Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HTTP Malicious Toolkit Variant Activity 13


  • This topic is locked This topic is locked
14 replies to this topic

#1 vitalbeach

vitalbeach

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Vancouver, BC
  • Local time:04:10 AM

Posted 29 September 2010 - 05:39 PM

I'm getting popups from my Norton Antivirus saying "A recent attempt to attack your computer has been blocked" and when I click on it, it says "An intrusion attempt by KRISSY-PC has been blocked".
This is particularly confusing because "KRISSY-PC" is the name of MY computer.

Here is DDS log:


DDS (Ver_10-03-17.01) - NTFSx86
Run by Krissy at 15:09:28.00 on 29/09/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
Microsoft Windows 7 Professional 6.1.7600.0.1252.2.1033.18.1013.195 [GMT -7:00]


============== Running Processes ===============


============== Pseudo HJT Report ===============

mStart Page = hxxp://www.toshiba.ca/welcome
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\17.8.0.5\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\17.8.0.5\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\mif5ba~1\office14\GROOVEEX.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mif5ba~1\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\17.8.0.5\coIEPlg.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [RtHDVBg] c:\program files\realtek\audio\hda\RtHDVBg.exe /FORPCEE3
mRun: [HWSetup] c:\program files\toshiba\utilities\HWSetup.exe hwSetUP
mRun: [KeNotify] c:\program files\toshiba\utilities\KeNotify.exe
mRun: [SVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [TWebCamera] "c:\program files\toshiba\toshiba web camera application\TWebCamera.exe" autorun
mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exe
mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe" /hide:60
mRun: [TosVolRegulator] c:\program files\toshiba\tosvolregulator\TosVolRegulator.exe
mRun: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
mRun: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\mif5ba~1\office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\mif5ba~1\office14\GROOVEEX.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\krissy\appdata\roaming\mozilla\firefox\profiles\po4ahb7q.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - prefs.js: network.proxy.type - 0
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\coffplgn\components\coFFPlgn.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\ipsffplgn\components\IPSFFPl.dll
FF - component: c:\users\krissy\appdata\roaming\mozilla\firefox\profiles\po4ahb7q.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - plugin: c:\progra~1\mif5ba~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\mif5ba~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\krissy\appdata\roaming\mozilla\firefox\profiles\po4ahb7q.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R? b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? esgiguard;esgiguard
R? Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service
R? RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader
R? StorSvc;Storage Service
R? SwitchBoard;Adobe SwitchBoard
R? WatAdminSvc;Windows Activation Technologies Service
S? Akamai;Akamai NetSession Interface
S? BHDrvx86;BHDrvx86
S? ccHP;Symantec Hash Provider
S? cfWiMAXService;ConfigFree WiMAX Service
S? ConfigFree Service;ConfigFree Service
S? EraserUtilRebootDrv;EraserUtilRebootDrv
S? IDSVix86;IDSVix86
S? NIS;Norton Internet Security
S? osppsvc;Office Software Protection Platform
S? PGEffect;Pangu effect driver
S? RTL8167;Realtek 8167 NT Driver
S? SymDS;Symantec Data Store
S? SymEFA;Symantec Extended File Attributes
S? SymIRON;Symantec Iron Driver
S? SYMTDIv;Symantec Vista Network Dispatch Driver
S? TMachInfo;TMachInfo
S? TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service
S? vwififlt;Virtual WiFi Filter Driver

