64 Gb Total Space | 26.97 Gb Free Space | 26.53% Space Free | Partition Type: NTFS
Drive D: | 10.15 Gb Total Space | 0.09 Gb Free Space | 0.89% Space Free | Partition Type: NTFS

Computer Name: DEVONASA-PC | User Name: Devonasa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/29 17:12:54 | 000,016,896 | ---- | M] () -- C:\Windows\system\svchost.exe
PRC - [2011/12/29 17:02:34 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Devonasa\Desktop\OTL.exe
PRC - [2011/11/23 22:08:18 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/11/15 20:49:32 | 004,062,720 | ---- | M] () -- C:\Program Files\SoMud\somud.exe
PRC - [2011/11/10 04:17:04 | 003,514,176 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2011/09/26 12:34:16 | 000,296,088 | ---- | M] (Impulse Point, LLC) -- C:\Program Files\SafeConnect\SCClient.exe
PRC - [2011/09/26 12:34:08 | 000,175,968 | ---- | M] (Impulse Point, LLC) -- C:\Program Files\SafeConnect\scManager.sys
PRC - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/10/29 14:00:00 | 000,612,168 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2009/12/16 15:44:36 | 003,750,400 | ---- | M] (SafeNet Inc.) -- C:\Windows\System32\hasplms.exe
PRC - [2009/09/17 17:56:58 | 002,477,304 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2009/09/17 17:38:02 | 001,864,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2009/09/17 17:27:26 | 001,455,432 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2009/07/08 19:14:40 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2009/07/08 19:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2006/11/15 21:03:36 | 000,109,344 | ---- | M] (Logitech Inc.) -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
PRC - [2006/11/15 21:01:52 | 000,244,512 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
PRC - [2006/11/15 20:58:40 | 000,746,520 | ---- | M] () -- C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
PRC - [2006/11/15 20:57:20 | 000,171,544 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
PRC - [2006/10/31 00:03:48 | 000,284,184 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/23 22:08:13 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/11/15 20:49:32 | 004,062,720 | ---- | M] () -- C:\Program Files\SoMud\somud.exe
MOD - [2011/10/07 21:40:40 | 000,028,672 | ---- | M] () -- C:\Program Files\SoMud\imageformats\qico4.dll
MOD - [2011/10/07 21:40:38 | 000,284,672 | ---- | M] () -- C:\Program Files\SoMud\imageformats\qtiff4.dll
MOD - [2011/10/07 21:40:30 | 000,220,672 | ---- | M] () -- C:\Program Files\SoMud\imageformats\qmng4.dll
MOD - [2011/10/07 21:40:24 | 000,026,624 | ---- | M] () -- C:\Program Files\SoMud\imageformats\qgif4.dll
MOD - [2011/10/07 21:40:20 | 000,196,608 | ---- | M] () -- C:\Program Files\SoMud\imageformats\qjpeg4.dll
MOD - [2011/10/07 21:40:14 | 000,077,824 | ---- | M] () -- C:\Program Files\SoMud\codecs\qkrcodecs4.dll
MOD - [2011/10/07 21:40:12 | 000,155,136 | ---- | M] () -- C:\Program Files\SoMud\codecs\qtwcodecs4.dll
MOD - [2011/10/07 21:40:10 | 000,167,936 | ---- | M] () -- C:\Program Files\SoMud\codecs\qjpcodecs4.dll
MOD - [2011/10/07 21:40:08 | 000,141,824 | ---- | M] () -- C:\Program Files\SoMud\codecs\qcncodecs4.dll
MOD - [2011/10/07 21:38:12 | 010,862,592 | ---- | M] () -- C:\Program Files\SoMud\QtWebKit4.dll
MOD - [2011/10/07 20:33:36 | 001,294,848 | ---- | M] () -- C:\Program Files\SoMud\QtScript4.dll
MOD - [2011/10/07 20:26:54 | 000,266,752 | ---- | M] () -- C:\Program Files\SoMud\phonon4.dll
MOD - [2011/10/07 20:20:28 | 008,222,720 | ---- | M] () -- C:\Program Files\SoMud\QtGui4.dll
MOD - [2011/10/07 20:11:46 | 000,975,360 | ---- | M] () -- C:\Program Files\SoMud\QtNetwork4.dll
MOD - [2011/10/07 20:10:38 | 002,292,224 | ---- | M] () -- C:\Program Files\SoMud\QtCore4.dll
MOD - [2011/07/28 18:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2009/11/03 18:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2006/11/15 21:01:08 | 001,058,328 | ---- | M] () -- C:\Program Files\Logitech\QuickCam10\LAppRes.DLL
MOD - [2006/11/15 20:58:40 | 000,746,520 | ---- | M] () -- C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
MOD - [2006/11/02 04:46:05 | 000,061,440 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll
MOD - [2006/10/31 00:04:12 | 000,022,040 | ---- | M] () -- C:\Program Files\Common Files\Logitech\LComMgr\LCMServerPS.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)
SRV - [2011/11/03 20:49:14 | 000,161,792 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Windows\System32\vmusbw32.dll -- (vmusb)
SRV - [2011/09/26 12:34:08 | 000,175,968 | ---- | M] (Impulse Point, LLC) [Auto | Running] -- C:\Program Files\SafeConnect\scManager.sys -- (SCManager)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/02/05 00:31:56 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/12/16 15:44:36 | 003,750,400 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\Windows\System32\hasplms.exe -- (hasplms)
SRV - [2009/09/17 17:56:58 | 002,477,304 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2009/09/17 17:38:02 | 001,864,888 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2009/09/17 16:21:10 | 000,341,320 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2009/07/13 11:06:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2009/07/08 19:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2009/07/08 19:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2006/11/15 21:05:40 | 000,101,152 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2006/11/15 21:03:36 | 000,109,344 | ---- | M] (Logitech Inc.) [Auto | Running] -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)


========== Driver Services (SafeList) ==========

DRV - [2011/12/20 16:00:52 | 000,428,088 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2011/11/08 04:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/11/08 04:00:00 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/08/03 03:00:00 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20111228.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/08/03 03:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20111228.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/07/06 18:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/06/22 19:05:28 | 000,167,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wpshelper.sys -- (WpsHelper)
DRV - [2011/03/21 19:33:42 | 000,015,408 | ---- | M] (Windows ® Codename Longhorn DDK provider) [File_System | Auto | Running] -- C:\Windows\System32\drivers\SymAFR.sys -- (SymAFR)
DRV - [2010/06/24 11:01:36 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/12/09 20:27:18 | 000,588,800 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (hardlock)
DRV - [2009/11/04 19:53:40 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/09/17 17:38:10 | 000,092,488 | ---- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SYSTEM32\Drivers\SysPlant.sys -- (SysPlant)
DRV - [2009/09/17 17:31:50 | 000,042,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2009/09/03 15:03:48 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/09/03 15:03:48 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2009/08/26 10:54:38 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2009/08/25 19:05:44 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2009/08/25 19:05:42 | 000,320,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2009/08/25 19:05:42 | 000,281,648 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2009/08/20 06:01:50 | 000,356,864 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2009/07/14 11:51:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2009/06/10 08:52:58 | 000,347,648 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2009/05/27 13:31:18 | 000,050,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Teefer2.sys -- (Teefer2)
DRV - [2006/11/15 21:03:12 | 000,024,736 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2006/11/15 21:02:50 | 001,962,912 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2006/11/15 21:00:56 | 001,678,368 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2006/11/10 22:48:11 | 001,083,680 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam Ultra Vision(UVC)
DRV - [2006/11/10 22:48:00 | 000,040,352 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2006/11/10 22:46:29 | 001,512,224 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2006/11/02 02:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..extensions.enabledItems: {99210d54-6321-41e8-bd1b-2b4c55874efb}:1.16
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}:6.0.27

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Devonasa\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Devonasa\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Devonasa\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Devonasa\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/09/14 00:10:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/23 22:08:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/29 15:33:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{6B05BDE5-EBAC-4D82-ABE7-1A6F070E09C0}: C:\Users\Devonasa\AppData\Local\{6B05BDE5-EBAC-4D82-ABE7-1A6F070E09C0}
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\SoMud\scripts\mozilla [2011/12/08 14:53:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\SoMud\scripts\mozilla [2011/12/08 14:53:45 | 000,000,000 | ---D | M]

[2010/03/24 10:50:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Devonasa\AppData\Roaming\Mozilla\Extensions
[2011/12/27 11:41:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Devonasa\AppData\Roaming\Mozilla\Firefox\Profiles\m0xqq5lg.default\extensions
[2011/08/17 00:23:36 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\Devonasa\AppData\Roaming\Mozilla\Firefox\Profiles\m0xqq5lg.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2010/07/08 20:13:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Devonasa\AppData\Roaming\Mozilla\Firefox\Profiles\m0xqq5lg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/08 14:58:55 | 000,000,000 | ---D | M] (Somoto Toolbar) -- C:\Users\Devonasa\AppData\Roaming\Mozilla\Firefox\Profiles\m0xqq5lg.default\extensions\{652853ad-5592-4231-88c6-706613a52e61}
[2011/12/27 11:41:27 | 000,000,000 | ---D | M] ("Tumblr Post") -- C:\Users\Devonasa\AppData\Roaming\Mozilla\Firefox\Profiles\m0xqq5lg.default\extensions\{99210d54-6321-41e8-bd1b-2b4c55874efb}
[2011/12/29 13:32:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/11/06 23:35:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\App\Photoshop\Plug-ins\Extensions
() (No name found) -- C:\USERS\DEVONASA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\M0XQQ5LG.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/11/23 22:08:18 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/07/19 04:05:25 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/02 18:25:59 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/23 22:08:19 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/12/29 16:27:51 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.)
O2 - BHO: (AP Suggestor) - {D0984FD4-FA9A-46ee-9072-70B0735FF852} - C:\Program Files\AP Suggestor\APSuggestor.dll (Think Tank Labs, LLC)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam10\QuickCam10.exe ()
O4 - HKLM..\Run: [LVCOMSX] C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe (Logitech Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [SoMud] C:\Program Files\SoMud\somud.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download Web &Images with SoMud - C:\Program Files\SoMud\scripts\ie\images-url.html ()
O8 - Extra context menu item: Download with SoMud - C:\Program Files\SoMud\scripts\ie\link-url.html ()
O9 - Extra Button: AP Suggestor - {02E2473F-766B-4ce2-8FD0-C4E8071EF1C4} - C:\Program Files\AP Suggestor\APSuggestor.dll (Think Tank Labs, LLC)
O9 - Extra 'Tools' menuitem : AP Suggestor options - {02E2473F-766B-4ce2-8FD0-C4E8071EF1C4} - C:\Program Files\AP Suggestor\APSuggestor.dll (Think Tank Labs, LLC)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\NPJPI150_02.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_02)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FB3AA8F6-0159-4F70-994A-780FCEE470F9}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop BackupWallPaper: C:\Users\Devonasa\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/29 17:04:19 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/29 17:02:33 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Devonasa\Desktop\OTL.exe
[2011/12/29 16:38:22 | 000,000,000 | ---D | C] -- C:\Users\Devonasa\AppData\Local\temp
[2011/12/29 16:27:59 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/12/29 15:56:54 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/12/29 15:56:53 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/12/29 15:56:53 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/12/29 15:56:32 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/12/29 15:56:30 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/12/29 15:55:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/29 15:51:18 | 004,356,248 | R--- | C] (Swearware) -- C:\Users\Devonasa\Desktop\ComboFix.exe
[2011/12/29 13:32:38 | 000,127,078 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/12/29 13:32:37 | 000,049,250 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/12/29 13:32:37 | 000,049,248 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/12/29 13:21:07 | 004,702,720 | ---- | C] (AVAST Software) -- C:\Users\Devonasa\Desktop\aswMBR(1).exe
[2011/12/25 15:51:03 | 000,000,000 | ---D | C] -- C:\Sim0
[2011/12/25 15:51:03 | 000,000,000 | ---D | C] -- C:\Users\Devonasa\Documents\RLMsoft
[2011/12/25 15:50:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RLMsoft
[2011/12/25 15:50:27 | 000,000,000 | ---D | C] -- C:\Users\Devonasa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RLMsoft
[2011/12/25 15:50:14 | 000,000,000 | ---D | C] -- C:\RLMsoft
[2011/12/25 15:50:09 | 000,000,000 | ---D | C] -- C:\Program Files\RLMsoft
[2011/12/21 00:25:07 | 000,000,000 | ---D | C] -- C:\Users\Devonasa\AppData\Roaming\GamesCafe
[2011/12/21 00:06:32 | 000,000,000 | ---D | C] -- C:\Users\Devonasa\Documents\My Games
[2011/12/20 16:49:15 | 000,000,000 | ---D | C] -- C:\Users\Devonasa\AppData\Roaming\Atari
[2011/12/20 16:32:04 | 000,000,000 | ---D | C] -- C:\Users\Devonasa\AppData\Roaming\Leadertech
[2011/12/20 16:00:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2011/12/20 15:58:47 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2011/12/20 15:58:17 | 000,000,000 | ---D | C] -- C:\Users\Devonasa\AppData\Roaming\DAEMON Tools Lite
[2011/12/20 15:58:09 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2011/12/18 01:54:15 | 000,000,000 | ---D | C] -- C:\Users\Devonasa\AppData\Roaming\GOL_byHasbro
[2011/12/15 18:43:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DJS Sims
[2011/12/14 20:12:43 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/12/14 20:12:40 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011/12/14 20:12:34 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/12/14 20:12:33 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/12/14 20:12:28 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/12/14 20:10:47 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/12/14 20:00:05 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/12/14 19:59:52 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/12/14 19:59:41 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/12/14 19:59:38 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/12/14 19:59:38 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/12/14 19:59:37 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/12/14 19:59:37 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/12/14 19:59:36 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/12/14 19:59:35 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/12/14 19:59:34 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/12/14 19:59:31 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/12/14 19:59:31 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/12/14 19:59:31 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/12/14 19:59:30 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/12/14 19:59:29 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/12/14 19:59:29 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/12/14 19:59:28 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/12/14 19:59:28 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/12/08 15:05:14 | 000,000,000 | ---D | C] -- C:\Users\Devonasa\Documents\SoMud
[2011/12/08 14:59:35 | 000,000,000 | ---D | C] -- C:\Users\Devonasa\AppData\Roaming\SoMud
[2011/12/08 14:57:35 | 000,000,000 | ---D | C] -- C:\Program Files\SoMud FileBulldog Toolbar
[2011/12/08 14:54:07 | 000,000,000 | ---D | C] -- C:\Program Files\AP Suggestor
[2011/12/08 14:53:58 | 000,000,000 | ---D | C] -- C:\ProgramData\APSuggestor
[2011/12/08 14:53:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoMud
[2011/12/08 14:53:39 | 000,000,000 | ---D | C] -- C:\Program Files\SoMud
[2011/12/08 14:33:04 | 000,000,000 | ---D | C] -- C:\Users\Devonasa\Desktop\My Shared Folder

========== Files - Modified Within 30 Days ==========

[2011/12/29 17:12:54 | 000,016,896 | ---- | M] () -- C:\Windows\System\svchost.exe
[2011/12/29 17:08:08 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/29 17:07:58 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/29 17:07:58 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/29 17:07:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/29 17:02:34 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Devonasa\Desktop\OTL.exe
[2011/12/29 16:54:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/29 16:27:51 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/12/29 16:00:44 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1663229470-2338449591-2720500769-1000UA.job
[2011/12/29 15:52:31 | 000,000,512 | ---- | M] () -- C:\Users\Devonasa\Desktop\MBR.dat
[2011/12/29 15:51:47 | 004,356,248 | R--- | M] (Swearware) -- C:\Users\Devonasa\Desktop\ComboFix.exe
[2011/12/29 13:40:02 | 175,803,661 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/12/29 13:21:16 | 004,702,720 | ---- | M] (AVAST Software) -- C:\Users\Devonasa\Desktop\aswMBR(1).exe
[2011/12/29 12:20:40 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1663229470-2338449591-2720500769-1000Core.job
[2011/12/29 12:14:12 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8ED58AD3-8ABB-401C-95E3-4D53772E5585}.job
[2011/12/28 15:37:44 | 000,152,064 | ---- | M] () -- C:\Users\Devonasa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/25 15:51:02 | 000,000,858 | ---- | M] () -- C:\HH0_HouseData.bin
[2011/12/25 15:50:30 | 000,001,927 | ---- | M] () -- C:\Users\Devonasa\Desktop\W7 - Sim Tracker.lnk
[2011/12/23 20:40:11 | 000,004,096 | ---- | M] () -- C:\Windows\d3dx.dat
[2011/12/21 10:19:49 | 000,000,196 | ---- | M] () -- C:\Windows\System32\itlsvc.dat
[2011/12/21 10:19:48 | 000,103,733 | ---- | M] () -- C:\Windows\System32\itusbcore.dat
[2011/12/21 00:17:09 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/12/21 00:17:09 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/12/21 00:06:03 | 000,000,933 | ---- | M] () -- C:\Users\Devonasa\Desktop\HG2 - Shortcut.lnk
[2011/12/20 16:48:59 | 000,001,074 | ---- | M] () -- C:\Users\Devonasa\Desktop\RCT3plus - Shortcut.lnk
[2011/12/20 16:19:21 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/20 16:19:21 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/20 16:02:31 | 000,001,742 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2011/12/15 03:35:25 | 003,730,792 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/13 01:27:21 | 000,000,000 | ---- | M] () -- C:\t1bg.5
[2011/12/08 14:53:50 | 000,000,791 | ---- | M] () -- C:\Users\Devonasa\Application Data\Microsoft\Internet Explorer\Quick Launch\SoMud.lnk
[2011/12/08 14:53:50 | 000,000,767 | ---- | M] () -- C:\Users\Public\Desktop\SoMud.lnk

========== Files Created - No Company Name ==========

[2011/12/29 15:56:55 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/29 15:56:54 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/29 15:56:53 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/29 15:56:53 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/29 15:56:53 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/29 15:52:31 | 000,000,512 | ---- | C] () -- C:\Users\Devonasa\Desktop\MBR.dat
[2011/12/29 13:40:02 | 175,803,661 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/12/26 01:05:14 | 000,016,896 | ---- | C] () -- C:\Windows\System\svchost.exe
[2011/12/25 15:51:01 | 000,000,858 | ---- | C] () -- C:\HH0_HouseData.bin
[2011/12/25 15:50:30 | 000,001,927 | ---- | C] () -- C:\Users\Devonasa\Desktop\W7 - Sim Tracker.lnk
[2011/12/23 20:40:11 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2011/12/21 00:17:09 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011/12/21 00:17:09 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011/12/21 00:06:03 | 000,000,933 | ---- | C] () -- C:\Users\Devonasa\Desktop\HG2 - Shortcut.lnk
[2011/12/20 16:48:59 | 000,001,074 | ---- | C] () -- C:\Users\Devonasa\Desktop\RCT3plus - Shortcut.lnk
[2011/12/20 16:02:31 | 000,001,742 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2011/12/15 18:41:25 | 003,844,711 | ---- | C] () -- C:\Users\Devonasa\Documents\WardrobeWranglerManual.pdf
[2011/12/15 18:41:25 | 001,464,604 | ---- | C] () -- C:\Users\Devonasa\Documents\InstallWardrobeWranger1.1.exe
[2011/12/13 01:27:21 | 000,000,000 | ---- | C] () -- C:\t1bg.5
[2011/12/08 14:53:50 | 000,000,791 | ---- | C] () -- C:\Users\Devonasa\Application Data\Microsoft\Internet Explorer\Quick Launch\SoMud.lnk
[2011/12/08 14:53:49 | 000,000,767 | ---- | C] () -- C:\Users\Public\Desktop\SoMud.lnk
[2011/11/03 20:54:21 | 000,000,196 | ---- | C] () -- C:\Windows\System32\itlsvc.dat
[2011/11/03 20:54:20 | 000,103,733 | ---- | C] () -- C:\Windows\System32\itusbcore.dat
[2011/09/15 02:39:32 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011/09/14 00:34:52 | 000,074,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/08/13 18:51:08 | 000,000,000 | ---- | C] () -- C:\Users\Devonasa\AppData\Local\{09D65B15-4284-4663-AB55-38DC4CF5780E}
[2011/08/10 17:10:51 | 000,000,274 | ---- | C] () -- C:\Windows\ulead32.ini
[2011/08/03 18:53:38 | 000,000,000 | ---- | C] () -- C:\Users\Devonasa\AppData\Local\{1CF3071A-A136-4BBC-A174-D3B2CFC1128A}
[2010/09/05 16:41:21 | 000,001,356 | ---- | C] () -- C:\Users\Devonasa\AppData\Local\d3d9caps.dat
[2010/09/05 16:36:58 | 000,042,594 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2010/02/07 23:10:21 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/02/07 23:10:20 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/02/06 06:04:48 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/01/30 20:01:11 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/01/30 16:56:39 | 000,152,064 | ---- | C] () -- C:\Users\Devonasa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/11/15 21:03:12 | 000,024,736 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2006/11/15 21:00:56 | 001,678,368 | ---- | C] () -- C:\Windows\System32\drivers\Lvckap.sys
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 003,730,792 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,604,502 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,104,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