=============== Created Last 30 ================

2010-09-29 04:26:39 146304 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2010-09-29 04:26:38 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2010-09-29 04:23:20 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-28 17:35:11 0 d-----w- c:\users\krissy\appdata\roaming\Research In Motion
2010-09-28 17:34:16 0 d-----w- c:\program files\common files\Research In Motion
2010-09-25 21:55:25 0 d-----w- c:\programdata\Messenger Plus!
2010-09-25 21:54:54 0 d-----w- c:\program files\Messenger Plus! Live
2010-09-21 05:55:27 0 d-----w- C:\hegames
2010-09-21 05:55:11 534 ----a-w- c:\windows\hegames.ini
2010-09-20 05:29:03 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2010-09-20 05:28:58 0 d-----w- c:\program files\SpywareBlaster
2010-09-20 05:24:28 0 d-----w- c:\users\krissy\appdata\roaming\WinPatrol
2010-09-20 05:24:08 0 d-----w- c:\program files\BillP Studios
2010-09-20 03:28:35 0 d-sh--w- C:\$RECYCLE.BIN
2010-09-19 10:32:33 0 d-----w- c:\windows\system32\Wat
2010-09-18 22:48:07 0 d-----w- c:\program files\ESET
2010-09-18 22:04:07 0 d-----w- c:\program files\Trend Micro
2010-09-18 21:13:27 316928 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-17 17:29:17 0 d-----w- c:\programdata\Sun
2010-09-17 17:28:08 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-17 16:49:24 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-09-17 16:49:24 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-09-17 08:06:22 0 d-----w- c:\programdata\Electronic Arts
2010-09-17 07:37:14 0 d-----w- c:\users\krissy\appdata\roaming\Malwarebytes
2010-09-17 07:36:48 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-17 07:36:45 0 d-----w- c:\programdata\Malwarebytes
2010-09-17 07:36:44 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-17 07:36:44 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-17 07:23:14 447752 ----a-w- c:\windows\system32\vp6vfw.dll
2010-09-17 07:23:03 0 d-----w- c:\program files\Microsoft WSE
2010-09-17 06:44:26 0 d-----w- C:\sh4ldr
2010-09-17 06:44:25 0 d-----w- c:\program files\Enigma Software Group
2010-09-17 06:41:29 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-09-15 22:04:07 737280 ----a-w- c:\windows\iun6002.exe
2010-09-15 22:02:45 0 d-----w- c:\program files\PopCap Games
2010-09-15 22:02:45 0 ----a-w- c:\windows\popcinfo.dat
2010-09-11 23:34:03 0 d-----w- c:\programdata\Sony
2010-09-11 23:33:24 0 d-----w- c:\program files\Sony
2010-09-10 01:01:56 0 d-----w- c:\users\krissy\appdata\roaming\QuickScan
2010-09-08 18:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 18:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-08 05:49:25 0 d-----w- c:\program files\Microsoft Synchronization Services
2010-09-08 05:39:27 0 d-----w- c:\program files\Microsoft Visual Studio 8
2010-09-08 05:37:43 0 d-----w- c:\program files\Microsoft Analysis Services
2010-09-08 02:14:13 0 d-----w- c:\programdata\Google
2010-09-08 01:38:35 0 d-----w- c:\windows\system32\appmgmt
2010-09-07 17:46:45 0 d-----w- c:\program files\osu!
2010-09-07 17:44:30 0 d-----w- c:\users\krissy\appdata\roaming\Downloaded Installations
2010-09-04 20:13:25 0 d-----w- c:\program files\Windows Journal
2010-09-04 20:13:19 0 d-----w- c:\windows\ehome
2010-09-04 20:12:03 53551 ----a-w- c:\windows\Professional.xml
2010-09-04 19:48:19 20 --sh--r- C:\win7.ld
2010-09-04 19:48:17 291725 --sh--r- C:\IXCLS
2010-09-04 19:30:53 0 d-----w- c:\program files\iPod
2010-09-04 19:30:48 0 d-----w- c:\program files\iTunes
2010-09-04 19:07:57 65536 --sha-w- c:\users\krissy\ntuser.dat{cebf6ede-b854-11df-a526-88ae1d3f0a53}.TM.blf
2010-09-04 19:07:57 524288 --sha-w- c:\users\krissy\ntuser.dat{cebf6ede-b854-11df-a526-88ae1d3f0a53}.TMContainer00000000000000000002.regtrans-ms
2010-09-04 19:07:57 524288 --sha-w- c:\users\krissy\ntuser.dat{cebf6ede-b854-11df-a526-88ae1d3f0a53}.TMContainer00000000000000000001.regtrans-ms
2010-09-03 19:51:21 0 d-----w- c:\users\krissy\appdata\roaming\Tific
2010-09-03 19:49:22 65536 --sha-w- c:\users\krissy\ntuser.dat{f23e75e5-b792-11df-b10e-e5827c19434b}.TM.blf
2010-09-03 19:49:22 524288 --sha-w- c:\users\krissy\ntuser.dat{f23e75e5-b792-11df-b10e-e5827c19434b}.TMContainer00000000000000000002.regtrans-ms
2010-09-03 19:49:22 524288 --sha-w- c:\users\krissy\ntuser.dat{f23e75e5-b792-11df-b10e-e5827c19434b}.TMContainer00000000000000000001.regtrans-ms
2010-09-02 21:43:23 0 d-----w- c:\program files\Norton Security Scan
2010-09-02 21:43:22 0 d-----w- c:\programdata\Symantec
2010-08-31 22:00:02 0 d-----w- c:\program files\Project64 1.6
2010-08-31 19:46:56 0 d-----w- c:\program files\CLANNAD Full Voice

==================== Find3M ====================

2010-09-04 00:39:39 46 ----a-w- c:\users\krissy\jagex_runescape_preferences.dat
2010-09-04 00:38:51 99 ----a-w- c:\users\krissy\jagex_runescape_preferences2.dat
2010-08-18 03:51:01 1228400 ----a-w- c:\users\krissy\Photoshop_12_LS1.exe
2010-08-08 07:11:23 0 ----a-w- c:\users\krissy\jagex__preferences3.dat
2010-08-08 01:55:13 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-08-08 01:55:13 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-08-08 01:55:13 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-07-29 06:30:49 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30:34 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-07-21 02:06:00 507904 ----a-r- c:\windows\system32\btwapi.dll
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 15:12:21.83 ===============

I got BlueScreened when I tried to run GMER.

Please help!

Attached Files



BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,815 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:10 PM

Posted 04 October 2010 - 05:50 AM

Hello ,
And welcome.gif to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Quick Scan button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
Please download Rootkit Unhooker and save it to your Desktop
  • Double-click on RKUnhookerLE to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth and uncheck the rest
  • Click OK
  • Wait until it's finished and then go to File > Save Report
  • Save the report to your Desktop
Copy the entire contents of the report and paste it in a reply here.

Note - you may get this warning it is ok, just ignore: "Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • RKU log

Thanks and again sorry for the delay.

Hello ,
And welcome.gif to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Quick Scan button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
Please download Rootkit Unhooker and save it to your Desktop
  • Double-click on RKUnhookerLE to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth and uncheck the rest
  • Click OK
  • Wait until it's finished and then go to File > Save Report
  • Save the report to your Desktop
Copy the entire contents of the report and paste it in a reply here.

Note - you may get this warning it is ok, just ignore: "Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • RKU log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 vitalbeach

vitalbeach
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Vancouver, BC
  • Local time:04:10 AM

Posted 04 October 2010 - 09:09 AM

I forgot to mention that my entire computer is running fairly slowly, and the internet and programs stop responding often.

The OTL scan doesn't seem to be working.
When I click quick scan, it just freezes the program.

Here is the RootKit Unhooker log:

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows 7
Version 6.1.7600
Number of processors #2
==============================================
>Drivers
==============================================
0x91A3A000 C:\windows\system32\DRIVERS\igdkmd32.sys 5275648 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver)
0x81A12000 C:\windows\system32\ntkrnlpa.exe 4259840 bytes (Microsoft Corporation, NT Kernel & System)
0x81A12000 PnpManager 4259840 bytes
0x81A12000 RAW 4259840 bytes
0x81A12000 WMIxWDM 4259840 bytes
0x94010000 C:\windows\system32\drivers\RTKVHDA.sys 3067904 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0x945A0000 Win32k 2400256 bytes
0x945A0000 C:\windows\System32\win32k.sys 2400256 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xB28A8000 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20101003.002\NAVEX15.SYS 1368064 bytes (Symantec Corporation, AV Engine)
0x86A1C000 C:\windows\System32\drivers\tcpip.sys 1347584 bytes (Microsoft Corporation, TCP/IP Driver)
0x92024000 C:\windows\system32\DRIVERS\athr.sys 1241088 bytes (Atheros Communications, Inc., Atheros Extensible Wireless LAN device driver)
0x8663C000 C:\windows\System32\Drivers\Ntfs.sys 1241088 bytes (Microsoft Corporation, NT File System Driver)
0x936A1000 C:\windows\System32\Drivers\dump_iaStor.sys 892928 bytes
0x86432000 C:\windows\system32\DRIVERS\iaStor.sys 892928 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0x91F42000 C:\windows\System32\drivers\dxgkrnl.sys 749568 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8689C000 C:\windows\system32\drivers\ndis.sys 749568 bytes (Microsoft Corporation, NDIS 6.20 driver)
0x9114F000 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20100901.003\BHDrvx86.sys 704512 bytes (Symantec Corporation, BASH Driver)
0x860FE000 C:\windows\system32\CI.dll 700416 bytes (Microsoft Corporation, Code Integrity Module)
0xAD26F000 C:\windows\system32\drivers\peauth.sys 618496 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x89E00000 C:\windows\system32\drivers\HTTP.sys 544768 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x910C2000 C:\windows\system32\drivers\NIS\1108000.005\ccHPx86.sys 520192 bytes (Symantec Corporation, Common Client Hash Provider Driver)
0x8602B000 C:\windows\system32\mcupdate_GenuineIntel.dll 491520 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x86236000 C:\windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0x91023000 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 385024 bytes (Symantec Corporation, Symantec Eraser Control Driver)
0x86828000 C:\windows\System32\Drivers\cng.sys 380928 bytes (Microsoft Corporation, Kernel Cryptography, Next Generation)
0x9042D000 C:\windows\system32\drivers\afd.sys 368640 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x89F9F000 C:\windows\System32\Drivers\NIS\1108000.005\SYMTDIV.SYS 364544 bytes (Symantec Corporation, Network Dispatch Driver)
0xB2814000 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20100930.005\IDSvix86.sys 360448 bytes (Symantec Corporation, IDS Core Driver)
0x89EEF000 C:\windows\System32\Drivers\NIS\1108000.005\SRTSP.SYS 356352 bytes (Symantec Corporation, Symantec AutoProtect)
0x8657F000 C:\windows\system32\drivers\NIS\1108000.005\SYMDS.SYS 352256 bytes (Symantec Corporation, Symantec Data Store)
0xAD38D000 C:\windows\System32\DRIVERS\srv.sys 331776 bytes (Microsoft Corporation, Server driver)
0xAD33E000 C:\windows\System32\DRIVERS\srv2.sys 323584 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x94450000 C:\windows\System32\ATMFD.DLL 315392 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x921AE000 C:\windows\system32\DRIVERS\USBPORT.SYS 307200 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x86384000 C:\windows\System32\drivers\volmgrx.sys 307200 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x862B5000 C:\windows\system32\DRIVERS\ACPI.sys 294912 bytes (Microsoft Corporation, ACPI Driver for NT)
0x9377B000 C:\windows\system32\DRIVERS\nwifi.sys 286720 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x9215E000 C:\windows\system32\DRIVERS\Rt86win7.sys 282624 bytes (Realtek , Realtek 8101E/8168/8169 NDIS 6.20 32-bit Driver )
0x9364C000 C:\windows\system32\DRIVERS\usbhub.sys 278528 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x860BC000 C:\windows\system32\CLFS.SYS 270336 bytes (Microsoft Corporation, Common Log File System Driver)
0x90549000 C:\windows\system32\DRIVERS\rdbss.sys 266240 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x86B96000 C:\windows\system32\DRIVERS\volsnap.sys 258048 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x86953000 C:\windows\system32\drivers\NETIO.SYS 253952 bytes (Microsoft Corporation, Network I/O Subsystem)
0x89EA8000 C:\windows\system32\DRIVERS\mrxsmb10.sys 241664 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x86600000 C:\windows\system32\DRIVERS\SynTP.sys 237568 bytes (Synaptics Incorporated, Synaptics Touchpad Driver)
0x91A00000 C:\windows\System32\drivers\dxgmms1.sys 233472 bytes (Microsoft Corporation, DirectX Graphics MMS)
0x81E22000 ACPI_HAL 225280 bytes
0x81E22000 C:\windows\system32\halmacpi.dll 225280 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x8654B000 C:\windows\system32\drivers\fltmgr.sys 212992 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x9360A000 C:\windows\system32\DRIVERS\ks.sys 212992 bytes (Microsoft Corporation, Kernel CSA Library)
0x867A9000 C:\windows\System32\DRIVERS\fvevol.sys 204800 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver)