< End of report >

Extras.txt

OTL Extras logfile created on: 12/29/2011 5:13:50 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Devonasa\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.38 Mb Total Physical Memory | 79.21 Mb Available Physical Memory | 7.82% Memory free
2.24 Gb Paging File | 1.20 Gb Available in Paging File | 53.46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 101.64 Gb Total Space | 26.97 Gb Free Space | 26.53% Space Free | Partition Type: NTFS
Drive D: | 10.15 Gb Total Space | 0.09 Gb Free Space | 0.89% Space Free | Partition Type: NTFS

Computer Name: DEVONASA-PC | User Name: Devonasa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0085576B-D3EE-46B7-AA04-66A5125B7F35}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{21CFAEE3-2052-4AAD-90EE-5FA580801D4F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{34A1F824-33C6-4189-BE1D-E978357B46E9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{35553D9A-B804-4858-B2E2-DA375AE074FA}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{4B177052-1968-45FB-A6B6-0FFAE304E7A5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{50F942EA-9D9C-4743-A9CB-F686D349EF35}" = rport=445 | protocol=6 | dir=out | app=system |
"{611CCD2D-091D-4F49-977E-565352EBEFA6}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{6705CF10-30BC-46ED-9EA3-C7F8DCB18509}" = lport=138 | protocol=17 | dir=in | app=system |
"{6BD5B8C4-8EC7-4C93-B8F3-3295EB350EF5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6E9CC70F-B543-4A36-BAE2-B1CD9D34022A}" = rport=137 | protocol=17 | dir=out | app=system |
"{7508CBF0-69A7-4598-BF35-6FB21C082582}" = lport=139 | protocol=6 | dir=in | app=system |
"{76F8A62C-8433-49E9-AA04-0DB48CBCF13C}" = lport=445 | protocol=6 | dir=in | app=system |
"{7E59EBD7-3C6E-463A-AE54-E8C3229F04F2}" = lport=137 | protocol=17 | dir=in | app=system |
"{95DA2CEA-29E3-4E36-93FB-D141DD0951F0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{99A9D656-7713-405D-803F-8B13C616985E}" = rport=139 | protocol=6 | dir=out | app=system |
"{9A5568A8-41EE-418E-B950-832FDAEAC61A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B324AFE6-2F60-42F1-943A-94106358F847}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{CC00111E-7E56-4B6E-9701-C42C70BA5FEC}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{CCB77BF9-E025-4D74-99F6-B731F6814801}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{F5A7872B-2098-4636-BA8E-32B370935809}" = rport=138 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0FC0B411-9991-41E6-9BD4-53DA22E4FD7F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{1161531B-1A83-433D-A1BD-8020B7E2AC88}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe |
"{11EDFDB4-CAC0-4AF1-BB79-A87C169FA640}" = protocol=1 | dir=out | [email protected],-28544 |
"{159C461B-C3C4-47BA-AC60-896CF4687489}" = protocol=58 | dir=out | [email protected],-28546 |
"{297323D9-E021-4481-ADAE-9FEF7D7DD925}" = protocol=6 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{2CF12751-81D9-4BD1-B498-355DA794BA9C}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{340414A8-802A-4E2F-A4FB-FC69B8CAB7DB}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{3706B691-7C1B-4E8B-BF7E-DE4AEF1DD566}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{47B19CF9-AF40-4F31-B10B-D774F4057D25}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe |
"{5081AF52-E57A-474A-BEAC-8E5BF60036E0}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5E308BDC-5BAF-4A53-B8D3-92CA5D001FB0}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{663853B3-1759-42F1-90A8-035144D55AFD}" = protocol=1 | dir=in | [email protected],-28543 |
"{698A6159-4D4C-4E8C-A195-380CA5D3BDC9}" = protocol=17 | dir=in | app=c:\windows\system32\hasplms.exe |
"{719436CB-DFC0-4A33-B623-3C81BE81F397}" = protocol=58 | dir=in | [email protected],-28545 |
"{7C4BE71D-C474-43CB-AFA6-85A67C5D3DB2}" = protocol=6 | dir=in | app=c:\windows\system32\hasplms.exe |
"{82C9CC69-0661-432C-BF21-217861061B8B}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe |
"{84570C9E-57B3-4100-A2FD-77FBAA866A8E}" = protocol=17 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{88BD47C5-3B21-4788-A3A3-B2172AC05761}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{93BB38FA-2556-4C75-AAF6-0A4AE11BE436}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{98925A0F-C000-4DB4-9CCC-1574C672B586}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{9CB9EE5B-55FA-4FA1-92EA-D8B04E108A5A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C4645DD4-8198-4424-AF0C-D1F2C7CDEFA2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CF28F06E-5DDD-46FD-94AC-13C57A5B8E9A}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{D820A76E-3191-469C-A800-8C28C8DFEC3D}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{DBE61390-BC9E-4051-B308-D329366D2D2C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{F88D0857-9510-450B-B451-C92A4D7BC5AE}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe |
"TCP Query User{1905A504-D7AF-46E7-96A9-5199067E85EE}C:\users\devonasa\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\devonasa\appdata\roaming\spotify\spotify.exe |
"TCP Query User{1B681419-5DFC-4AE7-A6C4-126CC12A0657}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{52528F5C-F7AB-4C74-AFAF-AFD45601F065}C:\program files\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files\ares\ares.exe |
"TCP Query User{569637BC-C95E-4500-956A-73A76B7CEF65}C:\program files\java\jre1.5.0_02\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.5.0_02\bin\javaw.exe |
"TCP Query User{ACAD2765-4639-4C1A-9F7B-AD7A4329B1B7}C:\program files\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe |
"TCP Query User{D7D1863C-C2B9-4C60-9F46-251A680FA6CD}C:\program files\somud\somud.exe" = protocol=6 | dir=in | app=c:\program files\somud\somud.exe |
"UDP Query User{0AC36375-CFC5-44E2-ADFC-215F6D411802}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{1D8EE7F6-B413-4BCB-9983-443CAA86F9A7}C:\program files\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe |
"UDP Query User{3D77B565-7803-4F96-ABA8-212C7B368C63}C:\program files\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files\ares\ares.exe |
"UDP Query User{689D8561-B94D-49D3-9A87-BB51A0A7AE15}C:\program files\somud\somud.exe" = protocol=17 | dir=in | app=c:\program files\somud\somud.exe |
"UDP Query User{995EE229-A66C-42D3-94BA-1B39F7BF550A}C:\program files\java\jre1.5.0_02\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.5.0_02\bin\javaw.exe |
"UDP Query User{C2E92073-EE04-4C6B-B53C-A95F73757B3C}C:\users\devonasa\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\devonasa\appdata\roaming\spotify\spotify.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{10110FE9-1EE8-4A3D-ADFD-1294F86BE5FC}" = Logitech QuickCam
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1A2A15C2-6780-49c1-B296-503230E9DE00}" = The Sims™ 2 Mansion and Garden Stuff
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2EFCC193-D915-4CCB-9201-31773A27BC06}" = Symantec Endpoint Protection
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{40C03514-89C3-41BA-0090-3B440256DB87}" = The Sims 2
"{4817189D-1785-4627-A33C-39FD90919300}" = The Sims 2 Pets
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5035723E-C26D-4979-ACA9-12765F5AD7EB}" = WinZip Pro
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5C648FDB-0138-4619-B66E-230EF53E8E2C}" = The Sims™ 2 Teen Style Stuff
"{5CF6EEE9-86B1-3DB6-A07C-8F6C079C39BA}" = Google Talk Plugin
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{6522C636-B04C-4333-9BEB-9E0C0B6350D6}" = The Sims™ 2 Kitchen & Bath Interior Design Stuff
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6BDD9CE6-D0A6-478A-BAD3-BA6945E89EB0}" = The Sims 2 Family Fun Stuff
"{6E17F9751-F056-4335-B718-8AF1B1092AFB}" = The Sims™ 2 IKEA® Home Stuff
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79872596-B887-E700-8D56-CADBC78BA5DE}" = Adobe Download Assistant
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = The Sims 2 Open For Business
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{84DDE556-43EF-43ed-B2DF-37AF9E5DDD75}" = The Sims™ 2 H&M® Fashion Stuff
"{87F6C83D-F949-4d14-B5CB-DC8C75F8932D}" = The Sims™ 2 FreeTime
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AF3E926-ED59-11D4-A44B-0000E86D2305}" = Ulead GIF Animator 5 TBYB
"{8FD3F4BA-A4A6-4380-00A6-CC6853AB2DC2}" = The Sims 2 University
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CEA4C7D0-ABBE-4074-A488-173BB382CDFF}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9CDBC303-3EED-40b0-8E41-A7C65AA96C26}" = The Sims 2 Glamour Life Stuff
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B6F5B704-06D3-4687-90F3-6195304AD755}" = The Sims™ 2 Apartment Life
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BEF726DD-4037-4214-8C6A-E625C02D2870}" = Logitech Audio Echo Cancellation Component
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BE}" = WinZip 15.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = The Sims™ 2 Seasons
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator
"{EAA38532-7AD0-4f78-918A-4F4F02096ECE}" = The Sims™ 2 Celebration! Stuff
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F248ADFA-64E0-4b03-8A83-059078BED6A0}" = The Sims™ 2 Bon Voyage
"{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = The Sims 2 Nightlife
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB26A501-6BA6-459B-89AA-9736730752FB}" = VoiceOver Kit
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AC3Filter_is1" = AC3Filter 1.62b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"AP Suggestor" = AP Suggestor
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.11 (Unicode)
"Audacity_is1" = Audacity 1.2.6
"BPM Counter_is1" = BPM Counter 1.2.0.0
"CameraUserGuide-PSA470" = Canon PowerShot A470 Camera User Guide
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CEP - Colour Enable Packages_is1" = CEP (Color Enable Package) v.9.2 (beta)
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"DAEMON Tools Lite" = DAEMON Tools Lite
"DirectPrintUserGuide" = Canon Direct Print User Guide
"DivX Setup" = DivX Setup
"E.M. Youtube Video Download Tool_is1" = E.M. Youtube Video Download Tool 3.13
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ffdshow_is1" = ffdshow v1.1.3981 [2011-09-12]
"FLV Player" = FLV Player 2.0 (build 25)
"HaaliMkx" = Haali Media Splitter
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 8.0.1 (x86 en-US)" = Mozilla Firefox 8.0.1 (x86 en-US)
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"Norton UAC Tool" = Norton UAC Tool
"PhotoStitch" = Canon Utilities PhotoStitch
"QcDrv" = Logitech® Camera Driver
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"SafeConnect" = SafeConnect
"Scriptorium_for_TS2_is1" = Scriptorium for TS2
"Sims2Pack Clean Installer " = Sims2Pack Clean Installer
"SoftwareStarterGuide-DCSD34" = Canon Digital Camera Solution Disk 34 Software Starter Guide
"SoMud" = SoMud 1.3.5
"SoMud FileBulldog Toolbar" = SoMud FileBulldog Toolbar
"Spotify" = Spotify
"ST6UNST #1" = Sims 2 Categorizer
"TweakUAC_is1" = TweakUAC
"VLC media player" = VLC media player 1.1.11
"W7 - Sim Tracker" = W7 - Sim Tracker
"WinRAR archiver" = WinRAR 4.00 (32-bit)
"WinZip Pro" = WinZip Pro
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/1/2011 3:20:16 AM | Computer Name = Devonasa-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/1/2011 3:20:16 AM | Computer Name = Devonasa-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 32105

Error - 12/1/2011 3:20:16 AM | Computer Name = Devonasa-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 32105

Error - 12/1/2011 3:20:17 AM | Computer Name = Devonasa-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/1/2011 3:20:17 AM | Computer Name = Devonasa-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 33119

Error - 12/1/2011 3:20:17 AM | Computer Name = Devonasa-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 33119

Error - 12/1/2011 3:20:18 AM | Computer Name = Devonasa-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/1/2011 3:20:18 AM | Computer Name = Devonasa-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 34133

Error - 12/1/2011 3:20:18 AM | Computer Name = Devonasa-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 34133

Error - 12/1/2011 11:36:47 PM | Computer Name = Devonasa-PC | Source = Application Error | ID = 1000
Description = Faulting application Rtvscan.exe, version 11.0.5002.290, time stamp
0x4ab2da72, faulting module Rtvscan.exe, version 11.0.5002.290, time stamp 0x4ab2da72,
exception code 0xc0000005, fault offset 0x00151d71, process id 0xa70, application
start time 0x01ccaf7e6738a381.

[ OSession Events ]
Error - 4/30/2010 10:29:42 AM | Computer Name = Devonasa-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.6425.1000. This session lasted 158992
seconds with 22800 seconds of active time. This session ended with a crash.

Error - 7/29/2010 3:06:23 PM | Computer Name = Devonasa-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 52466
seconds with 1800 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 2/4/2010 7:27:33 AM | Computer Name = Devonasa-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 2/4/2010 12:58:43 PM | Computer Name = Devonasa-PC | Source = ACPI | ID = 327693
Description = : The embedded controller (EC) did not respond within the specified
timeout period. This may indicate that there is an error in the EC hardware or
firmware or that the BIOS is accessing the EC incorrectly. You should check with
your computer manufacturer for an upgraded BIOS. In some situations, this error
may cause the computer to function incorrectly.

Error - 2/4/2010 5:29:59 PM | Computer Name = Devonasa-PC | Source = ACPI | ID = 327693
Description = : The embedded controller (EC) did not respond within the specified
timeout period. This may indicate that there is an error in the EC hardware or
firmware or that the BIOS is accessing the EC incorrectly. You should check with
your computer manufacturer for an upgraded BIOS. In some situations, this error
may cause the computer to function incorrectly.

Error - 2/5/2010 12:08:26 AM | Computer Name = Devonasa-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort1.

Error - 2/5/2010 12:08:26 AM | Computer Name = Devonasa-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort1.

Error - 2/5/2010 12:08:26 AM | Computer Name = Devonasa-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort1.

Error - 2/5/2010 12:08:26 AM | Computer Name = Devonasa-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort1.

Error - 2/5/2010 12:08:26 AM | Computer Name = Devonasa-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort1.

Error - 2/5/2010 12:09:06 AM | Computer Name = Devonasa-PC | Source = volsnap | ID = 393230
Description = The shadow copies of volume C: were aborted because of an IO failure
on volume C:.

Error - 2/5/2010 12:41:07 AM | Computer Name = Devonasa-PC | Source = DCOM | ID = 10010
Description =


< End of report >

Attached Files

  • Attached File  MBR.zip   590bytes   65 downloads

  • 0

#4
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hello
Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.



Next:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    PRC - [2011/12/29 17:12:54 | 000,016,896 | ---- | M] () -- C:\Windows\system\svchost.exe
    SRV - [2011/11/03 20:49:14 | 000,161,792 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Windows\System32\vmusbw32.dll -- (vmusb)
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{6B05BDE5-EBAC-4D82-ABE7-1A6F070E09C0}: C:\Users\Devonasa\AppData\Local\{6B05BDE5-EBAC-4D82-ABE7-1A6F070E09C0}
    [2011/12/08 14:58:55 | 000,000,000 | ---D | M] (Somoto Toolbar) -- C:\Users\Devonasa\AppData\Roaming\Mozilla\Firefox\Profiles\m0xqq5lg.default\extensions\{652853ad-5592-4231-88c6-706613a52e61}
    O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_02)
    [2011/12/29 17:12:54 | 000,016,896 | ---- | M] () -- C:\Windows\System\svchost.exe
    [2011/12/26 01:05:14 | 000,016,896 | ---- | C] () -- C:\Windows\System\svchost.exe

    :Services

    :Reg

    :Files
    c:\program files\somototoolbar

    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Next:

Please uninstall J2SE Runtime Environment 5.0 Update 2


Next:


Posted Image OTL Custom Scan
  • Double click on Posted Image icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Stadard output is selected.
  • Select Scan all users
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scans/Fixes box copy and paste this in:

    netsvcs
    %SYSTEMDRIVE%\*.exe
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %SYSTEMDRIVE%\*.exe
    %ALLUSERSPROFILE%\Application Data\*.exe
    %APPDATA%\*.
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    CREATERESTOREPOINT

  • Click the Posted Image button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open OTL.Txt in Notepad window.
  • Please copy (Edit->Select All, Edit->Copy) the content of this file and post it with your next reply.