0x90487000 C:\windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x86B65000 C:\windows\System32\drivers\fwpkclnt.sys 200704 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x942FD000 C:\windows\system32\drivers\portcls.sys 192512 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x869B6000 C:\windows\System32\drivers\rdyboost.sys 184320 bytes (Microsoft Corporation, ReadyBoost Driver)
0x86400000 C:\windows\system32\drivers\NIS\1108000.005\SYMEFA.SYS 184320 bytes (Symantec Corporation, Symantec Extended File Attributes)
0x8676B000 C:\windows\System32\Drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x8630E000 C:\windows\system32\DRIVERS\pci.sys 172032 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x86800000 C:\windows\system32\DRIVERS\CLASSPNP.SYS 151552 bytes (Microsoft Corporation, SCSI Class System Dll)
0x86991000 C:\windows\System32\Drivers\ksecpkg.sys 151552 bytes (Microsoft Corporation, Kernel Security Support Provider Interface Packages)
0x8A95E000 C:\windows\system32\Drivers\SYMEVENT.SYS 151552 bytes (Symantec Corporation, Symantec Event Library)
0x94384000 C:\windows\System32\Drivers\usbvideo.sys 147456 bytes (Microsoft Corporation, USB Video Class Driver)
0x86515000 C:\windows\system32\DRIVERS\ataport.SYS 143360 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x89E85000 C:\windows\system32\DRIVERS\mrxsmb.sys 143360 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x861A9000 C:\windows\system32\DRIVERS\ndiswan.sys 139264 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x90521000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0xAD310000 C:\windows\System32\DRIVERS\srvnet.sys 135168 bytes (Microsoft Corporation, Server Network driver)
0x91000000 C:\windows\system32\DRIVERS\tunnel.sys 135168 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8A9B1000 C:\windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x867DB000 C:\windows\system32\DRIVERS\HDAudBus.sys 126976 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x89F46000 C:\windows\system32\drivers\NIS\1108000.005\Ironx86.SYS 126976 bytes (Symantec Corporation, Iron Driver)
0x904C0000 C:\windows\system32\DRIVERS\pacer.sys 126976 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x94430000 C:\windows\System32\cdd.dll 122880 bytes (Microsoft Corporation, Canonical Display Driver)
0x91081000 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 118784 bytes (Symantec Corporation, Symantec Eraser Utility Driver)
0x943B9000 C:\windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0xAD23C000 C:\windows\system32\DRIVERS\mrxsmb20.sys 110592 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x943D4000 C:\windows\system32\drivers\WudfPf.sys 106496 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x937D4000 C:\windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x9432C000 C:\windows\system32\drivers\drmk.sys 102400 bytes (Microsoft Corporation, Microsoft Trusted Audio Drivers)
0x910AA000 C:\windows\System32\Drivers\dfsc.sys 98304 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x90412000 C:\windows\system32\DRIVERS\i8042prt.sys 98304 bytes (Microsoft Corporation, i8042 Port Driver)
0x86212000 C:\windows\system32\DRIVERS\rasl2tp.sys 98304 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x861CB000 C:\windows\system32\DRIVERS\raspppoe.sys 98304 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x861E3000 C:\windows\system32\DRIVERS\raspptp.sys 94208 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x86000000 C:\windows\system32\DRIVERS\rassstp.sys 94208 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x89F7D000 C:\windows\system32\DRIVERS\tdx.sys 94208 bytes (Microsoft Corporation, TDI Translation Driver)
0x9435C000 C:\windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0x863CF000 C:\windows\System32\drivers\mountmgr.sys 90112 bytes (Microsoft Corporation, Mount Point Manager)
0xB2800000 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20101003.002\NAVENG.SYS 81920 bytes (Symantec Corporation, AV Engine)
0x86796000 C:\windows\System32\Drivers\ksecdd.sys 77824 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x937C1000 C:\windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x904FE000 C:\windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x86200000 C:\windows\system32\DRIVERS\AgileVpn.sys 73728 bytes (Microsoft Corporation, RAS Agile Vpn Miniport Call Manager)
0x90400000 C:\windows\system32\DRIVERS\intelppm.sys 73728 bytes (Microsoft Corporation, Processor Device Driver)
0x937ED000 C:\windows\System32\drivers\mpsdrv.sys 73728 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x86A00000 C:\windows\system32\DRIVERS\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x94373000 C:\windows\System32\Drivers\dump_dumpfve.sys 69632 bytes
0x865D5000 C:\windows\system32\drivers\fileinfo.sys 69632 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x93690000 C:\windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x86350000 C:\windows\System32\drivers\partmgr.sys 69632 bytes (Microsoft Corporation, Partition Management Driver)
0x860A3000 C:\windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x904DF000 C:\windows\system32\DRIVERS\vwififlt.sys 69632 bytes (Microsoft Corporation, Virtual WiFi Filter Driver)
0x943EE000 C:\windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x86BE2000 C:\windows\System32\Drivers\mup.sys 65536 bytes (Microsoft Corporation, Multiple UNC Provider Driver)
0x94000000 C:\windows\system32\DRIVERS\ndisuio.sys 65536 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x90511000 C:\windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Remote Desktop Server Driver)
0x86374000 C:\windows\system32\DRIVERS\volmgr.sys 65536 bytes (Microsoft Corporation, Volume Manager Driver)
0x92000000 C:\windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x91141000 C:\windows\system32\DRIVERS\blbdrive.sys 57344 bytes (Microsoft Corporation, BLB Drive Driver)
0x904F0000 C:\windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x89F6F000 C:\windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x863EC000 C:\windows\system32\DRIVERS\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x86885000 C:\windows\System32\drivers\pcw.sys 57344 bytes (Microsoft Corporation, Performance Counters for Windows Driver)
0x9363E000 C:\windows\system32\DRIVERS\umbus.sys 57344 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x862A7000 C:\windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0x865E6000 C:\windows\system32\DRIVERS\CompositeBus.sys 53248 bytes (Microsoft Corporation, Multi-Transport Composite Bus Enumerator)
0x94345000 C:\windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x92013000 C:\windows\system32\DRIVERS\kbdclass.sys 53248 bytes (Microsoft Corporation, Keyboard Class Driver)
0x86343000 C:\windows\system32\DRIVERS\LPCFilter.sys 53248 bytes (COMPAL ELECTRONIC INC., LPCFilter)
0x869F0000 C:\windows\system32\DRIVERS\mouclass.sys 53248 bytes (Microsoft Corporation, Mouse Class Driver)
0xAD331000 C:\windows\System32\drivers\tcpipreg.sys 53248 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x8A9D2000 C:\windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x9109E000 C:\windows\System32\drivers\discache.sys 49152 bytes (Microsoft Corporation, System Indexer/Cache Driver)
0x8A9A5000 C:\windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x86369000 C:\windows\system32\DRIVERS\BATTC.SYS 45056 bytes (Microsoft Corporation, Battery Class Driver)
0x943AE000 C:\windows\system32\DRIVERS\monitor.sys 45056 bytes (Microsoft Corporation, Monitor Driver)
0x8A800000 C:\windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x86A11000 C:\windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x89F94000 C:\windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x921A3000 C:\windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x86338000 C:\windows\system32\DRIVERS\vdrvroot.sys 45056 bytes (Microsoft Corporation, Virtual Drive Root Enumerator)
0x94352000 C:\windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x86538000 C:\windows\system32\DRIVERS\msahci.sys 40960 bytes (Microsoft Corporation, MS AHCI 1.0 Standard Driver)
0x90594000 C:\windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x9058A000 C:\windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x905F6000 C:\windows\system32\DRIVERS\rdpbus.sys 40960 bytes (Microsoft Corporation, Microsoft RDP Bus Device driver)
0xAD306000 C:\windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x89F65000 C:\windows\system32\drivers\NIS\1108000.005\SRTSPX.SYS 40960 bytes (Symantec Corporation, Symantec AutoProtect)
0xB29F6000 C:\windows\system32\DRIVERS\vwifibus.sys 40960 bytes (Microsoft Corporation, Virtual WiFi Bus Driver)
0x86542000 C:\windows\system32\DRIVERS\amdxata.sys 36864 bytes (Advanced Micro Devices, Storage Filter Driver)
0xB286F000 C:\windows\system32\DRIVERS\asyncmac.sys 36864 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0x8650C000 C:\windows\system32\DRIVERS\atapi.sys 36864 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x86893000 C:\windows\System32\Drivers\Fs_Rec.sys 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0xB2878000 C:\windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x94400000 C:\windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x862FD000 C:\windows\system32\DRIVERS\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x860B4000 C:\windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x86361000 C:\windows\system32\DRIVERS\compbatt.sys 32768 bytes (Microsoft Corporation, Composite Battery Driver)
0x86BF2000 C:\windows\System32\drivers\hwpolicy.sys 32768 bytes (Microsoft Corporation, Hardware Policy Driver)
0x81908000 C:\windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Serial Kernel Debugger)
0x86306000 C:\windows\system32\DRIVERS\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8A9DF000 C:\windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8A9E7000 C:\windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Encoder Miniport)
0x8A9EF000 C:\windows\system32\drivers\rdprefmp.sys 32768 bytes (Microsoft Corporation, RDP Reflector Driver Miniport)
0x86BDA000 C:\windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x8A99E000 C:\windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x8A997000 C:\windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x863E5000 C:\windows\system32\DRIVERS\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x904B9000 C:\windows\system32\DRIVERS\wfplwf.sys 28672 bytes (Microsoft Corporation, WFP NDIS 6.20 Lightweight Filter Driver)
0x943A8000 C:\windows\system32\DRIVERS\pgeffect.sys 24576 bytes (TOSHIBA Corporation, TOSHIBA Universal Camera Filter Driver)
0x90543000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0x86BD5000 C:\windows\system32\DRIVERS\TVALZ_O.SYS 20480 bytes (TOSHIBA Corporation, TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver)
0x9200F000 C:\windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0x92022000 C:\windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x92020000 C:\windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================
0x05830000 Hidden Image-->PCHealthInfo.dll [ EPROCESS 0x83883770 ] PID: 3448, 110592 bytes
0x05850000 Hidden Image-->SwUpdates.dll [ EPROCESS 0x83883770 ] PID: 3448, 126976 bytes
0x8A90FF2E Unknown thread object [ ETHREAD 0x85264020 ] , 600 bytes
0x089F0000 Hidden Image-->Microsoft.mshtml.dll [ EPROCESS 0x83883770 ] PID: 3448, 8015872 bytes
0x03BB0000 Hidden Image-->Alerts.dll [ EPROCESS 0x83883770 ] PID: 3448, 94208 bytes