Next:

Re-run combofix as before and post an updated log


Next:

Go here and download the Windows x86 Online to download the latest version of java runtime environment. After you download it, install it :thumbsup:


Next:

  • Go here and click Free Java Download
  • It will offer you the latest version of java, download it and install it

  • 0

#5
Devonasa

Devonasa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
OTL.txt

OTL logfile created on: 12/29/2011 7:40:43 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Devonasa\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.38 Mb Total Physical Memory | 259.53 Mb Available Physical Memory | 25.61% Memory free
2.24 Gb Paging File | 1.28 Gb Available in Paging File | 57.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 101.64 Gb Total Space | 27.76 Gb Free Space | 27.31% Space Free | Partition Type: NTFS
Drive D: | 10.15 Gb Total Space | 0.09 Gb Free Space | 0.89% Space Free | Partition Type: NTFS

Computer Name: DEVONASA-PC | User Name: Devonasa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/29 17:02:34 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Devonasa\Desktop\OTL.exe
PRC - [2011/11/15 20:49:32 | 004,062,720 | ---- | M] () -- C:\Program Files\SoMud\somud.exe
PRC - [2011/11/10 04:17:04 | 003,514,176 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2011/09/26 12:34:16 | 000,296,088 | ---- | M] (Impulse Point, LLC) -- C:\Program Files\SafeConnect\SCClient.exe
PRC - [2011/09/26 12:34:08 | 000,175,968 | ---- | M] (Impulse Point, LLC) -- C:\Program Files\SafeConnect\scManager.sys
PRC - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/10/29 14:00:00 | 000,612,168 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2009/12/16 15:44:36 | 003,750,400 | ---- | M] (SafeNet Inc.) -- C:\Windows\System32\hasplms.exe
PRC - [2009/09/17 17:56:58 | 002,477,304 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2009/09/17 17:38:02 | 001,864,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2009/09/17 17:27:26 | 001,455,432 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2009/07/08 19:14:40 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2009/07/08 19:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2006/11/15 21:03:36 | 000,109,344 | ---- | M] (Logitech Inc.) -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
PRC - [2006/11/15 21:01:52 | 000,244,512 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
PRC - [2006/11/15 20:58:40 | 000,746,520 | ---- | M] () -- C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
PRC - [2006/11/15 20:57:20 | 000,171,544 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
PRC - [2006/10/31 00:03:48 | 000,284,184 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/15 20:49:32 | 004,062,720 | ---- | M] () -- C:\Program Files\SoMud\somud.exe
MOD - [2011/10/07 21:40:40 | 000,028,672 | ---- | M] () -- C:\Program Files\SoMud\imageformats\qico4.dll
MOD - [2011/10/07 21:40:38 | 000,284,672 | ---- | M] () -- C:\Program Files\SoMud\imageformats\qtiff4.dll
MOD - [2011/10/07 21:40:30 | 000,220,672 | ---- | M] () -- C:\Program Files\SoMud\imageformats\qmng4.dll
MOD - [2011/10/07 21:40:24 | 000,026,624 | ---- | M] () -- C:\Program Files\SoMud\imageformats\qgif4.dll
MOD - [2011/10/07 21:40:20 | 000,196,608 | ---- | M] () -- C:\Program Files\SoMud\imageformats\qjpeg4.dll
MOD - [2011/10/07 21:40:14 | 000,077,824 | ---- | M] () -- C:\Program Files\SoMud\codecs\qkrcodecs4.dll
MOD - [2011/10/07 21:40:12 | 000,155,136 | ---- | M] () -- C:\Program Files\SoMud\codecs\qtwcodecs4.dll
MOD - [2011/10/07 21:40:10 | 000,167,936 | ---- | M] () -- C:\Program Files\SoMud\codecs\qjpcodecs4.dll
MOD - [2011/10/07 21:40:08 | 000,141,824 | ---- | M] () -- C:\Program Files\SoMud\codecs\qcncodecs4.dll
MOD - [2011/10/07 21:38:12 | 010,862,592 | ---- | M] () -- C:\Program Files\SoMud\QtWebKit4.dll
MOD - [2011/10/07 20:33:36 | 001,294,848 | ---- | M] () -- C:\Program Files\SoMud\QtScript4.dll
MOD - [2011/10/07 20:26:54 | 000,266,752 | ---- | M] () -- C:\Program Files\SoMud\phonon4.dll
MOD - [2011/10/07 20:20:28 | 008,222,720 | ---- | M] () -- C:\Program Files\SoMud\QtGui4.dll
MOD - [2011/10/07 20:11:46 | 000,975,360 | ---- | M] () -- C:\Program Files\SoMud\QtNetwork4.dll
MOD - [2011/10/07 20:10:38 | 002,292,224 | ---- | M] () -- C:\Program Files\SoMud\QtCore4.dll
MOD - [2011/07/28 18:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/03/02 11:40:51 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009/11/03 18:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2006/11/15 21:01:08 | 001,058,328 | ---- | M] () -- C:\Program Files\Logitech\QuickCam10\LAppRes.DLL
MOD - [2006/11/15 20:58:40 | 000,746,520 | ---- | M] () -- C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
MOD - [2006/11/02 04:46:05 | 000,061,440 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll
MOD - [2006/10/31 00:04:12 | 000,022,040 | ---- | M] () -- C:\Program Files\Common Files\Logitech\LComMgr\LCMServerPS.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)
SRV - [2011/09/26 12:34:08 | 000,175,968 | ---- | M] (Impulse Point, LLC) [Auto | Running] -- C:\Program Files\SafeConnect\scManager.sys -- (SCManager)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/02/05 00:31:56 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/12/16 15:44:36 | 003,750,400 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\Windows\System32\hasplms.exe -- (hasplms)
SRV - [2009/09/17 17:56:58 | 002,477,304 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2009/09/17 17:38:02 | 001,864,888 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2009/09/17 16:21:10 | 000,341,320 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2009/07/13 11:06:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2009/07/08 19:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2009/07/08 19:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2006/11/15 21:05:40 | 000,101,152 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2006/11/15 21:03:36 | 000,109,344 | ---- | M] (Logitech Inc.) [Auto | Running] -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)


========== Driver Services (SafeList) ==========

DRV - [2011/12/20 16:00:52 | 000,428,088 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2011/11/08 04:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/11/08 04:00:00 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/08/03 03:00:00 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20111228.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/08/03 03:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20111228.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/07/06 18:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/06/22 19:05:28 | 000,167,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wpshelper.sys -- (WpsHelper)
DRV - [2011/03/21 19:33:42 | 000,015,408 | ---- | M] (Windows ® Codename Longhorn DDK provider) [File_System | Auto | Running] -- C:\Windows\System32\drivers\SymAFR.sys -- (SymAFR)
DRV - [2010/06/24 11:01:36 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/12/09 20:27:18 | 000,588,800 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (hardlock)
DRV - [2009/11/04 19:53:40 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/09/17 17:38:10 | 000,092,488 | ---- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SYSTEM32\Drivers\SysPlant.sys -- (SysPlant)
DRV - [2009/09/17 17:31:50 | 000,042,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2009/09/03 15:03:48 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/09/03 15:03:48 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2009/08/26 10:54:38 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2009/08/25 19:05:44 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2009/08/25 19:05:42 | 000,320,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2009/08/25 19:05:42 | 000,281,648 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2009/08/20 06:01:50 | 000,356,864 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2009/07/14 11:51:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2009/06/10 08:52:58 | 000,347,648 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2009/05/27 13:31:18 | 000,050,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Teefer2.sys -- (Teefer2)
DRV - [2006/11/15 21:03:12 | 000,024,736 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2006/11/15 21:02:50 | 001,962,912 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2006/11/15 21:00:56 | 001,678,368 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2006/11/10 22:48:11 | 001,083,680 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam Ultra Vision(UVC)
DRV - [2006/11/10 22:48:00 | 000,040,352 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2006/11/10 22:46:29 | 001,512,224 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2006/11/02 02:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....ponse/index.jsp

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....ponse/index.jsp

IE - HKU\S-1-5-21-1663229470-2338449591-2720500769-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1663229470-2338449591-2720500769-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1663229470-2338449591-2720500769-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1663229470-2338449591-2720500769-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..extensions.enabledItems: {99210d54-6321-41e8-bd1b-2b4c55874efb}:1.16
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}:6.0.27

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Devonasa\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Devonasa\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Devonasa\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Devonasa\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/09/14 00:10:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/23 22:08:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/29 15:33:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{6B05BDE5-EBAC-4D82-ABE7-1A6F070E09C0}: C:\Users\Devonasa\AppData\Local\{6B05BDE5-EBAC-4D82-ABE7-1A6F070E09C0}
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\SoMud\scripts\mozilla [2011/12/08 14:53:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\SoMud\scripts\mozilla [2011/12/08 14:53:45 | 000,000,000 | ---D | M]

[2010/03/24 10:50:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Devonasa\AppData\Roaming\Mozilla\Extensions
[2011/12/27 11:41:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Devonasa\AppData\Roaming\Mozilla\Firefox\Profiles\m0xqq5lg.default\extensions
[2011/08/17 00:23:36 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\Devonasa\AppData\Roaming\Mozilla\Firefox\Profiles\m0xqq5lg.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2010/07/08 20:13:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Devonasa\AppData\Roaming\Mozilla\Firefox\Profiles\m0xqq5lg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/29 19:10:23 | 000,000,000 | ---D | M] (Somoto Toolbar) -- C:\Users\Devonasa\AppData\Roaming\Mozilla\Firefox\Profiles\m0xqq5lg.default\extensions\{652853ad-5592-4231-88c6-706613a52e61}
[2011/12/27 11:41:27 | 000,000,000 | ---D | M] ("Tumblr Post") -- C:\Users\Devonasa\AppData\Roaming\Mozilla\Firefox\Profiles\m0xqq5lg.default\extensions\{99210d54-6321-41e8-bd1b-2b4c55874efb}
[2011/12/29 13:32:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/11/06 23:35:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\App\Photoshop\Plug-ins\Extensions
() (No name found) -- C:\USERS\DEVONASA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\M0XQQ5LG.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/11/23 22:08:18 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/07/19 04:05:25 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/02 18:25:59 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/23 22:08:19 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/12/29 16:27:51 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.)
O2 - BHO: (AP Suggestor) - {D0984FD4-FA9A-46ee-9072-70B0735FF852} - C:\Program Files\AP Suggestor\APSuggestor.dll (Think Tank Labs, LLC)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam10\QuickCam10.exe ()
O4 - HKLM..\Run: [LVCOMSX] C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe (Logitech Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-1663229470-2338449591-2720500769-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1663229470-2338449591-2720500769-1000..\Run: [SoMud] C:\Program Files\SoMud\somud.exe ()
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10d.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10d.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1663229470-2338449591-2720500769-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1663229470-2338449591-2720500769-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download Web &Images with SoMud - C:\Program Files\SoMud\scripts\ie\images-url.html ()
O8 - Extra context menu item: Download with SoMud - C:\Program Files\SoMud\scripts\ie\link-url.html ()
O9 - Extra Button: AP Suggestor - {02E2473F-766B-4ce2-8FD0-C4E8071EF1C4} - C:\Program Files\AP Suggestor\APSuggestor.dll (Think Tank Labs, LLC)
O9 - Extra 'Tools' menuitem : AP Suggestor options - {02E2473F-766B-4ce2-8FD0-C4E8071EF1C4} - C:\Program Files\AP Suggestor\APSuggestor.dll (Think Tank Labs, LLC)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FB3AA8F6-0159-4F70-994A-780FCEE470F9}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop BackupWallPaper: C:\Users\Devonasa\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: ccEvtMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootMin: ccSetMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MCODS - Reg Error: Value error.
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: Symantec Antivirus - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - File not found
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: ccEvtMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootNet: ccSetMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: MCODS - Reg Error: Value error.
SafeBootNet: Messenger - Service
SafeBootNet: MpfService - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: SmcService - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: Symantec Antivirus - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - File not found
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {28107548-5492-7F82-D83D-D2694936828C} - Java (Sun)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {972EE15D-062C-EDA3-CBEE-EF4FC4D51640} - Browser Customizations
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm ()
Drivers32: msacm.avis - C:\Windows\System32\ff_acm.acm ()
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: vidc.i420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/12/29 19:01:03 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Devonasa\Desktop\tdsskiller.exe
[2011/12/29 17:04:19 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/29 17:02:33 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Devonasa\Desktop\OTL.exe
[2011/12/29 16:38:22 | 000,000,000 | ---D | C] -- C:\Users\Devonasa\AppData\Local\temp
[2011/12/29 16:27:59 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/12/29 15:56:54 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/12/29 15:56:53 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/12/29 15:56:53 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/12/29 15:56:32 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/12/29 15:56:30 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/12/29 15:55:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/29 15:51:18 | 004,356,248 | R--- | C] (Swearware) -- C:\Users\Devonasa\Desktop\ComboFix.exe
[2011/12/29 13:21:07 | 004,702,720 | ---- | C] (AVAST Software) -- C:\Users\Devonasa\Desktop\aswMBR(1).exe
[2011/12/25 15:51:03 | 000,000,000 | ---D | C] -- C:\Sim0
[2011/12/25 15:51:03 | 000,000,000 | ---D | C] -- C:\Users\Devonasa\Documents\RLMsoft
[2011/12/25 15:50:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RLMsoft
[2011/12/25 15:50:27 | 000,000,000 | ---D | C] -- C:\Users\Devonasa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RLMsoft
[2011/12/25 15:50:14 | 000,000,000 | ---D | C] -- C:\RLMsoft
[2011/12/25 15:50:09 | 000,000,000 | ---D | C] -- C:\Program Files\RLMsoft
[2011/12/21 00:25:07 | 000,000,000 | ---D | C] -- C:\Users\Devonasa\AppData\Roaming\GamesCafe
[2011/12/21 00:06:32 | 000,000,000 | ---D | C] -- C:\Users\Devonasa\Documents\My Games
[2011/12/20 16:49:15 | 000,000,000 | ---D | C] -- C:\Users\Devonasa\AppData\Roaming\Atari
[2011/12/20 16:32:04 | 000,000,000 | ---D | C] -- C:\Users\Devonasa\AppData\Roaming\Leadertech
[2011/12/20 16:00:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2011/12/20 15:58:47 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2011/12/20 15:58:17 | 000,000,000 | ---D | C] -- C:\Users\Devonasa\AppData\Roaming\DAEMON Tools Lite
[2011/12/20 15:58:09 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2011/12/18 01:54:15 | 000,000,000 | ---D | C] -- C:\Users\Devonasa\AppData\Roaming\GOL_byHasbro
[2011/12/15 18:43:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DJS Sims
[2011/12/14 20:12:43 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/12/14 20:12:40 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011/12/14 20:12:34 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/12/14 20:12:33 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/12/14 20:12:28 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/12/14 20:10:47 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/12/14 20:00:05 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/12/14 19:59:52 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/12/14 19:59:41 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/12/14 19:59:38 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/12/14 19:59:38 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/12/14 19:59:37 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/12/14 19:59:37 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/12/14 19:59:36 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/12/14 19:59:35 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/12/14 19:59:34 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/12/14 19:59:31 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/12/14 19:59:31 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/12/14 19:59:31 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/12/14 19:59:30 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/12/14 19:59:29 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/12/14 19:59:29 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/12/14 19:59:28 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/12/14 19:59:28 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/12/08 15:05:14 | 000,000,000 | ---D | C] -- C:\Users\Devonasa\Documents\SoMud
[2011/12/08 14:59:35 | 000,000,000 | ---D | C] -- C:\Users\Devonasa\AppData\Roaming\SoMud
[2011/12/08 14:57:35 | 000,000,000 | ---D | C] -- C:\Program Files\SoMud FileBulldog Toolbar
[2011/12/08 14:54:07 | 000,000,000 | ---D | C] -- C:\Program Files\AP Suggestor
[2011/12/08 14:53:58 | 000,000,000 | ---D | C] -- C:\ProgramData\APSuggestor
[2011/12/08 14:53:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoMud
[2011/12/08 14:53:39 | 000,000,000 | ---D | C] -- C:\Program Files\SoMud
[2011/12/08 14:33:04 | 000,000,000 | ---D | C] -- C:\Users\Devonasa\Desktop\My Shared Folder

========== Files - Modified Within 30 Days ==========

[2011/12/29 20:00:07 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1663229470-2338449591-2720500769-1000UA.job
[2011/12/29 19:54:17 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/29 19:31:15 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/29 19:27:39 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/29 19:27:39 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/29 19:27:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/29 19:01:21 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Devonasa\Desktop\tdsskiller.exe
[2011/12/29 17:56:52 | 000,151,040 | ---- | M] () -- C:\Users\Devonasa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/29 17:33:59 | 000,000,590 | ---- | M] () -- C:\Users\Devonasa\Desktop\MBR.zip
[2011/12/29 17:12:54 | 000,016,896 | ---- | M] () -- C:\Windows\System\svchost.exe
[2011/12/29 17:02:34 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Devonasa\Desktop\OTL.exe
[2011/12/29 16:27:51 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/12/29 15:52:31 | 000,000,512 | ---- | M] () -- C:\Users\Devonasa\Desktop\MBR.dat
[2011/12/29 15:51:47 | 004,356,248 | R--- | M] (Swearware) -- C:\Users\Devonasa\Desktop\ComboFix.exe
[2011/12/29 13:40:02 | 175,803,661 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/12/29 13:21:16 | 004,702,720 | ---- | M] (AVAST Software) -- C:\Users\Devonasa\Desktop\aswMBR(1).exe
[2011/12/29 12:20:40 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1663229470-2338449591-2720500769-1000Core.job
[2011/12/29 12:14:12 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8ED58AD3-8ABB-401C-95E3-4D53772E5585}.job
[2011/12/25 15:51:02 | 000,000,858 | ---- | M] () -- C:\HH0_HouseData.bin
[2011/12/25 15:50:30 | 000,001,927 | ---- | M] () -- C:\Users\Devonasa\Desktop\W7 - Sim Tracker.lnk
[2011/12/23 20:40:11 | 000,004,096 | ---- | M] () -- C:\Windows\d3dx.dat
[2011/12/21 10:19:49 | 000,000,196 | ---- | M] () -- C:\Windows\System32\itlsvc.dat
[2011/12/21 10:19:48 | 000,103,733 | ---- | M] () -- C:\Windows\System32\itusbcore.dat
[2011/12/21 00:17:09 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/12/21 00:17:09 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/12/21 00:06:03 | 000,000,933 | ---- | M] () -- C:\Users\Devonasa\Desktop\HG2 - Shortcut.lnk
[2011/12/20 16:48:59 | 000,001,074 | ---- | M] () -- C:\Users\Devonasa\Desktop\RCT3plus - Shortcut.lnk
[2011/12/20 16:19:21 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/20 16:19:21 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/20 16:02:31 | 000,001,742 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2011/12/15 03:35:25 | 003,730,792 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/13 01:27:21 | 000,000,000 | ---- | M] () -- C:\t1bg.5
[2011/12/08 14:53:50 | 000,000,791 | ---- | M] () -- C:\Users\Devonasa\Application Data\Microsoft\Internet Explorer\Quick Launch\SoMud.lnk
[2011/12/08 14:53:50 | 000,000,767 | ---- | M] () -- C:\Users\Public\Desktop\SoMud.lnk

========== Files Created - No Company Name ==========

[2011/12/29 17:33:59 | 000,000,590 | ---- | C] () -- C:\Users\Devonasa\Desktop\MBR.zip
[2011/12/29 15:56:55 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/29 15:56:54 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/29 15:56:53 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/29 15:56:53 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/29 15:56:53 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/29 15:52:31 | 000,000,512 | ---- | C] () -- C:\Users\Devonasa\Desktop\MBR.dat
[2011/12/29 13:40:02 | 175,803,661 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/12/26 01:05:14 | 000,016,896 | ---- | C] () -- C:\Windows\System\svchost.exe
[2011/12/25 15:51:01 | 000,000,858 | ---- | C] () -- C:\HH0_HouseData.bin
[2011/12/25 15:50:30 | 000,001,927 | ---- | C] () -- C:\Users\Devonasa\Desktop\W7 - Sim Tracker.lnk
[2011/12/23 20:40:11 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2011/12/21 00:17:09 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011/12/21 00:17:09 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011/12/21 00:06:03 | 000,000,933 | ---- | C] () -- C:\Users\Devonasa\Desktop\HG2 - Shortcut.lnk
[2011/12/20 16:48:59 | 000,001,074 | ---- | C] () -- C:\Users\Devonasa\Desktop\RCT3plus - Shortcut.lnk
[2011/12/20 16:02:31 | 000,001,742 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2011/12/15 18:41:25 | 003,844,711 | ---- | C] () -- C:\Users\Devonasa\Documents\WardrobeWranglerManual.pdf
[2011/12/15 18:41:25 | 001,464,604 | ---- | C] () -- C:\Users\Devonasa\Documents\InstallWardrobeWranger1.1.exe
[2011/12/13 01:27:21 | 000,000,000 | ---- | C] () -- C:\t1bg.5
[2011/12/08 14:53:50 | 000,000,791 | ---- | C] () -- C:\Users\Devonasa\Application Data\Microsoft\Internet Explorer\Quick Launch\SoMud.lnk
[2011/12/08 14:53:49 | 000,000,767 | ---- | C] () -- C:\Users\Public\Desktop\SoMud.lnk
[2011/11/03 20:54:21 | 000,000,196 | ---- | C] () -- C:\Windows\System32\itlsvc.dat
[2011/11/03 20:54:20 | 000,103,733 | ---- | C] () -- C:\Windows\System32\itusbcore.dat
[2011/09/15 02:39:32 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011/09/14 00:34:52 | 000,074,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/08/13 18:51:08 | 000,000,000 | ---- | C] () -- C:\Users\Devonasa\AppData\Local\{09D65B15-4284-4663-AB55-38DC4CF5780E}
[2011/08/10 17:10:51 | 000,000,274 | ---- | C] () -- C:\Windows\ulead32.ini
[2011/08/03 18:53:38 | 000,000,000 | ---- | C] () -- C:\Users\Devonasa\AppData\Local\{1CF3071A-A136-4BBC-A174-D3B2CFC1128A}
[2010/09/05 16:41:21 | 000,001,356 | ---- | C] () -- C:\Users\Devonasa\AppData\Local\d3d9caps.dat
[2010/09/05 16:36:58 | 000,042,594 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2010/02/07 23:10:21 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/02/07 23:10:20 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/02/06 06:04:48 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/01/30 20:01:11 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/01/30 16:56:39 | 000,151,040 | ---- | C] () -- C:\Users\Devonasa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/11/15 21:03:12 | 000,024,736 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2006/11/15 21:00:56 | 001,678,368 | ---- | C] () -- C:\Windows\System32\drivers\Lvckap.sys
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 003,730,792 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,604,502 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,104,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/12/21 00:17:36 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\Atari
[2011/03/30 22:45:19 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\Audacity
[2011/08/17 12:44:30 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/08/17 01:45:18 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011/12/21 00:00:51 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\DAEMON Tools Lite
[2010/02/05 06:01:23 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\DAEMON Tools Pro
[2010/02/26 19:24:52 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\Elluminate
[2011/12/21 00:25:07 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\GamesCafe
[2010/01/30 17:28:23 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\GetRightToGo
[2011/12/18 01:54:15 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\GOL_byHasbro
[2011/12/20 16:32:04 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\Leadertech
[2011/08/09 00:23:38 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\QuickScan
[2010/12/01 21:49:18 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\Research In Motion
[2011/12/08 15:07:48 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\SoMud
[2011/10/06 22:35:16 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\Spotify
[2010/01/30 18:34:45 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\Thinstall
[2010/03/29 20:16:44 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\Tific
[2010/05/24 16:42:41 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\Yandex
[2011/12/29 19:08:50 | 000,032,618 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/12/29 12:14:12 | 000,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{8ED58AD3-8ABB-401C-95E3-4D53772E5585}.job