#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,815 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:10 PM

Posted 04 October 2010 - 11:52 AM

Hi there, please run the following and then retry OTL.

COMBOFIX
---------------
Please download ComboFix from one of these locations:
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 vitalbeach

vitalbeach
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Vancouver, BC
  • Local time:04:10 AM

Posted 04 October 2010 - 12:37 PM

ComboFix won't run, either.
When I double click the icon, it starts to load, and when it is finished, it just closes, and nothing happens.

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,815 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:10 PM

Posted 04 October 2010 - 02:54 PM

Please try it from safe mode.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 vitalbeach

vitalbeach
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Vancouver, BC
  • Local time:04:10 AM

Posted 04 October 2010 - 06:33 PM

Okay never mind, it ran, it just took a really long time to open.
Here is the log:

ComboFix 10-10-03.03 - Krissy 04/10/2010 10:47:04.3.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.2.1033.18.1013.393 [GMT -7:00]
Running from: c:\users\Krissy\Downloads\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\xp
c:\programdata\xp\EBLib.dll
c:\programdata\xp\TPwSav.sys

.
((((((((((((((((((((((((( Files Created from 2010-09-04 to 2010-10-04 )))))))))))))))))))))))))))))))
.

2010-10-04 23:20 . 2010-10-04 23:21 -------- d-----w- c:\users\Krissy\AppData\Local\temp
2010-10-04 23:20 . 2010-10-04 23:20 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-10-04 23:20 . 2010-10-04 23:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-04 17:34 . 2010-10-04 17:38 -------- d-----w- C:\32788R22FWJFW
2010-10-04 17:11 . 2010-10-04 17:11 -------- d-----w- c:\windows\en
2010-10-04 17:09 . 2010-09-23 07:21 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2010-10-04 16:48 . 2010-10-04 16:48 -------- d-----w- c:\program files\MSN Toolbar
2010-10-04 16:43 . 2010-10-04 16:51 -------- d-----w- c:\program files\Bing Bar Installer
2010-10-04 16:42 . 2009-09-05 00:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2010-10-04 16:42 . 2009-09-05 00:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-10-04 16:42 . 2009-09-05 00:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-10-04 16:33 . 2010-08-11 04:44 2983424 ----a-w- c:\windows\system32\UIRibbon.dll
2010-10-04 16:33 . 2010-08-11 04:35 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-10-04 16:25 . 2010-05-23 10:11 196608 ----a-w- c:\windows\system32\mfreadwrite.dll
2010-10-04 16:25 . 2010-05-23 10:11 3181568 ----a-w- c:\windows\system32\mf.dll
2010-10-04 16:25 . 2010-05-23 10:15 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL
2010-10-04 16:13 . 2010-10-04 17:25 -------- d-----w- c:\users\Krissy\AppData\Local\Windows Live
2010-10-01 04:17 . 2010-09-24 23:43 618128 ----a-w- c:\users\Krissy\AppData\Roaming\Mozilla\Firefox\Profiles\po4ahb7q.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
2010-10-01 04:17 . 2010-09-24 23:42 644384 ----a-w- c:\users\Krissy\AppData\Roaming\Mozilla\Firefox\Profiles\po4ahb7q.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2010-09-30 00:18 . 2010-09-30 00:18 63488 ----a-w- c:\users\Krissy\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-09-30 00:18 . 2010-09-30 00:18 52224 ----a-w- c:\users\Krissy\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-09-30 00:18 . 2010-09-30 00:18 117760 ----a-w- c:\users\Krissy\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-30 00:17 . 2010-09-30 00:17 -------- d-----w- c:\users\Krissy\AppData\Roaming\SUPERAntiSpyware.com
2010-09-30 00:17 . 2010-09-30 00:17 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-09-30 00:17 . 2010-09-30 00:18 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-09-29 23:04 . 2010-09-29 23:04 -------- d-----w- c:\program files\iPod
2010-09-29 23:03 . 2010-09-29 23:05 -------- d-----w- c:\program files\iTunes
2010-09-29 22:57 . 2010-09-29 22:57 -------- d-----w- c:\program files\Bonjour
2010-09-29 22:56 . 2010-09-29 22:56 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 10.0.1.22\SetupAdmin.exe
2010-09-29 04:26 . 2010-03-04 04:04 146304 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2010-09-29 04:26 . 2010-03-04 03:57 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2010-09-29 04:23 . 2010-06-19 06:15 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-28 17:35 . 2010-09-28 17:35 -------- d-----w- c:\users\Krissy\AppData\Roaming\Research In Motion
2010-09-28 17:34 . 2010-09-28 17:34 53248 ----a-r- c:\users\Krissy\AppData\Roaming\Microsoft\Installer\{EA50F6E4-8542-4B2B-B344-D080D5DA0EB1}\ARPPRODUCTICON.exe
2010-09-28 17:34 . 2010-09-28 17:34 -------- d-----w- c:\program files\Common Files\Research In Motion
2010-09-25 21:55 . 2010-09-25 21:55 -------- d-----w- c:\programdata\Messenger Plus!
2010-09-25 21:54 . 2010-09-25 21:54 -------- d-----w- c:\program files\Messenger Plus! Live