========== Purity Check ==========



========== Custom Scans ==========


< >

< %SYSTEMDRIVE%\*.exe >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2011/12/29 16:14:55 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\Adobe
[2010/12/24 10:55:27 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\Apple Computer
[2011/12/21 00:17:36 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\Atari
[2011/03/30 22:45:19 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\Audacity
[2010/04/27 16:11:44 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\CameraWindowDC
[2010/03/24 12:23:52 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\CANON INC
[2011/08/17 12:44:30 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/08/17 01:45:18 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011/12/21 00:00:51 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\DAEMON Tools Lite
[2010/02/05 06:01:23 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\DAEMON Tools Pro
[2010/05/13 23:03:06 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\DivX
[2010/02/26 19:24:52 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\Elluminate
[2010/09/29 20:25:10 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\FLEXnet
[2011/12/21 00:25:07 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\GamesCafe
[2010/01/30 17:28:23 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\GetRightToGo
[2011/12/18 01:54:15 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\GOL_byHasbro
[2010/03/08 22:36:13 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\Google
[2010/01/30 16:53:07 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\Identities
[2011/12/20 16:32:04 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\Leadertech
[2010/01/30 19:02:15 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\Macromedia
[2011/09/05 14:19:40 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\Malwarebytes
[2006/11/02 07:37:34 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\Media Center Programs
[2011/08/24 22:36:32 | 000,000,000 | --SD | M] -- C:\Users\Devonasa\AppData\Roaming\Microsoft
[2011/11/23 18:02:28 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\Mozilla
[2011/08/09 00:23:38 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\QuickScan
[2010/12/01 21:49:18 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\Research In Motion
[2010/05/11 16:46:05 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\Roxio
[2011/12/08 15:07:48 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\SoMud
[2011/10/06 22:35:16 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\Spotify
[2010/02/12 00:32:25 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\Sun
[2010/01/30 18:34:45 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\Thinstall
[2010/03/29 20:16:44 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\Tific
[2011/10/17 22:31:47 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\vlc
[2010/01/30 17:10:54 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\WinRAR
[2010/05/24 16:42:41 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\Yandex
[2010/04/27 19:03:48 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\ZoomBrowser EX


< MD5 for: EXPLORER.EXE >
[2008/10/29 01:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\BACKUP\10-01-29 0251PM\Windows\explorer.exe
[2008/10/29 01:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\BACKUP\10-01-29 0251PM\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2010/02/01 06:13:19 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\BACKUP\10-01-29 0251PM\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2010/02/01 06:13:18 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 22:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\BACKUP\10-01-29 0251PM\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2010/02/01 06:13:18 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008/11/25 01:30:49 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\BACKUP\10-01-29 0251PM\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2010/02/01 06:34:11 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2008/11/25 01:30:48 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\BACKUP\10-01-29 0251PM\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2010/02/01 06:34:11 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 21:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\BACKUP\10-01-29 0251PM\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2010/02/01 06:13:19 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 04:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\BACKUP\10-01-29 0251PM\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2006/11/02 04:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 02:33:12 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SVCHOST.EXE >
[2006/11/02 04:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\BACKUP\10-01-29 0251PM\Windows\System32\svchost.exe
[2006/11/02 04:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\BACKUP\10-01-29 0251PM\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2006/11/02 04:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008/01/19 02:33:34 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\ERDNT\cache\svchost.exe
[2008/01/19 02:33:34 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/19 02:33:34 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2011/12/29 17:12:54 | 000,016,896 | ---- | M] () MD5=6D2857B6A9119EC651E1E4F641F0BF87 -- C:\Windows\system\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/19 02:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008/01/19 02:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/19 02:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 04:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\BACKUP\10-01-29 0251PM\Windows\System32\userinit.exe
[2006/11/02 04:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\BACKUP\10-01-29 0251PM\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
[2006/11/02 04:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 04:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\BACKUP\10-01-29 0251PM\Windows\System32\winlogon.exe
[2006/11/02 04:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\BACKUP\10-01-29 0251PM\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2006/11/02 04:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 02:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/11/23 22:08:11 | 000,713,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/11/23 22:08:11 | 000,713,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/11/23 22:08:11 | 000,713,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/11/23 22:08:18 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/11/23 22:08:18 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/11/23 22:08:18 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/11/02 23:45:23 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/11/02 23:45:23 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/11/02 23:45:23 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/11/03 01:23:19 | 000,638,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/11/03 01:23:19 | 000,638,240 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/11/23 22:08:11 | 000,713,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/11/23 22:08:11 | 000,713,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/11/23 22:08:11 | 000,713,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/11/23 22:08:18 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/11/23 22:08:18 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/11/23 22:08:18 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/11/02 23:45:23 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/11/02 23:45:23 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/11/02 23:45:23 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/11/03 01:23:19 | 000,638,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/11/03 01:23:19 | 000,638,240 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2011/12/20 16:00:52 | 000,428,088 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\sptd.sys

< End of report >

Combofix


ComboFix 11-12-29.04 - Devonasa 12/30/2011 1:07.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1013.269 [GMT -5:00]
Running from: c:\users\Devonasa\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-30 )))))))))))))))))))))))))))))))
.
.
2011-12-30 06:23 . 2011-12-30 06:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-29 22:04 . 2011-12-29 22:04 -------- d-----w- C:\_OTL
2011-12-29 21:38 . 2011-12-30 06:23 -------- d-----w- c:\users\Devonasa\AppData\Local\temp
2011-12-26 06:05 . 2011-12-29 22:12 16896 ----a-w- c:\windows\system\svchost.exe
2011-12-25 20:51 . 2011-12-25 20:51 -------- d-----w- C:\Sim0
2011-12-25 20:51 . 2011-12-25 20:51 858 ----a-w- C:\HH0_HouseData.bin
2011-12-25 20:50 . 2011-12-25 20:50 -------- d-----w- C:\RLMsoft
2011-12-25 20:50 . 2011-12-25 20:50 -------- d-----w- c:\program files\RLMsoft
2011-12-21 05:25 . 2011-12-21 05:25 -------- d-----w- c:\users\Devonasa\AppData\Roaming\GamesCafe
2011-12-20 21:49 . 2011-12-21 05:17 -------- d-----w- c:\users\Devonasa\AppData\Roaming\Atari
2011-12-20 21:32 . 2011-12-20 21:32 -------- d-----w- c:\users\Devonasa\AppData\Roaming\Leadertech
2011-12-20 20:58 . 2011-12-20 20:58 -------- d-----w- c:\program files\DAEMON Tools Lite
2011-12-20 20:58 . 2011-12-21 05:00 -------- d-----w- c:\users\Devonasa\AppData\Roaming\DAEMON Tools Lite
2011-12-18 06:54 . 2011-12-18 06:54 -------- d-----w- c:\users\Devonasa\AppData\Roaming\GOL_byHasbro
2011-12-15 01:12 . 2011-11-08 12:10 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-12-15 01:12 . 2011-11-23 13:37 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-12-15 01:12 . 2011-10-25 15:56 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-15 01:12 . 2011-10-27 08:01 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-15 01:12 . 2011-10-27 08:01 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-15 01:12 . 2011-10-14 16:02 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-12-15 01:10 . 2011-11-08 14:42 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-15 01:00 . 2011-11-03 06:22 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-15 01:00 . 2011-11-03 06:17 743424 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2011-12-08 19:59 . 2011-12-08 20:07 -------- d-----w- c:\users\Devonasa\AppData\Roaming\SoMud
2011-12-08 19:57 . 2011-12-08 19:59 -------- d-----w- c:\program files\SoMud FileBulldog Toolbar
2011-12-08 19:54 . 2011-12-08 19:54 -------- d-----w- c:\program files\AP Suggestor
2011-12-08 19:53 . 2011-12-08 19:58 -------- d-----w- c:\program files\SoMud
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-20 21:00 . 2010-01-31 02:11 428088 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-11-24 03:04 . 2011-10-25 04:02 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-24 03:08 . 2011-09-08 18:10 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D0984FD4-FA9A-46ee-9072-70B0735FF852}]
2011-11-10 21:42 167216 ----a-w- c:\program files\AP Suggestor\APSuggestor.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-21 39408]
"SoMud"="c:\program files\SoMud\somud.exe" [2011-11-16 4062720]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-07-09 115560]
"LogitechCommunicationsManager"="c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-10-31 284184]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2006-11-16 746520]
"LVCOMSX"="c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-11-16 244512]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-11-02 8704]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10d.exe" [2009-11-03 257440]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SafeConnect.lnk - c:\program files\SafeConnect\scClient.exe [2009-3-31 296088]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2010-10-29 612168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-21 135664]
R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [2009-07-14 23888]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-21 135664]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-07-06 41272]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S2 hasplms;Sentinel HASP License Manager;c:\windows\system32\hasplms.exe -run [x]
S2 SCManager;SafeConnect Manager;c:\program files\SafeConnect\scManager.sys servicestart [x]
S2 SymAFR;SymAFR;c:\windows\system32\DRIVERS\SymAFR.sys [2011-03-22 15408]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-08 106104]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2009-06-10 347648]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
vmwareusb REG_MULTI_SZ vmusb
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-21 00:03]
.
2011-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-21 00:03]
.
2011-12-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1663229470-2338449591-2720500769-1000Core.job
- c:\users\Devonasa\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-05 02:19]
.
2011-12-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1663229470-2338449591-2720500769-1000UA.job
- c:\users\Devonasa\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-05 02:19]
.
2011-12-30 c:\windows\Tasks\User_Feed_Synchronization-{8ED58AD3-8ABB-401C-95E3-4D53772E5585}.job
- c:\windows\system32\msfeedssync.exe [2011-12-15 04:44]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyOverride = <local>
IE: Download Web &Images with SoMud - c:\program files\SoMud\scripts\ie\images-url.html
IE: Download with SoMud - c:\program files\SoMud\scripts\ie\link-url.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{02E2473F-766B-4ce2-8FD0-C4E8071EF1C4} - {D0984FD4-FA9A-46ee-9072-70B0735FF852} - c:\program files\AP Suggestor\APSuggestor.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Devonasa\AppData\Roaming\Mozilla\Firefox\Profiles\m0xqq5lg.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-30 01:23
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
÷Ÿ&¤÷§ËxÂ[0¤÷§ [-878255559] 0xC8C8C800
÷Ÿ&¤÷§ËxÂ[0¤÷§ [-878255559] 0x0005B000
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2011-12-30 01:29:46
ComboFix-quarantined-files.txt 2011-12-30 06:29
ComboFix2.txt 2011-12-29 21:38
.
Pre-Run: 29,402,963,968 bytes free
Post-Run: 29,285,527,552 bytes free
.
- - End Of File - - 223B870AF77D1BD8DCD138F104822769
  • 0

#6
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hello
Did you run TDSSKiller? (step #1). If yes, please post the log located in C:\, otherwise run it as instructed and post the log it will produce :thumbsup:
  • 0

#7
Devonasa

Devonasa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Oops sorry, I did run it but forgot to post it here it is:

19:02:12.0599 1116 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
19:02:13.0274 1116 ============================================================
19:02:13.0274 1116 Current date / time: 2011/12/29 19:02:13.0274
19:02:13.0274 1116 SystemInfo:
19:02:13.0274 1116
19:02:13.0274 1116 OS Version: 6.0.6002 ServicePack: 2.0
19:02:13.0274 1116 Product type: Workstation
19:02:13.0274 1116 ComputerName: DEVONASA-PC
19:02:13.0275 1116 UserName: Devonasa
19:02:13.0275 1116 Windows directory: C:\Windows
19:02:13.0275 1116 System windows directory: C:\Windows
19:02:13.0275 1116 Processor architecture: Intel x86
19:02:13.0275 1116 Number of processors: 2
19:02:13.0275 1116 Page size: 0x1000
19:02:13.0275 1116 Boot type: Normal boot
19:02:13.0275 1116 ============================================================
19:02:15.0914 1116 Initialize success
19:03:36.0589 3496 ============================================================
19:03:36.0589 3496 Scan started
19:03:36.0589 3496 Mode: Manual; SigCheck; TDLFS;
19:03:36.0589 3496 ============================================================
19:03:38.0783 3496 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
19:03:39.0074 3496 ACPI - ok
19:03:39.0165 3496 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
19:03:39.0288 3496 adp94xx - ok
19:03:39.0353 3496 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
19:03:39.0475 3496 adpahci - ok
19:03:39.0518 3496 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
19:03:39.0607 3496 adpu160m - ok
19:03:39.0658 3496 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
19:03:39.0753 3496 adpu320 - ok
19:03:39.0818 3496 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
19:03:40.0293 3496 AFD - ok
19:03:40.0405 3496 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
19:03:40.0492 3496 agp440 - ok
19:03:40.0541 3496 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
19:03:40.0615 3496 aic78xx - ok
19:03:40.0673 3496 aksfridge (45f65f2f7ae28e5e56ab64e3ac61bd52) C:\Windows\system32\drivers\aksfridge.sys
19:03:40.0908 3496 aksfridge - ok
19:03:40.0978 3496 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
19:03:41.0064 3496 aliide - ok
19:03:41.0102 3496 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
19:03:41.0185 3496 amdagp - ok
19:03:41.0220 3496 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
19:03:41.0296 3496 amdide - ok
19:03:41.0335 3496 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
19:03:41.0706 3496 AmdK7 - ok
19:03:41.0766 3496 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
19:03:41.0868 3496 AmdK8 - ok
19:03:41.0970 3496 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
19:03:42.0037 3496 arc - ok
19:03:42.0079 3496 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
19:03:42.0156 3496 arcsas - ok
19:03:42.0205 3496 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
19:03:42.0497 3496 AsyncMac - ok
19:03:42.0608 3496 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
19:03:42.0671 3496 atapi - ok
19:03:42.0746 3496 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
19:03:42.0874 3496 Beep - ok
19:03:42.0957 3496 blbdrive - ok
19:03:43.0012 3496 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
19:03:43.0134 3496 bowser - ok
19:03:43.0184 3496 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
19:03:43.0384 3496 BrFiltLo - ok
19:03:43.0429 3496 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
19:03:43.0524 3496 BrFiltUp - ok
19:03:43.0570 3496 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
19:03:43.0692 3496 Brserid - ok
19:03:43.0731 3496 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
19:03:44.0086 3496 BrSerWdm - ok
19:03:44.0260 3496 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
19:03:44.0394 3496 BrUsbMdm - ok
19:03:44.0451 3496 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
19:03:44.0542 3496 BrUsbSer - ok
19:03:44.0579 3496 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
19:03:44.0709 3496 BTHMODEM - ok
19:03:44.0861 3496 catchme - ok
19:03:45.0013 3496 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
19:03:45.0123 3496 cdfs - ok
19:03:45.0190 3496 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
19:03:45.0569 3496 cdrom - ok
19:03:45.0689 3496 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
19:03:45.0802 3496 circlass - ok
19:03:45.0878 3496 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
19:03:45.0954 3496 CLFS - ok
19:03:46.0057 3496 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
19:03:46.0134 3496 CmBatt - ok
19:03:46.0199 3496 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
19:03:46.0253 3496 cmdide - ok
19:03:46.0337 3496 COH_Mon (c586875ece5318c6309ed1ab79d0e55f) C:\Windows\system32\Drivers\COH_Mon.sys
19:03:46.0466 3496 COH_Mon - ok
19:03:46.0527 3496 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
19:03:46.0619 3496 Compbatt - ok
19:03:46.0661 3496 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
19:03:46.0762 3496 crcdisk - ok
19:03:46.0804 3496 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
19:03:46.0930 3496 Crusoe - ok
19:03:47.0015 3496 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
19:03:47.0133 3496 DfsC - ok
19:03:47.0226 3496 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
19:03:47.0321 3496 disk - ok
19:03:47.0402 3496 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
19:03:47.0465 3496 drmkaud - ok
19:03:47.0531 3496 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
19:03:47.0700 3496 DXGKrnl - ok
19:03:47.0767 3496 E100B (d00eeae1cacd77a1a8396bbc19140bba) C:\Windows\system32\DRIVERS\e100b325.sys
19:03:47.0855 3496 E100B - ok
19:03:47.0927 3496 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
19:03:48.0042 3496 E1G60 - ok
19:03:48.0103 3496 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
19:03:48.0210 3496 Ecache - ok
19:03:48.0333 3496 eeCtrl (75e8b69f28c813675b16db357f20720f) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
19:03:48.0486 3496 eeCtrl - ok
19:03:48.0614 3496 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
19:03:48.0686 3496 elxstor - ok
19:03:48.0797 3496 EraserUtilRebootDrv (720b18d76de9e603b626dfcd6f1fca7c) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
19:03:48.0883 3496 EraserUtilRebootDrv - ok
19:03:49.0049 3496 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
19:03:49.0149 3496 exfat - ok
19:03:49.0225 3496 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
19:03:49.0321 3496 fastfat - ok
19:03:49.0380 3496 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
19:03:49.0490 3496 fdc - ok
19:03:49.0549 3496 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
19:03:49.0622 3496 FileInfo - ok
19:03:49.0659 3496 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
19:03:49.0752 3496 Filetrace - ok
19:03:49.0811 3496 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
19:03:49.0954 3496 flpydisk - ok
19:03:50.0008 3496 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
19:03:50.0064 3496 FltMgr - ok
19:03:50.0169 3496 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
19:03:50.0243 3496 Fs_Rec - ok
19:03:50.0291 3496 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
19:03:50.0373 3496 gagp30kx - ok
19:03:50.0445 3496 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:03:50.0560 3496 GEARAspiWDM - ok
19:03:50.0657 3496 hardlock (995178a443b07fa9eeaea041d7b4b5ca) C:\Windows\system32\drivers\hardlock.sys
19:03:50.0851 3496 hardlock - ok
19:03:50.0917 3496 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
19:03:51.0161 3496 HdAudAddService - ok
19:03:51.0360 3496 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:03:51.0545 3496 HDAudBus - ok
19:03:51.0587 3496 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
19:03:51.0731 3496 HidBth - ok
19:03:51.0765 3496 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
19:03:51.0908 3496 HidIr - ok
19:03:51.0984 3496 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
19:03:52.0129 3496 HidUsb - ok
19:03:52.0174 3496 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
19:03:52.0230 3496 HpCISSs - ok
19:03:52.0285 3496 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
19:03:52.0550 3496 HTTP - ok
19:03:52.0604 3496 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
19:03:52.0866 3496 i2omp - ok
19:03:52.0988 3496 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
19:03:53.0262 3496 i8042prt - ok
19:03:53.0420 3496 ialm (496db78e6a0c4c44023d9a92b4a7ac31) C:\Windows\system32\DRIVERS\igdkmd32.sys
19:03:53.0645 3496 ialm - ok
19:03:53.0732 3496 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
19:03:53.0809 3496 iaStorV - ok
19:03:53.0861 3496 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
19:03:54.0054 3496 iirsp - ok
19:03:54.0126 3496 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
19:03:54.0197 3496 intelide - ok
19:03:54.0250 3496 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
19:03:54.0350 3496 intelppm - ok
19:03:54.0412 3496 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:03:54.0486 3496 IpFilterDriver - ok
19:03:54.0520 3496 IpInIp - ok
19:03:54.0592 3496 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
19:03:54.0699 3496 IPMIDRV - ok
19:03:54.0740 3496 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
19:03:54.0789 3496 IPNAT - ok
19:03:54.0843 3496 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
19:03:54.0936 3496 IRENUM - ok
19:03:54.0971 3496 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
19:03:55.0036 3496 isapnp - ok
19:03:55.0084 3496 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
19:03:55.0161 3496 iScsiPrt - ok
19:03:55.0198 3496 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
19:03:55.0247 3496 iteatapi - ok
19:03:55.0292 3496 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
19:03:55.0337 3496 iteraid - ok
19:03:55.0392 3496 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
19:03:55.0464 3496 kbdclass - ok
19:03:55.0517 3496 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
19:03:55.0626 3496 kbdhid - ok
19:03:55.0692 3496 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
19:03:55.0768 3496 KSecDD - ok
19:03:55.0848 3496 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
19:03:55.0958 3496 lltdio - ok
19:03:56.0064 3496 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
19:03:56.0479 3496 LSI_FC - ok
19:03:56.0520 3496 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
19:03:56.0596 3496 LSI_SAS - ok
19:03:56.0629 3496 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
19:03:56.0690 3496 LSI_SCSI - ok
19:03:56.0737 3496 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
19:03:56.0830 3496 luafv - ok
19:03:56.0929 3496 LVcKap (efe6cb9600a6bef09834be558d7cf04e) C:\Windows\system32\DRIVERS\LVcKap.sys
19:03:57.0148 3496 LVcKap - ok
19:03:57.0281 3496 LVMVDrv (8895475987655aae944544e30004b290) C:\Windows\system32\DRIVERS\LVMVDrv.sys
19:03:57.0493 3496 LVMVDrv - ok
19:03:57.0608 3496 lvpopflt (ff6e9c169f3372d0046dedbe63e461f2) C:\Windows\system32\DRIVERS\lvpopflt.sys
19:03:57.0778 3496 lvpopflt - ok
19:03:57.0837 3496 LVPr2Mon (985875cf257e5900c3f779a6929920e2) C:\Windows\system32\DRIVERS\LVPr2Mon.sys
19:03:57.0945 3496 LVPr2Mon - ok
19:03:58.0015 3496 LVUSBSta (ccff53b1fcdfa9ede919e3bdbd10d0fd) C:\Windows\system32\drivers\lvusbsta.sys
19:03:58.0070 3496 LVUSBSta - ok
19:03:58.0157 3496 LVUVC (9c1123052624356cd7c05d5c5767bf57) C:\Windows\system32\DRIVERS\lvuvc.sys
19:03:58.0271 3496 LVUVC - ok
19:03:58.0350 3496 MBAMSwissArmy (b18225739ed9caa83ba2df966e9f43e8) C:\Windows\system32\drivers\mbamswissarmy.sys
19:03:58.0438 3496 MBAMSwissArmy - ok
19:03:58.0505 3496 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
19:03:58.0546 3496 megasas - ok
19:03:58.0605 3496 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\Windows\system32\drivers\mferkdk.sys
19:03:58.0663 3496 mferkdk - ok
19:03:58.0717 3496 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
19:03:58.0968 3496 Modem - ok
19:03:59.0022 3496 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
19:03:59.0160 3496 monitor - ok
19:03:59.0222 3496 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
19:03:59.0305 3496 mouclass - ok
19:03:59.0354 3496 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
19:03:59.0448 3496 mouhid - ok
19:03:59.0497 3496 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
19:03:59.0568 3496 MountMgr - ok
19:03:59.0602 3496 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
19:03:59.0691 3496 mpio - ok
19:03:59.0739 3496 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
19:03:59.0830 3496 mpsdrv - ok
19:03:59.0885 3496 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
19:03:59.0911 3496 Mraid35x - ok
19:03:59.0952 3496 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
19:04:00.0093 3496 MRxDAV - ok
19:04:00.0184 3496 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:04:00.0301 3496 mrxsmb - ok
19:04:00.0360 3496 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:04:00.0443 3496 mrxsmb10 - ok
19:04:00.0487 3496 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:04:00.0536 3496 mrxsmb20 - ok
19:04:00.0607 3496 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
19:04:00.0696 3496 msahci - ok
19:04:00.0750 3496 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
19:04:00.0822 3496 msdsm - ok
19:04:00.0910 3496 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
19:04:00.0991 3496 Msfs - ok
19:04:01.0038 3496 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
19:04:01.0093 3496 msisadrv - ok
19:04:01.0138 3496 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
19:04:01.0219 3496 MSKSSRV - ok
19:04:01.0259 3496 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
19:04:01.0344 3496 MSPCLOCK - ok
19:04:01.0388 3496 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
19:04:01.0554 3496 MSPQM - ok
19:04:01.0606 3496 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
19:04:01.0677 3496 MsRPC - ok
19:04:01.0735 3496 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
19:04:01.0797 3496 mssmbios - ok
19:04:01.0851 3496 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
19:04:01.0907 3496 MSTEE - ok
19:04:01.0940 3496 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
19:04:01.0997 3496 Mup - ok
19:04:02.0074 3496 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
19:04:02.0152 3496 NativeWifiP - ok
19:04:02.0338 3496 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20111228.002\NAVENG.SYS
19:04:02.0436 3496 NAVENG - ok
19:04:02.0527 3496 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20111228.002\NAVEX15.SYS
19:04:02.0740 3496 NAVEX15 - ok
19:04:02.0867 3496 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
19:04:02.0962 3496 NDIS - ok
19:04:03.0023 3496 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
19:04:03.0132 3496 NdisTapi - ok
19:04:03.0178 3496 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
19:04:03.0249 3496 Ndisuio - ok
19:04:03.0302 3496 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
19:04:03.0557 3496 NdisWan - ok
19:04:03.0628 3496 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
19:04:03.0729 3496 NDProxy - ok
19:04:03.0770 3496 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
19:04:03.0848 3496 NetBIOS - ok
19:04:03.0900 3496 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
19:04:04.0107 3496 netbt - ok
19:04:04.0229 3496 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
19:04:04.0270 3496 nfrd960 - ok
19:04:04.0342 3496 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
19:04:04.0396 3496 Npfs - ok
19:04:04.0440 3496 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
19:04:04.0535 3496 nsiproxy - ok
19:04:04.0619 3496 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
19:04:04.0765 3496 Ntfs - ok
19:04:04.0837 3496 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
19:04:04.0962 3496 ntrigdigi - ok
19:04:05.0020 3496 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
19:04:05.0125 3496 Null - ok
19:04:05.0173 3496 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
19:04:05.0251 3496 nvraid - ok
19:04:05.0289 3496 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
19:04:05.0353 3496 nvstor - ok
19:04:05.0392 3496 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
19:04:05.0439 3496 nv_agp - ok
19:04:05.0455 3496 NwlnkFlt - ok
19:04:05.0475 3496 NwlnkFwd - ok
19:04:05.0552 3496 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
19:04:05.0628 3496 ohci1394 - ok
19:04:05.0692 3496 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
19:04:05.0793 3496 Parport - ok
19:04:05.0849 3496 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
19:04:05.0923 3496 partmgr - ok
19:04:05.0969 3496 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
19:04:06.0058 3496 Parvdm - ok
19:04:06.0116 3496 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
19:04:06.0212 3496 pci - ok
19:04:06.0253 3496 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
19:04:06.0314 3496 pciide - ok
19:04:06.0368 3496 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
19:04:06.0419 3496 pcmcia - ok
19:04:06.0486 3496 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
19:04:06.0660 3496 PEAUTH - ok
19:04:06.0770 3496 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
19:04:06.0869 3496 PptpMiniport - ok
19:04:06.0921 3496 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
19:04:07.0033 3496 Processor - ok
19:04:07.0133 3496 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
19:04:07.0258 3496 PSched - ok
19:04:07.0331 3496 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
19:04:07.0395 3496 PxHelp20 - ok
19:04:07.0470 3496 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
19:04:07.0634 3496 ql2300 - ok
19:04:07.0678 3496 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
19:04:07.0721 3496 ql40xx - ok
19:04:07.0792 3496 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
19:04:07.0960 3496 QWAVEdrv - ok
19:04:08.0020 3496 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
19:04:08.0102 3496 RasAcd - ok
19:04:08.0167 3496 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:04:08.0268 3496 Rasl2tp - ok
19:04:08.0326 3496 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
19:04:08.0401 3496 RasPppoe - ok
19:04:08.0456 3496 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
19:04:08.0560 3496 RasSstp - ok
19:04:08.0614 3496 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
19:04:08.0661 3496 rdbss - ok
19:04:08.0749 3496 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:04:08.0814 3496 RDPCDD - ok
19:04:08.0887 3496 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
19:04:09.0005 3496 rdpdr - ok
19:04:09.0028 3496 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
19:04:09.0126 3496 RDPENCDD - ok
19:04:09.0192 3496 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
19:04:09.0292 3496 RDPWD - ok
19:04:09.0349 3496 RimUsb - ok
19:04:09.0403 3496 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\Windows\system32\DRIVERS\RimSerial.sys
19:04:09.0483 3496 RimVSerPort - ok
19:04:09.0536 3496 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
19:04:09.0601 3496 ROOTMODEM - ok
19:04:09.0678 3496 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
19:04:09.0752 3496 rspndr - ok
19:04:09.0820 3496 RTL8187B (7fe5089eb5f624899de08c30db4377fc) C:\Windows\system32\DRIVERS\RTL8187B.sys
19:04:09.0959 3496 RTL8187B - ok
19:04:10.0021 3496 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
19:04:10.0087 3496 sbp2port - ok
19:04:10.0172 3496 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
19:04:10.0328 3496 secdrv - ok
19:04:10.0380 3496 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
19:04:10.0494 3496 Serenum - ok
19:04:10.0538 3496 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
19:04:10.0648 3496 Serial - ok
19:04:10.0696 3496 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
19:04:10.0769 3496 sermouse - ok
19:04:10.0862 3496 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
19:04:10.0991 3496 sffdisk - ok
19:04:11.0029 3496 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
19:04:11.0135 3496 sffp_mmc - ok
19:04:11.0174 3496 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
19:04:11.0272 3496 sffp_sd - ok
19:04:11.0310 3496 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
19:04:11.0415 3496 sfloppy - ok
19:04:11.0494 3496 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
19:04:11.0543 3496 sisagp - ok
19:04:11.0595 3496 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
19:04:11.0652 3496 SiSRaid2 - ok
19:04:11.0705 3496 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
19:04:11.0754 3496 SiSRaid4 - ok
19:04:11.0825 3496 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
19:04:12.0044 3496 Smb - ok
19:04:12.0158 3496 smserial (c8a58fc905c9184fa70e37f71060c64d) C:\Windows\system32\DRIVERS\smserial.sys
19:04:12.0304 3496 smserial - ok
19:04:12.0483 3496 SPBBCDrv (e621bb5839cf45fa477f48092edd2b40) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
19:04:12.0590 3496 SPBBCDrv - ok
19:04:12.0738 3496 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
19:04:12.0827 3496 spldr - ok
19:04:12.0912 3496 sptd (f42efefb765235f24b24e1d2b6f99f46) C:\Windows\System32\Drivers\sptd.sys
19:04:12.0912 3496 Suspicious file (NoAccess): C:\Windows\System32\Drivers\sptd.sys. md5: f42efefb765235f24b24e1d2b6f99f46
19:04:12.0936 3496 sptd ( LockedFile.Multi.Generic ) - warning
19:04:12.0936 3496 sptd - detected LockedFile.Multi.Generic (1)
19:04:13.0003 3496 SRTSP (2abf82c8452ab0b9ffc74a2d5da91989) C:\Windows\system32\Drivers\SRTSP.SYS
19:04:13.0059 3496 SRTSP - ok
19:04:13.0140 3496 SRTSPL (e2f9e5887bea5bd8784d337e06eda31b) C:\Windows\system32\Drivers\SRTSPL.SYS
19:04:13.0225 3496 SRTSPL - ok
19:04:13.0286 3496 SRTSPX (3b974c158fabd910186f98df8d3e23f3) C:\Windows\system32\Drivers\SRTSPX.SYS
19:04:13.0380 3496 SRTSPX - ok
19:04:13.0432 3496 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
19:04:13.0574 3496 srv - ok
19:04:13.0642 3496 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
19:04:13.0791 3496 srv2 - ok
19:04:13.0867 3496 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
19:04:13.0916 3496 srvnet - ok
19:04:14.0019 3496 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
19:04:14.0042 3496 swenum - ok
19:04:14.0136 3496 SymAFR (630d38afcefe1abc423d41171f300bd5) C:\Windows\system32\DRIVERS\SymAFR.sys
19:04:14.0201 3496 SymAFR - ok
19:04:14.0265 3496 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
19:04:14.0346 3496 Symc8xx - ok
19:04:14.0401 3496 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\Windows\system32\Drivers\SYMEVENT.SYS
19:04:14.0463 3496 SymEvent - ok
19:04:14.0517 3496 SYMREDRV (394b2368212114d538316812af60fddd) C:\Windows\System32\Drivers\SYMREDRV.SYS
19:04:14.0595 3496 SYMREDRV - ok
19:04:14.0647 3496 SYMTDI (d46676bb414c7531bdffe637a33f5033) C:\Windows\System32\Drivers\SYMTDI.SYS
19:04:14.0755 3496 SYMTDI - ok
19:04:14.0802 3496 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
19:04:14.0953 3496 Sym_hi - ok
19:04:14.0995 3496 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
19:04:15.0057 3496 Sym_u3 - ok
19:04:15.0159 3496 SysPlant (1295b1da3e2a2c24c7d176f6e97afbd1) C:\Windows\SYSTEM32\Drivers\SysPlant.sys
19:04:15.0234 3496 SysPlant - ok
19:04:15.0328 3496 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
19:04:15.0475 3496 Tcpip - ok
19:04:15.0545 3496 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
19:04:15.0611 3496 Tcpip6 - ok
19:04:15.0664 3496 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
19:04:15.0843 3496 tcpipreg - ok
19:04:15.0902 3496 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
19:04:15.0988 3496 TDPIPE - ok
19:04:16.0029 3496 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
19:04:16.0095 3496 TDTCP - ok
19:04:16.0148 3496 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
19:04:16.0268 3496 tdx - ok
19:04:16.0326 3496 Teefer2 (1de2e1357552a79f39bff003a11c533e) C:\Windows\system32\DRIVERS\teefer2.sys
19:04:16.0391 3496 Teefer2 - ok
19:04:16.0456 3496 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
19:04:16.0523 3496 TermDD - ok
19:04:16.0644 3496 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:04:16.0709 3496 tssecsrv - ok
19:04:16.0752 3496 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
19:04:16.0845 3496 tunmp - ok
19:04:16.0895 3496 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
19:04:16.0957 3496 tunnel - ok
19:04:17.0012 3496 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
19:04:17.0107 3496 uagp35 - ok
19:04:17.0182 3496 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
19:04:17.0230 3496 udfs - ok
19:04:17.0278 3496 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
19:04:17.0326 3496 uliagpkx - ok
19:04:17.0372 3496 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
19:04:17.0448 3496 uliahci - ok
19:04:17.0485 3496 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
19:04:17.0569 3496 UlSata - ok
19:04:17.0624 3496 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
19:04:17.0683 3496 ulsata2 - ok
19:04:17.0734 3496 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
19:04:17.0835 3496 umbus - ok
19:04:17.0922 3496 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys
19:04:18.0048 3496 USBAAPL - ok
19:04:18.0114 3496 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
19:04:18.0156 3496 usbaudio - ok
19:04:18.0212 3496 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
19:04:18.0285 3496 usbccgp - ok
19:04:18.0338 3496 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
19:04:18.0424 3496 usbcir - ok
19:04:18.0480 3496 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
19:04:18.0648 3496 usbehci - ok
19:04:18.0692 3496 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
19:04:18.0768 3496 usbhub - ok
19:04:18.0832 3496 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
19:04:18.0935 3496 usbohci - ok
19:04:18.0995 3496 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
19:04:19.0060 3496 usbprint - ok
19:04:19.0131 3496 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
19:04:19.0184 3496 usbscan - ok
19:04:19.0242 3496 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:04:19.0314 3496 USBSTOR - ok
19:04:19.0373 3496 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
19:04:19.0450 3496 usbuhci - ok
19:04:19.0508 3496 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
19:04:19.0644 3496 vga - ok
19:04:19.0695 3496 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
19:04:19.0793 3496 VgaSave - ok
19:04:19.0871 3496 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
19:04:19.0919 3496 viaagp - ok
19:04:19.0962 3496 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
19:04:20.0072 3496 ViaC7 - ok
19:04:20.0106 3496 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
19:04:20.0202 3496 viaide - ok
19:04:20.0270 3496 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
19:04:20.0327 3496 volmgr - ok
19:04:20.0395 3496 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
19:04:20.0564 3496 volmgrx - ok
19:04:20.0620 3496 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
19:04:20.0703 3496 volsnap - ok
19:04:20.0764 3496 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
19:04:20.0823 3496 vsmraid - ok
19:04:20.0916 3496 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
19:04:21.0008 3496 WacomPen - ok
19:04:21.0064 3496 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:04:21.0139 3496 Wanarp - ok
19:04:21.0163 3496 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:04:21.0203 3496 Wanarpv6 - ok
19:04:21.0256 3496 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
19:04:21.0340 3496 Wd - ok
19:04:21.0406 3496 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
19:04:21.0547 3496 Wdf01000 - ok
19:04:21.0697 3496 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
19:04:21.0789 3496 WmiAcpi - ok
19:04:21.0867 3496 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
19:04:21.0938 3496 WpdUsb - ok
19:04:22.0008 3496 WPS (c1620ebb375d3b02e31fd311c44fedeb) C:\Windows\system32\drivers\wpsdrvnt.sys
19:04:22.0066 3496 WPS - ok
19:04:22.0124 3496 WpsHelper (ff983a25ae6f7d3f87f26bf51f02a201) C:\Windows\system32\drivers\WpsHelper.sys
19:04:22.0186 3496 WpsHelper - ok
19:04:22.0235 3496 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
19:04:22.0324 3496 ws2ifsl - ok
19:04:22.0404 3496 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:04:22.0485 3496 WUDFRd - ok
19:04:22.0580 3496 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
19:04:22.0674 3496 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
19:04:22.0674 3496 \Device\Harddisk0\DR0 - detected TDSS File System (1)
19:04:22.0680 3496 Boot (0x1200) (1e8c16f13b236a5a74f155e9efef0c3b) \Device\Harddisk0\DR0\Partition0
19:04:22.0682 3496 \Device\Harddisk0\DR0\Partition0 - ok
19:04:22.0689 3496 Boot (0x1200) (5cff3a65599eda0e01cae7a2764a97ab) \Device\Harddisk0\DR0\Partition1
19:04:22.0691 3496 \Device\Harddisk0\DR0\Partition1 - ok
19:04:22.0694 3496 ============================================================
19:04:22.0694 3496 Scan finished
19:04:22.0694 3496 ============================================================
19:04:22.0955 4864 Detected object count: 2
19:04:22.0955 4864 Actual detected object count: 2
19:05:29.0319 4864 sptd ( LockedFile.Multi.Generic ) - skipped by user
19:05:29.0319 4864 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
19:05:29.0323 4864 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
19:05:29.0323 4864 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
19:05:54.0871 2004 Deinitialize success
  • 0

#8
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hello

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

File::
C:\Windows\System\svchost.exe
C:\Windows\System32\itlsvc.dat
C:\Windows\System32\itusbcore.dat

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
"vmwareusb"=-

Rootkit::
C:\Windows\System\svchost.exe


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Next:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{6B05BDE5-EBAC-4D82-ABE7-1A6F070E09C0}: C:\Users\Devonasa\AppData\Local\{6B05BDE5-EBAC-4D82-ABE7-1A6F070E09C0}
    [2011/12/29 19:10:23 | 000,000,000 | ---D | M] (Somoto Toolbar) -- C:\Users\Devonasa\AppData\Roaming\Mozilla\Firefox\Profiles\m0xqq5lg.default\extensions\{652853ad-5592-4231-88c6-706613a52e61}

    :Services

    :Reg

    :Files

    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.