2010-09-23 07:47 . 2010-09-23 07:47 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-09-23 07:32 . 2010-09-23 07:32 301936 ----a-w- c:\windows\WLXPGSS.SCR
2010-09-23 05:49 . 2010-09-23 05:51 -------- d-----w- c:\program files\QuickTime
2010-09-21 21:03 . 2010-09-21 21:03 208768 ----a-w- c:\windows\system32\LIVESSP.DLL
2010-09-21 05:55 . 2010-09-21 05:58 -------- d-----w- C:\hegames
2010-09-20 05:29 . 2010-01-11 02:40 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2010-09-20 05:28 . 2010-09-20 05:32 -------- d-----w- c:\program files\SpywareBlaster
2010-09-20 05:24 . 2010-09-20 05:24 -------- d-----w- c:\users\Krissy\AppData\Roaming\WinPatrol
2010-09-20 05:24 . 2009-06-10 21:42 24 ----a-w- c:\users\Krissy\AppData\Roaming\WinPatrol\Autoexec.bat
2010-09-20 05:24 . 2009-06-10 21:42 10 ----a-w- c:\users\Krissy\AppData\Roaming\WinPatrol\Config.sys
2010-09-20 05:24 . 2010-09-20 05:24 -------- d-----w- c:\program files\BillP Studios
2010-09-19 10:32 . 2010-09-19 10:32 -------- d-----w- c:\windows\system32\Wat
2010-09-18 22:48 . 2010-09-18 22:48 -------- d-----w- c:\program files\ESET
2010-09-18 22:13 . 2010-09-18 22:13 388096 ----a-r- c:\users\Krissy\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-18 22:04 . 2010-09-18 22:04 -------- d-----w- c:\program files\Trend Micro
2010-09-18 21:16 . 2010-09-18 21:16 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-09-18 21:13 . 2010-08-21 05:32 316928 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-17 17:29 . 2010-09-17 17:29 -------- d-----w- c:\program files\Common Files\Java
2010-09-17 17:28 . 2010-07-17 12:00 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-17 16:49 . 2010-09-20 05:12 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-09-17 16:49 . 2010-09-20 05:08 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-09-17 08:06 . 2010-09-17 08:11 -------- d-----w- c:\programdata\Electronic Arts
2010-09-17 07:37 . 2010-09-17 07:37 -------- d-----w- c:\users\Krissy\AppData\Roaming\Malwarebytes
2010-09-17 07:36 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-17 07:36 . 2010-09-17 07:36 -------- d-----w- c:\programdata\Malwarebytes
2010-09-17 07:36 . 2010-09-17 07:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-17 07:36 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-17 07:23 . 2008-09-04 18:17 447752 ----a-w- c:\windows\system32\vp6vfw.dll
2010-09-17 07:23 . 2010-09-17 07:23 10134 ----a-r- c:\users\Krissy\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2010-09-17 07:23 . 2010-09-17 07:23 -------- d-----w- c:\program files\Microsoft WSE
2010-09-17 06:53 . 2010-09-17 07:34 -------- d-----w- c:\program files\Electronic Arts
2010-09-17 06:44 . 2010-09-17 06:44 110080 ----a-r- c:\users\Krissy\AppData\Roaming\Microsoft\Installer\{95431C66-CF9A-4913-BFFF-6050785AFB65}\IconF7A21AF7.exe
2010-09-17 06:44 . 2010-09-17 06:44 110080 ----a-r- c:\users\Krissy\AppData\Roaming\Microsoft\Installer\{95431C66-CF9A-4913-BFFF-6050785AFB65}\IconD7F16134.exe
2010-09-17 06:44 . 2010-09-17 06:44 -------- d-----w- C:\sh4ldr
2010-09-17 06:44 . 2010-09-17 06:44 -------- d-----w- c:\program files\Enigma Software Group
2010-09-17 06:41 . 2010-09-17 06:41 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-09-15 22:04 . 2010-09-15 22:03 737280 ----a-w- c:\windows\iun6002.exe
2010-09-15 22:02 . 2010-09-15 22:02 0 ----a-w- c:\windows\popcinfo.dat
2010-09-15 22:02 . 2010-09-15 22:02 -------- d-----w- c:\program files\PopCap Games
2010-09-12 02:26 . 2010-09-12 02:26 -------- d-----w- c:\users\Krissy\AppData\Local\Diagnostics
2010-09-11 23:34 . 2010-09-11 23:34 -------- d-----w- c:\programdata\Sony
2010-09-11 23:33 . 2010-09-11 23:33 -------- d-----w- c:\program files\Sony
2010-09-11 21:10 . 2010-09-11 21:10 -------- d-----w- c:\users\Krissy\AppData\Local\Sony
2010-09-11 21:10 . 2010-09-11 21:10 -------- d-----w- c:\users\Krissy\AppData\Roaming\Sony
2010-09-10 01:01 . 2010-10-01 06:29 -------- d-----w- c:\users\Krissy\AppData\Roaming\QuickScan
2010-09-10 00:53 . 2010-09-10 00:53 -------- d-----w- c:\windows\Sun
2010-09-08 05:49 . 2010-09-08 05:49 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-09-08 05:48 . 2010-09-20 17:46 -------- d-----w- c:\program files\Microsoft.NET
2010-09-08 05:39 . 2010-09-08 05:39 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-09-08 05:37 . 2010-09-08 05:37 -------- d-----w- c:\program files\Microsoft Analysis Services
2010-09-08 05:37 . 2010-09-08 05:37 -------- d-----w- c:\users\Krissy\AppData\Local\Microsoft Help
2010-09-07 17:46 . 2010-09-08 01:40 -------- d-----w- c:\program files\osu!
2010-09-07 17:44 . 2010-09-07 17:44 -------- d-----w- c:\users\Krissy\AppData\Roaming\Downloaded Installations
2010-09-07 17:30 . 2010-09-07 17:26 185640 ----a-w- c:\programdata\DivX\Setup\finishPlugin.dll
2010-09-07 17:30 . 2010-09-07 17:30 56765 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-09-07 17:30 . 2010-09-07 17:30 56997 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe
2010-09-07 17:30 . 2010-09-07 17:30 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe
2010-09-07 17:30 . 2010-09-07 17:30 57691 ----a-w- c:\programdata\DivX\Player\Uninstaller.exe
2010-09-07 17:28 . 2010-09-07 17:28 84063 ----a-w- c:\programdata\DivX\TransferWizard\Uninstaller.exe
2010-09-07 17:27 . 2010-09-07 17:27 54153 ----a-w- c:\programdata\DivX\DFXPlugin\Uninstaller.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-04 23:02 . 2010-08-18 03:30 -------- d-----w- c:\program files\Common Files\Akamai
2010-10-04 17:11 . 2010-05-29 16:37 -------- d-----w- c:\program files\Windows Live
2010-10-04 16:59 . 2010-08-15 04:23 -------- d-----w- c:\users\Krissy\AppData\Roaming\LimeWire
2010-10-02 16:54 . 2010-08-08 03:49 -------- d-----w- c:\program files\LimeWire
2010-09-29 23:04 . 2010-08-08 03:27 -------- d-----w- c:\program files\Common Files\Apple
2010-09-29 05:07 . 2010-05-29 16:42 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-27 02:39 . 2010-08-12 17:47 -------- d-----w- c:\programdata\Zoom Player
2010-09-22 22:39 . 2010-08-11 20:03 -------- d-----w- c:\users\Krissy\AppData\Roaming\uTorrent
2010-09-19 10:16 . 2010-05-29 16:55 -------- d-----w- c:\programdata\Microsoft Help
2010-09-18 21:21 . 2010-04-14 09:36 -------- d-----w- c:\program files\Common Files\Adobe
2010-09-17 17:27 . 2010-04-14 09:32 -------- d-----w- c:\program files\Java
2010-09-17 06:53 . 2010-04-14 09:32 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-08 06:24 . 2010-08-08 01:56 110816 ----a-w- c:\users\Krissy\AppData\Local\GDIPFONTCACHEV1.DAT
2010-09-08 05:50 . 2009-07-14 04:52 -------- d-----w- c:\program files\MSBuild
2010-09-08 05:48 . 2010-05-29 16:40 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-09-08 02:14 . 2010-08-12 19:08 -------- d-----w- c:\program files\Google
2010-09-07 17:31 . 2010-08-12 19:14 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-09-07 17:30 . 2010-08-12 19:08 -------- d-----w- c:\programdata\DivX
2010-09-07 17:30 . 2010-08-12 19:08 -------- d-----w- c:\program files\DivX
2010-09-07 17:25 . 2010-08-12 19:08 144696 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-09-07 17:25 . 2010-08-12 19:13 1062184 ----a-w- c:\programdata\DivX\Setup\Resource.dll
2010-09-07 17:25 . 2010-08-12 19:13 850200 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2010-09-04 20:13 . 2009-07-14 04:52 -------- d-----w- c:\program files\DVD Maker
2010-09-04 20:13 . 2010-09-04 20:13 -------- d-----w- c:\program files\Windows Journal
2010-09-04 20:13 . 2010-09-04 20:13 -------- d-----w- c:\users\Default\AppData\Roaming\Media Center Programs
2010-09-04 19:06 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail
2010-09-04 19:05 . 2010-05-29 16:12 -------- d-----w- c:\programdata\Norton
2010-09-04 19:05 . 2010-08-12 17:47 -------- d-----w- c:\program files\Zoom Player
2010-09-04 19:05 . 2010-08-11 20:03 -------- d-----w- c:\program files\uTorrent
2010-09-04 19:05 . 2010-08-08 22:41 -------- d-----w- c:\program files\Winamp
2010-09-04 19:05 . 2010-05-29 17:04 -------- d-----w- c:\program files\Microsoft Office Suite Activation Assistant
2010-09-04 19:05 . 2010-05-29 16:52 -------- d-----w- c:\program files\Microsoft Works
2010-09-04 19:05 . 2010-08-31 19:46 -------- d-----w- c:\program files\CLANNAD Full Voice
2010-09-04 19:05 . 2010-08-08 22:41 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-09-04 19:05 . 2010-08-08 01:55 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-09-04 19:05 . 2010-08-08 03:29 -------- d-----w- c:\program files\Apple Software Update
2010-09-04 19:05 . 2010-09-04 07:20 -------- d-----w- c:\program files\Opera
2010-09-04 00:39 . 2010-08-08 07:09 46 ----a-w- c:\users\Krissy\jagex_runescape_preferences.dat
2010-09-04 00:38 . 2010-08-08 07:11 99 ----a-w- c:\users\Krissy\jagex_runescape_preferences2.dat
2010-09-03 19:51 . 2010-09-03 19:51 -------- d-----w- c:\users\Krissy\AppData\Roaming\Tific
2010-09-03 19:47 . 2010-09-02 21:43 -------- d-----w- c:\program files\Norton Security Scan
2010-09-03 19:47 . 2010-08-31 22:00 -------- d-----w- c:\program files\Project64 1.6
2010-09-02 21:43 . 2010-09-02 21:43 -------- d-----w- c:\programdata\Symantec
2010-08-31 23:45 . 2010-08-18 04:30 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2010-08-18 19:53 . 2010-08-18 19:53 3868056 ----a-w- c:\programdata\Toshiba\TSS\Plugins\SwUpdates\Packages\f0235bcc-eca3-40a1-b880-e68e432b9f2b\125838_12.57.38.PLL2PC-160-WIN.exe
2010-08-18 04:16 . 2010-08-18 04:16 -------- d-----w- c:\program files\Adobe Media Player
2010-08-18 03:51 . 2010-08-18 03:31 1228400 ----a-w- c:\users\Krissy\Photoshop_12_LS1.exe
2010-08-16 03:13 . 2010-08-16 03:06 -------- d-----w- c:\program files\Daniel Corp
2010-08-16 02:24 . 2010-08-08 07:19 -------- d-----w- c:\programdata\PMB Files
2010-08-15 03:36 . 2010-08-08 03:51 -------- d-----w- c:\program files\Ask.com
2010-08-14 00:44 . 2010-08-14 00:44 -------- d-----w- c:\users\Krissy\AppData\Roaming\WildTangent
2010-08-14 00:44 . 2010-05-29 16:20 -------- d-----w- c:\programdata\WildTangent
2010-08-12 19:11 . 2010-08-12 19:11 57609 ----a-w- c:\programdata\DivX\MFComponents\Uninstaller.exe
2010-08-12 19:10 . 2010-08-12 19:10 57054 ----a-w- c:\programdata\DivX\DSDesktopComponents\Uninstaller.exe
2010-08-12 19:10 . 2010-08-12 19:10 54166 