Next:

Read here for instructions on how to open Disk Management. Then expand the disk management window to show all the entries and take a screenshot. Post it here

Next:

File Scanner
There are some files I need you to upload for checking

  • Make sure to use Internet Explorer for this
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:
    • C:\Windows\System32\Drivers\sptd.sys
  • Click on the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.

  • 0

#9
Devonasa

Devonasa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Combofix:

ComboFix 11-12-30.01 - Devonasa 12/30/2011 15:11:53.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1013.392 [GMT -5:00]
Running from: c:\users\Devonasa\Desktop\ComboFix.exe
Command switches used :: c:\users\Devonasa\Desktop\CFScript.txt
AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\windows\System\svchost.exe"
"c:\windows\System32\itlsvc.dat"
"c:\windows\System32\itusbcore.dat"
.
.
((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-30 )))))))))))))))))))))))))))))))
.
.
2011-12-30 20:26 . 2011-12-30 20:32 -------- d-----w- c:\users\Devonasa\AppData\Local\temp
2011-12-30 20:26 . 2011-12-30 20:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-30 06:45 . 2011-12-30 06:45 -------- d-----w- c:\program files\Common Files\Java
2011-12-30 06:44 . 2011-12-30 06:44 -------- d-----w- c:\program files\Oracle
2011-12-30 06:42 . 2011-11-09 00:56 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2011-12-29 22:04 . 2011-12-29 22:04 -------- d-----w- C:\_OTL
2011-12-26 06:05 . 2011-12-30 20:26 16896 ----a-w- c:\windows\system\svchost.exe
2011-12-25 20:51 . 2011-12-25 20:51 -------- d-----w- C:\Sim0
2011-12-25 20:51 . 2011-12-25 20:51 858 ----a-w- C:\HH0_HouseData.bin
2011-12-25 20:50 . 2011-12-25 20:50 -------- d-----w- C:\RLMsoft
2011-12-25 20:50 . 2011-12-25 20:50 -------- d-----w- c:\program files\RLMsoft
2011-12-21 05:25 . 2011-12-21 05:25 -------- d-----w- c:\users\Devonasa\AppData\Roaming\GamesCafe
2011-12-20 21:49 . 2011-12-21 05:17 -------- d-----w- c:\users\Devonasa\AppData\Roaming\Atari
2011-12-20 21:32 . 2011-12-20 21:32 -------- d-----w- c:\users\Devonasa\AppData\Roaming\Leadertech
2011-12-20 20:58 . 2011-12-20 20:58 -------- d-----w- c:\program files\DAEMON Tools Lite
2011-12-20 20:58 . 2011-12-21 05:00 -------- d-----w- c:\users\Devonasa\AppData\Roaming\DAEMON Tools Lite
2011-12-18 06:54 . 2011-12-18 06:54 -------- d-----w- c:\users\Devonasa\AppData\Roaming\GOL_byHasbro
2011-12-15 01:12 . 2011-11-08 12:10 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-12-15 01:12 . 2011-11-23 13:37 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-12-15 01:12 . 2011-10-25 15:56 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-15 01:12 . 2011-10-27 08:01 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-15 01:12 . 2011-10-27 08:01 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-15 01:12 . 2011-10-14 16:02 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-12-15 01:10 . 2011-11-08 14:42 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-15 01:00 . 2011-11-03 06:22 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-15 01:00 . 2011-11-03 06:17 743424 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2011-12-08 19:59 . 2011-12-08 20:07 -------- d-----w- c:\users\Devonasa\AppData\Roaming\SoMud
2011-12-08 19:57 . 2011-12-08 19:59 -------- d-----w- c:\program files\SoMud FileBulldog Toolbar
2011-12-08 19:54 . 2011-12-08 19:54 -------- d-----w- c:\program files\AP Suggestor
2011-12-08 19:53 . 2011-12-08 19:58 -------- d-----w- c:\program files\SoMud
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-20 21:00 . 2010-01-31 02:11 428088 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-11-24 03:04 . 2011-10-25 04:02 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-09 00:56 . 2011-09-05 20:24 567184 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-24 03:08 . 2011-09-08 18:10 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D0984FD4-FA9A-46ee-9072-70B0735FF852}]
2011-11-10 21:42 167216 ----a-w- c:\program files\AP Suggestor\APSuggestor.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-21 39408]
"SoMud"="c:\program files\SoMud\somud.exe" [2011-11-16 4062720]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-07-09 115560]
"LogitechCommunicationsManager"="c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-10-31 284184]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2006-11-16 746520]
"LVCOMSX"="c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-11-16 244512]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-11-02 8704]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10d.exe" [2009-11-03 257440]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SafeConnect.lnk - c:\program files\SafeConnect\scClient.exe [2009-3-31 296088]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2010-10-29 612168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-21 135664]
R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [2009-07-14 23888]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-21 135664]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-07-06 41272]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S2 hasplms;Sentinel HASP License Manager;c:\windows\system32\hasplms.exe -run [x]
S2 SCManager;SafeConnect Manager;c:\program files\SafeConnect\scManager.sys servicestart [x]
S2 SymAFR;SymAFR;c:\windows\system32\DRIVERS\SymAFR.sys [2011-03-22 15408]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-08 106104]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2009-06-10 347648]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-21 00:03]
.
2011-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-21 00:03]
.
2011-12-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1663229470-2338449591-2720500769-1000Core.job
- c:\users\Devonasa\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-05 02:19]
.
2011-12-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1663229470-2338449591-2720500769-1000UA.job
- c:\users\Devonasa\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-05 02:19]
.
2011-12-30 c:\windows\Tasks\User_Feed_Synchronization-{8ED58AD3-8ABB-401C-95E3-4D53772E5585}.job
- c:\windows\system32\msfeedssync.exe [2011-12-15 04:44]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyOverride = <local>
IE: Download Web &Images with SoMud - c:\program files\SoMud\scripts\ie\images-url.html
IE: Download with SoMud - c:\program files\SoMud\scripts\ie\link-url.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{02E2473F-766B-4ce2-8FD0-C4E8071EF1C4} - {D0984FD4-FA9A-46ee-9072-70B0735FF852} - c:\program files\AP Suggestor\APSuggestor.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Devonasa\AppData\Roaming\Mozilla\Firefox\Profiles\m0xqq5lg.default\
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(9636)
c:\program files\Common Files\Logitech\LVMVFM\LVPrcInj.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\hasplms.exe
c:\program files\SafeConnect\scManager.sys
c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2011-12-30 15:43:15 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-30 20:41
ComboFix2.txt 2011-12-30 06:29
ComboFix3.txt 2011-12-29 21:38
.
Pre-Run: 27,997,028,352 bytes free
Post-Run: 27,802,521,600 bytes free
.
- - End Of File - - 28E27AFFD6B52413687E3D82A780AA71

OTL:

OTL logfile created on: 12/30/2011 4:11:29 PM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Devonasa\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.38 Mb Total Physical Memory | 86.86 Mb Available Physical Memory | 8.57% Memory free
2.24 Gb Paging File | 1.22 Gb Available in Paging File | 54.34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 101.64 Gb Total Space | 26.38 Gb Free Space | 25.95% Space Free | Partition Type: NTFS
Drive D: | 10.15 Gb Total Space | 0.09 Gb Free Space | 0.89% Space Free | Partition Type: NTFS

Computer Name: DEVONASA-PC | User Name: Devonasa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/29 17:02:34 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Devonasa\Desktop\OTL.exe
PRC - [2011/11/23 22:08:18 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/11/15 20:49:32 | 004,062,720 | ---- | M] () -- C:\Program Files\SoMud\somud.exe
PRC - [2011/11/10 04:17:04 | 003,514,176 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2011/09/26 12:34:16 | 000,296,088 | ---- | M] (Impulse Point, LLC) -- C:\Program Files\SafeConnect\SCClient.exe
PRC - [2011/09/26 12:34:08 | 000,175,968 | ---- | M] (Impulse Point, LLC) -- C:\Program Files\SafeConnect\scManager.sys
PRC - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/10/29 14:00:00 | 000,612,168 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2009/12/16 15:44:36 | 003,750,400 | ---- | M] (SafeNet Inc.) -- C:\Windows\System32\hasplms.exe
PRC - [2009/09/17 17:56:58 | 002,477,304 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2009/09/17 17:38:02 | 001,864,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2009/09/17 17:27:26 | 001,455,432 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2009/07/08 19:14:40 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2009/07/08 19:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2006/11/15 21:03:36 | 000,109,344 | ---- | M] (Logitech Inc.) -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
PRC - [2006/11/15 21:01:52 | 000,244,512 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
PRC - [2006/11/15 20:58:40 | 000,746,520 | ---- | M] () -- C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
PRC - [2006/11/15 20:57:20 | 000,171,544 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
PRC - [2006/10/31 00:03:48 | 000,284,184 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/23 22:08:13 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/11/15 20:49:32 | 004,062,720 | ---- | M] () -- C:\Program Files\SoMud\somud.exe
MOD - [2011/10/07 21:40:40 | 000,028,672 | ---- | M] () -- C:\Program Files\SoMud\imageformats\qico4.dll
MOD - [2011/10/07 21:40:38 | 000,284,672 | ---- | M] () -- C:\Program Files\SoMud\imageformats\qtiff4.dll
MOD - [2011/10/07 21:40:30 | 000,220,672 | ---- | M] () -- C:\Program Files\SoMud\imageformats\qmng4.dll
MOD - [2011/10/07 21:40:24 | 000,026,624 | ---- | M] () -- C:\Program Files\SoMud\imageformats\qgif4.dll
MOD - [2011/10/07 21:40:20 | 000,196,608 | ---- | M] () -- C:\Program Files\SoMud\imageformats\qjpeg4.dll
MOD - [2011/10/07 21:38:12 | 010,862,592 | ---- | M] () -- C:\Program Files\SoMud\QtWebKit4.dll
MOD - [2011/10/07 20:33:36 | 001,294,848 | ---- | M] () -- C:\Program Files\SoMud\QtScript4.dll
MOD - [2011/10/07 20:26:54 | 000,266,752 | ---- | M] () -- C:\Program Files\SoMud\phonon4.dll
MOD - [2011/10/07 20:20:28 | 008,222,720 | ---- | M] () -- C:\Program Files\SoMud\QtGui4.dll
MOD - [2011/10/07 20:11:46 | 000,975,360 | ---- | M] () -- C:\Program Files\SoMud\QtNetwork4.dll
MOD - [2011/10/07 20:10:38 | 002,292,224 | ---- | M] () -- C:\Program Files\SoMud\QtCore4.dll
MOD - [2011/07/28 18:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2009/11/03 18:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2006/11/15 21:01:08 | 001,058,328 | ---- | M] () -- C:\Program Files\Logitech\QuickCam10\LAppRes.DLL
MOD - [2006/11/15 20:58:40 | 000,746,520 | ---- | M] () -- C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
MOD - [2006/11/02 04:46:05 | 000,061,440 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll
MOD - [2006/10/31 00:04:12 | 000,022,040 | ---- | M] () -- C:\Program Files\Common Files\Logitech\LComMgr\LCMServerPS.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)
SRV - [2011/09/26 12:34:08 | 000,175,968 | ---- | M] (Impulse Point, LLC) [Auto | Running] -- C:\Program Files\SafeConnect\scManager.sys -- (SCManager)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/02/05 00:31:56 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/12/16 15:44:36 | 003,750,400 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\Windows\System32\hasplms.exe -- (hasplms)
SRV - [2009/09/17 17:56:58 | 002,477,304 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2009/09/17 17:38:02 | 001,864,888 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2009/09/17 16:21:10 | 000,341,320 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2009/07/13 11:06:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2009/07/08 19:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2009/07/08 19:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2006/11/15 21:05:40 | 000,101,152 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2006/11/15 21:03:36 | 000,109,344 | ---- | M] (Logitech Inc.) [Auto | Running] -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)


========== Driver Services (SafeList) ==========

DRV - [2011/12/20 16:00:52 | 000,428,088 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2011/11/08 04:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/11/08 04:00:00 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/08/03 03:00:00 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20111229.018\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/08/03 03:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20111229.018\NAVENG.SYS -- (NAVENG)
DRV - [2011/07/06 18:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/06/22 19:05:28 | 000,167,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wpshelper.sys -- (WpsHelper)
DRV - [2011/03/21 19:33:42 | 000,015,408 | ---- | M] (Windows ® Codename Longhorn DDK provider) [File_System | Auto | Running] -- C:\Windows\System32\drivers\SymAFR.sys -- (SymAFR)
DRV - [2010/06/24 11:01:36 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/12/09 20:27:18 | 000,588,800 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (hardlock)
DRV - [2009/11/04 19:53:40 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/09/17 17:38:10 | 000,092,488 | ---- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SYSTEM32\Drivers\SysPlant.sys -- (SysPlant)
DRV - [2009/09/17 17:31:50 | 000,042,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2009/09/03 15:03:48 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/09/03 15:03:48 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2009/08/26 10:54:38 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2009/08/25 19:05:44 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2009/08/25 19:05:42 | 000,320,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2009/08/25 19:05:42 | 000,281,648 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2009/08/20 06:01:50 | 000,356,864 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2009/07/14 11:51:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2009/06/10 08:52:58 | 000,347,648 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2009/05/27 13:31:18 | 000,050,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Teefer2.sys -- (Teefer2)
DRV - [2006/11/15 21:03:12 | 000,024,736 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2006/11/15 21:02:50 | 001,962,912 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2006/11/15 21:00:56 | 001,678,368 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2006/11/10 22:48:11 | 001,083,680 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam Ultra Vision(UVC)
DRV - [2006/11/10 22:48:00 | 000,040,352 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2006/11/10 22:46:29 | 001,512,224 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2006/11/02 02:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..extensions.enabledItems: {99210d54-6321-41e8-bd1b-2b4c55874efb}:1.16
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}:6.0.27

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.2.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.2.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Devonasa\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Devonasa\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Devonasa\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Devonasa\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/09/14 00:10:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/23 22:08:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/30 01:42:18 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{6B05BDE5-EBAC-4D82-ABE7-1A6F070E09C0}: C:\Users\Devonasa\AppData\Local\{6B05BDE5-EBAC-4D82-ABE7-1A6F070E09C0}
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\SoMud\scripts\mozilla [2011/12/08 14:53:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\SoMud\scripts\mozilla [2011/12/08 14:53:45 | 000,000,000 | ---D | M]

[2010/03/24 10:50:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Devonasa\AppData\Roaming\Mozilla\Extensions
[2011/12/27 11:41:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Devonasa\AppData\Roaming\Mozilla\Firefox\Profiles\m0xqq5lg.default\extensions
[2011/08/17 00:23:36 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\Devonasa\AppData\Roaming\Mozilla\Firefox\Profiles\m0xqq5lg.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2010/07/08 20:13:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Devonasa\AppData\Roaming\Mozilla\Firefox\Profiles\m0xqq5lg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/27 11:41:27 | 000,000,000 | ---D | M] ("Tumblr Post") -- C:\Users\Devonasa\AppData\Roaming\Mozilla\Firefox\Profiles\m0xqq5lg.default\extensions\{99210d54-6321-41e8-bd1b-2b4c55874efb}
[2011/12/30 01:49:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/30 01:49:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2008/11/06 23:35:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\App\Photoshop\Plug-ins\Extensions
() (No name found) -- C:\USERS\DEVONASA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\M0XQQ5LG.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/11/23 22:08:18 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/09/02 18:25:59 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/23 22:08:19 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/12/30 15:32:08 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.)
O2 - BHO: (AP Suggestor) - {D0984FD4-FA9A-46ee-9072-70B0735FF852} - C:\Program Files\AP Suggestor\APSuggestor.dll (Think Tank Labs, LLC)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam10\QuickCam10.exe ()
O4 - HKLM..\Run: [LVCOMSX] C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe (Logitech Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [SoMud] C:\Program Files\SoMud\somud.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download Web &Images with SoMud - C:\Program Files\SoMud\scripts\ie\images-url.html ()
O8 - Extra context menu item: Download with SoMud - C:\Program Files\SoMud\scripts\ie\link-url.html ()
O9 - Extra Button: AP Suggestor - {02E2473F-766B-4ce2-8FD0-C4E8071EF1C4} - C:\Program Files\AP Suggestor\APSuggestor.dll (Think Tank Labs, LLC)
O9 - Extra 'Tools' menuitem : AP Suggestor options - {02E2473F-766B-4ce2-8FD0-C4E8071EF1C4} - C:\Program Files\AP Suggestor\APSuggestor.dll (Think Tank Labs, LLC)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.2.0)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FB3AA8F6-0159-4F70-994A-780FCEE470F9}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop BackupWallPaper: C:\Users\Devonasa\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/30 15:43:20 | 000,000,000 | ---D | C] -- C:\Users\Devonasa\AppData\Local\temp
[2011/12/30 15:32:20 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/12/30 15:07:51 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/12/30 01:45:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/12/30 01:44:10 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2011/12/29 19:01:03 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Devonasa\Desktop\tdsskiller.exe
[2011/12/29 17:04:19 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/29 17:02:33 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Devonasa\Desktop\OTL.exe
[2011/12/29 15:56:54 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/12/29 15:56:53 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/12/29 15:56:53 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/12/29 15:56:32 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/12/29 15:55:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/29 15:51:18 | 004,356,838 | R--- | C] (Swearware) -- C:\Users\Devonasa\Desktop\ComboFix.exe
[2011/12/29 13:21:07 | 004,702,720 | ---- | C] (AVAST Software) -- C:\Users\Devonasa\Desktop\aswMBR(1).exe
[2011/12/25 15:51:03 | 000,000,000 | ---D | C] -- C:\Sim0
[2011/12/25 15:51:03 | 000,000,000 | ---D | C] -- C:\Users\Devonasa\Documents\RLMsoft
[2011/12/25 15:50:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RLMsoft
[2011/12/25 15:50:27 | 000,000,000 | ---D | C] -- C:\Users\Devonasa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RLMsoft
[2011/12/25 15:50:14 | 000,000,000 | ---D | C] -- C:\RLMsoft
[2011/12/25 15:50:09 | 000,000,000 | ---D | C] -- C:\Program Files\RLMsoft
[2011/12/21 00:25:07 | 000,000,000 | ---D | C] -- C:\Users\Devonasa\AppData\Roaming\GamesCafe
[2011/12/21 00:06:32 | 000,000,000 | ---D | C] -- C:\Users\Devonasa\Documents\My Games
[2011/12/20 16:49:15 | 000,000,000 | ---D | C] -- C:\Users\Devonasa\AppData\Roaming\Atari
[2011/12/20 16:32:04 | 000,000,000 | ---D | C] -- C:\Users\Devonasa\AppData\Roaming\Leadertech
[2011/12/20 16:00:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2011/12/20 15:58:47 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2011/12/20 15:58:17 | 000,000,000 | ---D | C] -- C:\Users\Devonasa\AppData\Roaming\DAEMON Tools Lite
[2011/12/20 15:58:09 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2011/12/18 01:54:15 | 000,000,000 | ---D | C] -- C:\Users\Devonasa\AppData\Roaming\GOL_byHasbro
[2011/12/15 18:43:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DJS Sims
[2011/12/08 15:05:14 | 000,000,000 | ---D | C] -- C:\Users\Devonasa\Documents\SoMud
[2011/12/08 14:59:35 | 000,000,000 | ---D | C] -- C:\Users\Devonasa\AppData\Roaming\SoMud
[2011/12/08 14:57:35 | 000,000,000 | ---D | C] -- C:\Program Files\SoMud FileBulldog Toolbar
[2011/12/08 14:54:07 | 000,000,000 | ---D | C] -- C:\Program Files\AP Suggestor
[2011/12/08 14:53:58 | 000,000,000 | ---D | C] -- C:\ProgramData\APSuggestor
[2011/12/08 14:53:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoMud
[2011/12/08 14:53:39 | 000,000,000 | ---D | C] -- C:\Program Files\SoMud
[2011/12/08 14:33:04 | 000,000,000 | ---D | C] -- C:\Users\Devonasa\Desktop\My Shared Folder

========== Files - Modified Within 30 Days ==========

[2011/12/30 16:09:40 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/30 16:00:18 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/30 16:00:18 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/30 16:00:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1663229470-2338449591-2720500769-1000UA.job
[2011/12/30 15:59:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/30 15:32:08 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/12/30 15:26:56 | 000,016,896 | ---- | M] () -- C:\Windows\System\svchost.exe
[2011/12/30 15:07:25 | 004,356,838 | R--- | M] (Swearware) -- C:\Users\Devonasa\Desktop\ComboFix.exe
[2011/12/30 15:04:40 | 003,585,578 | ---- | M] () -- C:\Users\Devonasa\Desktop\Rice, Anne - Cry to Heaven.pdf
[2011/12/30 14:54:02 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/30 12:54:48 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8ED58AD3-8ABB-401C-95E3-4D53772E5585}.job
[2011/12/30 03:22:18 | 000,153,088 | ---- | M] () -- C:\Users\Devonasa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/30 02:51:29 | 463,449,540 | ---- | M] () -- C:\Users\Devonasa\Desktop\P4piThugz[bleep]3dUp.mp4
[2011/12/30 02:00:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1663229470-2338449591-2720500769-1000Core.job
[2011/12/30 01:50:54 | 030,728,744 | ---- | M] () -- C:\Users\Devonasa\Desktop\Secret Santa - Pikkon.zip
[2011/12/29 19:01:21 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Devonasa\Desktop\tdsskiller.exe
[2011/12/29 17:33:59 | 000,000,590 | ---- | M] () -- C:\Users\Devonasa\Desktop\MBR.zip
[2011/12/29 17:02:34 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Devonasa\Desktop\OTL.exe
[2011/12/29 15:52:31 | 000,000,512 | ---- | M] () -- C:\Users\Devonasa\Desktop\MBR.dat
[2011/12/29 13:40:02 | 175,803,661 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/12/29 13:21:16 | 004,702,720 | ---- | M] (AVAST Software) -- C:\Users\Devonasa\Desktop\aswMBR(1).exe
[2011/12/25 15:51:02 | 000,000,858 | ---- | M] () -- C:\HH0_HouseData.bin
[2011/12/25 15:50:30 | 000,001,927 | ---- | M] () -- C:\Users\Devonasa\Desktop\W7 - Sim Tracker.lnk
[2011/12/23 20:40:11 | 000,004,096 | ---- | M] () -- C:\Windows\d3dx.dat
[2011/12/21 10:19:49 | 000,000,196 | ---- | M] () -- C:\Windows\System32\itlsvc.dat
[2011/12/21 10:19:48 | 000,103,733 | ---- | M] () -- C:\Windows\System32\itusbcore.dat
[2011/12/21 00:17:09 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/12/21 00:17:09 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/12/21 00:06:03 | 000,000,933 | ---- | M] () -- C:\Users\Devonasa\Desktop\HG2 - Shortcut.lnk
[2011/12/20 16:48:59 | 000,001,074 | ---- | M] () -- C:\Users\Devonasa\Desktop\RCT3plus - Shortcut.lnk
[2011/12/20 16:19:21 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/20 16:19:21 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/20 16:02:31 | 000,001,742 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2011/12/15 03:35:25 | 003,730,792 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/13 01:27:21 | 000,000,000 | ---- | M] () -- C:\t1bg.5
[2011/12/08 14:53:50 | 000,000,791 | ---- | M] () -- C:\Users\Devonasa\Application Data\Microsoft\Internet Explorer\Quick Launch\SoMud.lnk
[2011/12/08 14:53:50 | 000,000,767 | ---- | M] () -- C:\Users\Public\Desktop\SoMud.lnk

========== Files Created - No Company Name ==========

[2011/12/30 15:04:40 | 003,585,578 | ---- | C] () -- C:\Users\Devonasa\Desktop\Rice, Anne - Cry to Heaven.pdf
[2011/12/30 02:31:57 | 463,449,540 | ---- | C] () -- C:\Users\Devonasa\Desktop\P4piThugz[bleep]3dUp.mp4
[2011/12/30 01:48:47 | 030,728,744 | ---- | C] () -- C:\Users\Devonasa\Desktop\Secret Santa - Pikkon.zip
[2011/12/29 17:33:59 | 000,000,590 | ---- | C] () -- C:\Users\Devonasa\Desktop\MBR.zip
[2011/12/29 15:56:55 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/29 15:56:54 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/29 15:56:53 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/29 15:56:53 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/29 15:56:53 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/29 15:52:31 | 000,000,512 | ---- | C] () -- C:\Users\Devonasa\Desktop\MBR.dat
[2011/12/29 13:40:02 | 175,803,661 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/12/26 01:05:14 | 000,016,896 | ---- | C] () -- C:\Windows\System\svchost.exe
[2011/12/25 15:51:01 | 000,000,858 | ---- | C] () -- C:\HH0_HouseData.bin
[2011/12/25 15:50:30 | 000,001,927 | ---- | C] () -- C:\Users\Devonasa\Desktop\W7 - Sim Tracker.lnk
[2011/12/23 20:40:11 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2011/12/21 00:17:09 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011/12/21 00:17:09 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011/12/21 00:06:03 | 000,000,933 | ---- | C] () -- C:\Users\Devonasa\Desktop\HG2 - Shortcut.lnk
[2011/12/20 16:48:59 | 000,001,074 | ---- | C] () -- C:\Users\Devonasa\Desktop\RCT3plus - Shortcut.lnk
[2011/12/20 16:02:31 | 000,001,742 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2011/12/15 18:41:25 | 003,844,711 | ---- | C] () -- C:\Users\Devonasa\Documents\WardrobeWranglerManual.pdf
[2011/12/15 18:41:25 | 001,464,604 | ---- | C] () -- C:\Users\Devonasa\Documents\InstallWardrobeWranger1.1.exe
[2011/12/13 01:27:21 | 000,000,000 | ---- | C] () -- C:\t1bg.5
[2011/12/08 14:53:50 | 000,000,791 | ---- | C] () -- C:\Users\Devonasa\Application Data\Microsoft\Internet Explorer\Quick Launch\SoMud.lnk
[2011/12/08 14:53:49 | 000,000,767 | ---- | C] () -- C:\Users\Public\Desktop\SoMud.lnk
[2011/11/03 20:54:21 | 000,000,196 | ---- | C] () -- C:\Windows\System32\itlsvc.dat
[2011/11/03 20:54:20 | 000,103,733 | ---- | C] () -- C:\Windows\System32\itusbcore.dat
[2011/09/15 02:39:32 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011/09/14 00:34:52 | 000,074,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/08/13 18:51:08 | 000,000,000 | ---- | C] () -- C:\Users\Devonasa\AppData\Local\{09D65B15-4284-4663-AB55-38DC4CF5780E}
[2011/08/10 17:10:51 | 000,000,274 | ---- | C] () -- C:\Windows\ulead32.ini
[2011/08/03 18:53:38 | 000,000,000 | ---- | C] () -- C:\Users\Devonasa\AppData\Local\{1CF3071A-A136-4BBC-A174-D3B2CFC1128A}
[2010/09/05 16:41:21 | 000,001,356 | ---- | C] () -- C:\Users\Devonasa\AppData\Local\d3d9caps.dat
[2010/09/05 16:36:58 | 000,042,594 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2010/02/07 23:10:21 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/02/07 23:10:20 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/02/06 06:04:48 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/01/30 20:01:11 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/01/30 16:56:39 | 000,153,088 | ---- | C] () -- C:\Users\Devonasa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/11/15 21:03:12 | 000,024,736 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2006/11/15 21:00:56 | 001,678,368 | ---- | C] () -- C:\Windows\System32\drivers\Lvckap.sys
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 003,730,792 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,604,502 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,104,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/12/21 00:17:36 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\Atari
[2011/03/30 22:45:19 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\Audacity
[2011/08/17 12:44:30 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/08/17 01:45:18 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011/12/21 00:00:51 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\DAEMON Tools Lite
[2010/02/05 06:01:23 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\DAEMON Tools Pro
[2010/02/26 19:24:52 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\Elluminate
[2011/12/21 00:25:07 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\GamesCafe
[2010/01/30 17:28:23 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\GetRightToGo
[2011/12/18 01:54:15 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\GOL_byHasbro
[2011/12/20 16:32:04 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\Leadertech
[2011/08/09 00:23:38 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\QuickScan
[2010/12/01 21:49:18 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\Research In Motion
[2011/12/08 15:07:48 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\SoMud
[2011/10/06 22:35:16 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\Spotify
[2010/01/30 18:34:45 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\Thinstall
[2010/03/29 20:16:44 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\Tific
[2010/05/24 16:42:41 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\Yandex
[2011/12/30 15:27:29 | 000,032,618 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/12/30 12:54:48 | 000,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{8ED58AD3-8ABB-401C-95E3-4D53772E5585}.job

========== Purity Check ==========



< End of report >

Disk Management Screenshot


Posted Image

Virscan.org


VirSCAN.org Scanned Report :
Scanned time : 2011/12/30 17:11:46 (EST)
Scanner results: Scanners did not find malware!
File Name : sptd.sys
File Size : 428088 byte
File Type : PE32 executable for MS Windows (native) Intel 80386 32-bit
MD5 : f42efefb765235f24b24e1d2b6f99f46
SHA1 : 2b4feddd88ede7c4566f3d0ee9b540e54708e169
Online report : http://r.virscan.org...b6333839f614e1c

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.1.0.4 20111231060235 2011-12-31 0.36 -
AhnLab V3 ... .. -- 0.73 -
AntiVir 8.2.8.18 7.11.20.97 2011-12-30 0.28 -
Antiy 2.0.18 20111231.15300846 2011-12-31 0.02 -
Arcavir 2011 201112300233 2011-12-30 3.35 -
Authentium 5.1.1 201112300951 2011-12-30 1.45 -
AVAST! 4.7.4 111230-1 2011-12-30 0.03 -
AVG 10.0.1405 2090/4112 2011-12-30 0.08 -
BitDefender 7.90123.7900231 7.40360 2011-12-31 4.33 -
ClamAV 0.97.1 14211 2011-12-30 0.07 -
Comodo 5.1 11144 2011-12-30 2.50 -
CP Secure 1.3.0.5 2011.12.29 2011-12-29 0.09 -
Dr.Web 7.0.0.11250 2011.12.31 2011-12-31 11.42 -
F-Prot 4.6.2.117 20111230 2011-12-30 1.24 -
F-Secure 7.02.73807 2011.12.30.09 2011-12-30 13.48 -
Fortinet 4.2.257 15.37 2011-12-30 0.10 -
GData 22.3260 20111231 2011-12-31 4.67 -
ViRobot 20111230 2011.12.30 2011-12-30 0.33 -
Ikarus T3.1.32.20.0 2011.12.30.80133 2011-12-30 4.82 -
JiangMin 13.0.900 2011.11.26 2011-11-26 1.94 -
Kaspersky 5.5.10 2011.12.30 2011-12-30 0.12 -
KingSoft 2009.2.5.15 2011.12.30.20 2011-12-30 0.95 -
McAfee 5400.1158 6575 2011-12-30 10.68 -
Microsoft 1.7903 2011.12.30 2011-12-30 3.97 -
NOD32 3.0.21 6752 2011-12-29 0.14 -
Panda 9.05.01 2011.12.30 2011-12-30 2.25 -
Trend Micro 9.500-1005 8.676.07 2011-12-30 0.06 -
Quick Heal 11.00 2011.12.29 2011-12-29 1.15 -
Rising 20.0 23.90.04.02 2011-12-30 2.30 -
Sophos 3.25.1 4.72 2011-12-31 4.58 -
Sunbelt 3.9.2523.2 11327 2011-12-30 0.75 -
Symantec 1.3.0.24 20111230.002 2011-12-30 0.22 -
nProtect 20111230.01 11877538 2011-12-30 1.20 -
The Hacker 6.7.0.1 v00367 2011-12-28 0.52 -
VBA32 3.12.16.4 20111230.1623 2011-12-30 7.00 -
VirusBuster 5.4.0.10 14.1.142.0/72383672011-12-30 0.02 -
  • 0

#10
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hello

There's a nasty that doesn't want to go..

Open notepad and paste these inside:

:OTL
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{6B05BDE5-EBAC-4D82-ABE7-1A6F070E09C0}: C:\Users\Devonasa\AppData\Local\{6B05BDE5-EBAC-4D82-ABE7-1A6F070E09C0}
[2011/12/30 15:26:56 | 000,016,896 | ---- | M] () -- C:\Windows\System\svchost.exe

:Services

:Reg

:Files
C:\Windows\System\svchost.exe
C:\Users\Devonasa\AppData\Local\{6B05BDE5-EBAC-4D82-ABE7-1A6F070E09C0}

:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[Reboot]


Save it as Fix.txt into your Desktop.


Next:

  • Boot into safe mode (instructions here)
  • Run OTL and paste the contents of fix.txt under the Custom Scans/Fixes box at the bottom
  • Then click the Run Fix button at the top
  • Reboot into normal mode and post a new OTL log

  • 0

Advertisements


#11
Devonasa

Devonasa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
I accidentally closed the OTL log, the one that popped up when I restart the computer, how do I get it back?

Okay, let me go re-run it!

Edited by Devonasa, 30 December 2011 - 05:41 PM.

  • 0

#12
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
That's the fix log. Open OTL and press quick scan and then post its log :thumbsup:
  • 0

#13
Devonasa

Devonasa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
OTL logfile created on: 12/30/2011 6:41:22 PM - Run 5
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Devonasa\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.38 Mb Total Physical Memory | 254.05 Mb Available Physical Memory | 25.07% Memory free
2.24 Gb Paging File | 0.98 Gb Available in Paging File | 43.72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 101.64 Gb Total Space | 25.59 Gb Free Space | 25.18% Space Free | Partition Type: NTFS
Drive D: | 10.15 Gb Total Space | 0.09 Gb Free Space | 0.89% Space Free | Partition Type: NTFS

Computer Name: DEVONASA-PC | User Name: Devonasa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/29 17:02:34 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Devonasa\Desktop\OTL.exe
PRC - [2011/11/23 22:08:18 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/11/15 20:49:32 | 004,062,720 | ---- | M] () -- C:\Program Files\SoMud\somud.exe
PRC - [2011/11/10 04:17:04 | 003,514,176 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2011/09/26 12:34:16 | 000,296,088 | ---- | M] (Impulse Point, LLC) -- C:\Program Files\SafeConnect\SCClient.exe
PRC - [2011/09/26 12:34:08 | 000,175,968 | ---- | M] (Impulse Point, LLC) -- C:\Program Files\SafeConnect\scManager.sys
PRC - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/10/29 14:00:00 | 000,612,168 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2009/12/16 15:44:36 | 003,750,400 | ---- | M] (SafeNet Inc.) -- C:\Windows\System32\hasplms.exe
PRC - [2009/09/17 17:56:58 | 002,477,304 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2009/09/17 17:38:02 | 001,864,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2009/09/17 17:27:26 | 001,455,432 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2009/07/08 19:14:40 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2009/07/08 19:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2006/11/15 21:03:36 | 000,109,344 | ---- | M] (Logitech Inc.) -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
PRC - [2006/11/15 21:01:52 | 000,244,512 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
PRC - [2006/11/15 20:58:40 | 000,746,520 | ---- | M] () -- C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
PRC - [2006/11/15 20:57:20 | 000,171,544 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
PRC - [2006/10/31 00:03:48 | 000,284,184 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/23 22:08:13 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/11/23 22:04:31 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011/11/15 20:49:32 | 004,062,720 | ---- | M] () -- C:\Program Files\SoMud\somud.exe
MOD - [2011/10/07 21:40:40 | 000,028,672 | ---- | M] () -- C:\Program Files\SoMud\imageformats\qico4.dll
MOD - [2011/10/07 21:40:38 | 000,284,672 | ---- | M] () -- C:\Program Files\SoMud\imageformats\qtiff4.dll
MOD - [2011/10/07 21:40:30 | 000,220,672 | ---- | M] () -- C:\Program Files\SoMud\imageformats\qmng4.dll
MOD - [2011/10/07 21:40:24 | 000,026,624 | ---- | M] () -- C:\Program Files\SoMud\imageformats\qgif4.dll
MOD - [2011/10/07 21:40:20 | 000,196,608 | ---- | M] () -- C:\Program Files\SoMud\imageformats\qjpeg4.dll
MOD - [2011/10/07 21:40:14 | 000,077,824 | ---- | M] () -- C:\Program Files\SoMud\codecs\qkrcodecs4.dll
MOD - [2011/10/07 21:40:12 | 000,155,136 | ---- | M] () -- C:\Program Files\SoMud\codecs\qtwcodecs4.dll
MOD - [2011/10/07 21:40:10 | 000,167,936 | ---- | M] () -- C:\Program Files\SoMud\codecs\qjpcodecs4.dll
MOD - [2011/10/07 21:40:08 | 000,141,824 | ---- | M] () -- C:\Program Files\SoMud\codecs\qcncodecs4.dll
MOD - [2011/10/07 21:38:12 | 010,862,592 | ---- | M] () -- C:\Program Files\SoMud\QtWebKit4.dll
MOD - [2011/10/07 20:33:36 | 001,294,848 | ---- | M] () -- C:\Program Files\SoMud\QtScript4.dll
MOD - [2011/10/07 20:26:54 | 000,266,752 | ---- | M] () -- C:\Program Files\SoMud\phonon4.dll
MOD - [2011/10/07 20:20:28 | 008,222,720 | ---- | M] () -- C:\Program Files\SoMud\QtGui4.dll
MOD - [2011/10/07 20:11:46 | 000,975,360 | ---- | M] () -- C:\Program Files\SoMud\QtNetwork4.dll
MOD - [2011/10/07 20:10:38 | 002,292,224 | ---- | M] () -- C:\Program Files\SoMud\QtCore4.dll
MOD - [2011/07/28 18:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/03/02 11:40:51 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009/11/03 18:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2006/11/15 21:01:08 | 001,058,328 | ---- | M] () -- C:\Program Files\Logitech\QuickCam10\LAppRes.DLL
MOD - [2006/11/15 20:58:40 | 000,746,520 | ---- | M] () -- C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
MOD - [2006/11/02 04:46:05 | 000,061,440 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll
MOD - [2006/10/31 00:04:12 | 000,022,040 | ---- | M] () -- C:\Program Files\Common Files\Logitech\LComMgr\LCMServerPS.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)
SRV - [2011/09/26 12:34:08 | 000,175,968 | ---- | M] (Impulse Point, LLC) [Auto | Running] -- C:\Program Files\SafeConnect\scManager.sys -- (SCManager)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/02/05 00:31:56 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/12/16 15:44:36 | 003,750,400 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\Windows\System32\hasplms.exe -- (hasplms)
SRV - [2009/09/17 17:56:58 | 002,477,304 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2009/09/17 17:38:02 | 001,864,888 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2009/09/17 16:21:10 | 000,341,320 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2009/07/13 11:06:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2009/07/08 19:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2009/07/08 19:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2006/11/15 21:05:40 | 000,101,152 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2006/11/15 21:03:36 | 000,109,344 | ---- | M] (Logitech Inc.) [Auto | Running] -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)


========== Driver Services (SafeList) ==========

DRV - [2011/12/20 16:00:52 | 000,428,088 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2011/11/08 04:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/08/03 03:00:00 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20111229.018\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/08/03 03:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20111229.018\NAVENG.SYS -- (NAVENG)
DRV - [2011/07/06 18:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/06/22 19:05:28 | 000,167,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wpshelper.sys -- (WpsHelper)
DRV - [2011/03/21 19:33:42 | 000,015,408 | ---- | M] (Windows ® Codename Longhorn DDK provider) [File_System | Auto | Running] -- C:\Windows\System32\drivers\SymAFR.sys -- (SymAFR)
DRV - [2010/06/24 11:01:36 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/12/09 20:27:18 | 000,588,800 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (hardlock)
DRV - [2009/11/04 19:53:40 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/09/17 17:38:10 | 000,092,488 | ---- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SYSTEM32\Drivers\SysPlant.sys -- (SysPlant)
DRV - [2009/09/17 17:31:50 | 000,042,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2009/09/03 15:03:48 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/09/03 15:03:48 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2009/08/26 10:54:38 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2009/08/25 19:05:44 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2009/08/25 19:05:42 | 000,320,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2009/08/25 19:05:42 | 000,281,648 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2009/08/20 06:01:50 | 000,356,864 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2009/07/14 11:51:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2009/06/10 08:52:58 | 000,347,648 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2009/05/27 13:31:18 | 000,050,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Teefer2.sys -- (Teefer2)
DRV - [2006/11/15 21:03:12 | 000,024,736 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2006/11/15 21:02:50 | 001,962,912 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2006/11/15 21:00:56 | 001,678,368 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2006/11/10 22:48:11 | 001,083,680 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam Ultra Vision(UVC)
DRV - [2006/11/10 22:48:00 | 000,040,352 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2006/11/10 22:46:29 | 001,512,224 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2006/11/02 02:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..extensions.enabledItems: {99210d54-6321-41e8-bd1b-2b4c55874efb}:1.16
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}:6.0.27

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.2.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.2.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Devonasa\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Devonasa\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Devonasa\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Devonasa\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/09/14 00:10:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/23 22:08:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/30 01:42:18 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{6B05BDE5-EBAC-4D82-ABE7-1A6F070E09C0}: C:\Users\Devonasa\AppData\Local\{6B05BDE5-EBAC-4D82-ABE7-1A6F070E09C0}
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\SoMud\scripts\mozilla [2011/12/08 14:53:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\SoMud\scripts\mozilla [2011/12/08 14:53:45 | 000,000,000 | ---D | M]

[2010/03/24 10:50:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Devonasa\AppData\Roaming\Mozilla\Extensions
[2011/12/27 11:41:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Devonasa\AppData\Roaming\Mozilla\Firefox\Profiles\m0xqq5lg.default\extensions
[2011/08/17 00:23:36 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\Devonasa\AppData\Roaming\Mozilla\Firefox\Profiles\m0xqq5lg.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2010/07/08 20:13:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Devonasa\AppData\Roaming\Mozilla\Firefox\Profiles\m0xqq5lg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/27 11:41:27 | 000,000,000 | ---D | M] ("Tumblr Post") -- C:\Users\Devonasa\AppData\Roaming\Mozilla\Firefox\Profiles\m0xqq5lg.default\extensions\{99210d54-6321-41e8-bd1b-2b4c55874efb}
[2011/12/30 01:49:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/30 01:49:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2008/11/06 23:35:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\App\Photoshop\Plug-ins\Extensions
() (No name found) -- C:\USERS\DEVONASA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\M0XQQ5LG.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/11/23 22:08:18 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/09/02 18:25:59 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/23 22:08:19 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/12/30 15:32:08 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.)
O2 - BHO: (AP Suggestor) - {D0984FD4-FA9A-46ee-9072-70B0735FF852} - C:\Program Files\AP Suggestor\APSuggestor.dll (Think Tank Labs, LLC)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam10\QuickCam10.exe ()
O4 - HKLM..\Run: [LVCOMSX] C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe (Logitech Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [SoMud] C:\Program Files\SoMud\somud.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download Web &Images with SoMud - C:\Program Files\SoMud\scripts\ie\images-url.html ()
O8 - Extra context menu item: Download with SoMud - C:\Program Files\SoMud\scripts\ie\link-url.html ()
O9 - Extra Button: AP Suggestor - {02E2473F-766B-4ce2-8FD0-C4E8071EF1C4} - C:\Program Files\AP Suggestor\APSuggestor.dll (Think Tank Labs, LLC)
O9 - Extra 'Tools' menuitem : AP Suggestor options - {02E2473F-766B-4ce2-8FD0-C4E8071EF1C4} - C:\Program Files\AP Suggestor\APSuggestor.dll (Think Tank Labs, LLC)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.2.0)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FB3AA8F6-0159-4F70-994A-780FCEE470F9}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop BackupWallPaper: C:\Users\Devonasa\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/30 15:43:20 | 000,000,000 | ---D | C] -- C:\Users\Devonasa\AppData\Local\temp
[2011/12/30 15:32:20 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/12/30 15:07:51 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/12/30 01:45:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/12/30 01:44:10 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2011/12/29 19:01:03 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Devonasa\Desktop\tdsskiller.exe
[2011/12/29 17:04:19 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/29 17:02:33 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Devonasa\Desktop\OTL.exe
[2011/12/29 15:56:54 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/12/29 15:56:53 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/12/29 15:56:53 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/12/29 15:56:32 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/12/29 15:55:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/29 15:51:18 | 004,356,838 | R--- | C] (Swearware) -- C:\Users\Devonasa\Desktop\ComboFix.exe
[2011/12/29 13:21:07 | 004,702,720 | ---- | C] (AVAST Software) -- C:\Users\Devonasa\Desktop\aswMBR(1).exe
[2011/12/25 15:51:03 | 000,000,000 | ---D | C] -- C:\Sim0
[2011/12/25 15:51:03 | 000,000,000 | ---D | C] -- C:\Users\Devonasa\Documents\RLMsoft
[2011/12/25 15:50:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RLMsoft
[2011/12/25 15:50:27 | 000,000,000 | ---D | C] -- C:\Users\Devonasa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RLMsoft
[2011/12/25 15:50:14 | 000,000,000 | ---D | C] -- C:\RLMsoft
[2011/12/25 15:50:09 | 000,000,000 | ---D | C] -- C:\Program Files\RLMsoft
[2011/12/21 00:25:07 | 000,000,000 | ---D | C] -- C:\Users\Devonasa\AppData\Roaming\GamesCafe
[2011/12/21 00:06:32 | 000,000,000 | ---D | C] -- C:\Users\Devonasa\Documents\My Games
[2011/12/20 16:49:15 | 000,000,000 | ---D | C] -- C:\Users\Devonasa\AppData\Roaming\Atari
[2011/12/20 16:32:04 | 000,000,000 | ---D | C] -- C:\Users\Devonasa\AppData\Roaming\Leadertech
[2011/12/20 16:00:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2011/12/20 15:58:47 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2011/12/20 15:58:17 | 000,000,000 | ---D | C] -- C:\Users\Devonasa\AppData\Roaming\DAEMON Tools Lite
[2011/12/20 15:58:09 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2011/12/18 01:54:15 | 000,000,000 | ---D | C] -- C:\Users\Devonasa\AppData\Roaming\GOL_byHasbro
[2011/12/15 18:43:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DJS Sims
[2011/12/08 15:05:14 | 000,000,000 | ---D | C] -- C:\Users\Devonasa\Documents\SoMud
[2011/12/08 14:59:35 | 000,000,000 | ---D | C] -- C:\Users\Devonasa\AppData\Roaming\SoMud
[2011/12/08 14:57:35 | 000,000,000 | ---D | C] -- C:\Program Files\SoMud FileBulldog Toolbar
[2011/12/08 14:54:07 | 000,000,000 | ---D | C] -- C:\Program Files\AP Suggestor
[2011/12/08 14:53:58 | 000,000,000 | ---D | C] -- C:\ProgramData\APSuggestor
[2011/12/08 14:53:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoMud
[2011/12/08 14:53:39 | 000,000,000 | ---D | C] -- C:\Program Files\SoMud
[2011/12/08 14:33:04 | 000,000,000 | ---D | C] -- C:\Users\Devonasa\Desktop\My Shared Folder

========== Files - Modified Within 30 Days ==========

[2011/12/30 18:54:04 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/30 18:00:04 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1663229470-2338449591-2720500769-1000UA.job
[2011/12/30 17:45:54 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/30 17:45:11 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/30 17:45:11 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/30 17:45:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/30 16:55:13 | 000,000,950 | ---- | M] () -- C:\Users\Devonasa\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/12/30 16:46:06 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011/12/30 16:46:06 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011/12/30 16:45:11 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011/12/30 15:32:08 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/12/30 15:07:25 | 004,356,838 | R--- | M] (Swearware) -- C:\Users\Devonasa\Desktop\ComboFix.exe
[2011/12/30 15:04:40 | 003,585,578 | ---- | M] () -- C:\Users\Devonasa\Desktop\Rice, Anne - Cry to Heaven.pdf
[2011/12/30 03:22:18 | 000,153,088 | ---- | M] () -- C:\Users\Devonasa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/30 02:51:29 | 463,449,540 | ---- | M] () -- C:\Users\Devonasa\Desktop\P4piThugz[bleep]3dUp.mp4
[2011/12/30 02:00:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1663229470-2338449591-2720500769-1000Core.job
[2011/12/30 01:50:54 | 030,728,744 | ---- | M] () -- C:\Users\Devonasa\Desktop\Secret Santa - Pikkon.zip
[2011/12/29 19:01:21 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Devonasa\Desktop\tdsskiller.exe
[2011/12/29 17:33:59 | 000,000,590 | ---- | M] () -- C:\Users\Devonasa\Desktop\MBR.zip
[2011/12/29 17:02:34 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Devonasa\Desktop\OTL.exe
[2011/12/29 15:52:31 | 000,000,512 | ---- | M] () -- C:\Users\Devonasa\Desktop\MBR.dat
[2011/12/29 13:40:02 | 175,803,661 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/12/29 13:21:16 | 004,702,720 | ---- | M] (AVAST Software) -- C:\Users\Devonasa\Desktop\aswMBR(1).exe
[2011/12/25 15:51:02 | 000,000,858 | ---- | M] () -- C:\HH0_HouseData.bin
[2011/12/25 15:50:30 | 000,001,927 | ---- | M] () -- C:\Users\Devonasa\Desktop\W7 - Sim Tracker.lnk
[2011/12/23 20:40:11 | 000,004,096 | ---- | M] () -- C:\Windows\d3dx.dat
[2011/12/21 10:19:49 | 000,000,196 | ---- | M] () -- C:\Windows\System32\itlsvc.dat
[2011/12/21 10:19:48 | 000,103,733 | ---- | M] () -- C:\Windows\System32\itusbcore.dat
[2011/12/21 00:17:09 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/12/21 00:17:09 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/12/21 00:06:03 | 000,000,933 | ---- | M] () -- C:\Users\Devonasa\Desktop\HG2 - Shortcut.lnk
[2011/12/20 16:48:59 | 000,001,074 | ---- | M] () -- C:\Users\Devonasa\Desktop\RCT3plus - Shortcut.lnk
[2011/12/20 16:19:21 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/20 16:19:21 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/20 16:02:31 | 000,001,742 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2011/12/15 03:35:25 | 003,730,792 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/13 01:27:21 | 000,000,000 | ---- | M] () -- C:\t1bg.5
[2011/12/08 14:53:50 | 000,000,791 | ---- | M] () -- C:\Users\Devonasa\Application Data\Microsoft\Internet Explorer\Quick Launch\SoMud.lnk
[2011/12/08 14:53:50 | 000,000,767 | ---- | M] () -- C:\Users\Public\Desktop\SoMud.lnk

========== Files Created - No Company Name ==========

[2011/12/30 16:45:11 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/12/30 15:04:40 | 003,585,578 | ---- | C] () -- C:\Users\Devonasa\Desktop\Rice, Anne - Cry to Heaven.pdf
[2011/12/30 02:31:57 | 463,449,540 | ---- | C] () -- C:\Users\Devonasa\Desktop\P4piThugz[bleep]3dUp.mp4
[2011/12/30 01:48:47 | 030,728,744 | ---- | C] () -- C:\Users\Devonasa\Desktop\Secret Santa - Pikkon.zip
[2011/12/29 17:33:59 | 000,000,590 | ---- | C] () -- C:\Users\Devonasa\Desktop\MBR.zip
[2011/12/29 15:56:55 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/29 15:56:54 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/29 15:56:53 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/29 15:56:53 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/29 15:56:53 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/29 15:52:31 | 000,000,512 | ---- | C] () -- C:\Users\Devonasa\Desktop\MBR.dat
[2011/12/29 13:40:02 | 175,803,661 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/12/25 15:51:01 | 000,000,858 | ---- | C] () -- C:\HH0_HouseData.bin
[2011/12/25 15:50:30 | 000,001,927 | ---- | C] () -- C:\Users\Devonasa\Desktop\W7 - Sim Tracker.lnk
[2011/12/23 20:40:11 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2011/12/21 00:17:09 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011/12/21 00:17:09 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011/12/21 00:06:03 | 000,000,933 | ---- | C] () -- C:\Users\Devonasa\Desktop\HG2 - Shortcut.lnk
[2011/12/20 16:48:59 | 000,001,074 | ---- | C] () -- C:\Users\Devonasa\Desktop\RCT3plus - Shortcut.lnk
[2011/12/20 16:02:31 | 000,001,742 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2011/12/15 18:41:25 | 003,844,711 | ---- | C] () -- C:\Users\Devonasa\Documents\WardrobeWranglerManual.pdf
[2011/12/15 18:41:25 | 001,464,604 | ---- | C] () -- C:\Users\Devonasa\Documents\InstallWardrobeWranger1.1.exe
[2011/12/13 01:27:21 | 000,000,000 | ---- | C] () -- C:\t1bg.5
[2011/12/08 14:53:50 | 000,000,791 | ---- | C] () -- C:\Users\Devonasa\Application Data\Microsoft\Internet Explorer\Quick Launch\SoMud.lnk
[2011/12/08 14:53:49 | 000,000,767 | ---- | C] () -- C:\Users\Public\Desktop\SoMud.lnk
[2011/11/03 20:54:21 | 000,000,196 | ---- | C] () -- C:\Windows\System32\itlsvc.dat
[2011/11/03 20:54:20 | 000,103,733 | ---- | C] () -- C:\Windows\System32\itusbcore.dat
[2011/09/15 02:39:32 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011/09/14 00:34:52 | 000,074,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/08/13 18:51:08 | 000,000,000 | ---- | C] () -- C:\Users\Devonasa\AppData\Local\{09D65B15-4284-4663-AB55-38DC4CF5780E}
[2011/08/10 17:10:51 | 000,000,274 | ---- | C] () -- C:\Windows\ulead32.ini
[2011/08/03 18:53:38 | 000,000,000 | ---- | C] () -- C:\Users\Devonasa\AppData\Local\{1CF3071A-A136-4BBC-A174-D3B2CFC1128A}
[2010/09/05 16:41:21 | 000,001,356 | ---- | C] () -- C:\Users\Devonasa\AppData\Local\d3d9caps.dat
[2010/09/05 16:36:58 | 000,042,594 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2010/02/07 23:10:21 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/02/07 23:10:20 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/02/06 06:04:48 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/01/30 20:01:11 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/01/30 16:56:39 | 000,153,088 | ---- | C] () -- C:\Users\Devonasa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/11/15 21:03:12 | 000,024,736 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2006/11/15 21:00:56 | 001,678,368 | ---- | C] () -- C:\Windows\System32\drivers\Lvckap.sys
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 003,730,792 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,604,502 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,104,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/12/21 00:17:36 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\Atari
[2011/03/30 22:45:19 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\Audacity
[2011/08/17 12:44:30 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/08/17 01:45:18 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011/12/21 00:00:51 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\DAEMON Tools Lite
[2010/02/05 06:01:23 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\DAEMON Tools Pro
[2010/02/26 19:24:52 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\Elluminate
[2011/12/21 00:25:07 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\GamesCafe
[2010/01/30 17:28:23 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\GetRightToGo
[2011/12/18 01:54:15 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\GOL_byHasbro
[2011/12/20 16:32:04 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\Leadertech
[2011/08/09 00:23:38 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\QuickScan
[2010/12/01 21:49:18 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\Research In Motion
[2011/12/08 15:07:48 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\SoMud
[2011/10/06 22:35:16 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\Spotify
[2010/01/30 18:34:45 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\Thinstall
[2010/03/29 20:16:44 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\Tific
[2010/05/24 16:42:41 | 000,000,000 | ---D | M] -- C:\Users\Devonasa\AppData\Roaming\Yandex
[2011/12/30 17:05:24 | 000,032,618 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

#14
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hello

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow AVP to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post


Now the Analysis

Rerun AVP and select the Manual Disinfection tab and press Start Gathering System Information

Posted Image

On completion click the link to locate the zip file to upload and attach to your next post

Posted Image

Next:

Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


Next:

I can see some disk problems in the logs but we will deal with them later
We are not finished yet, but how is your computer working? Are there any other problems?
  • 0

#15
Devonasa

Devonasa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Malwarebytes:

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.01.02

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Devonasa :: DEVONASA-PC [administrator]

1/1/2012 1:46:24 PM
mbam-log-2012-01-01 (13-46-24).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 185635
Time elapsed: 12 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\System32\config\systemprofile\Local Settings\Application Data\Microsoft\MicrosoftUpdate\Microsoftupdt32.dll (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

Sorry for the long delay in the update! But I think my computer is running together, I've run into no problems in a while. It's still lagging a bit though, but I'm not sure if that was due to the scans or not.

Attached Files


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP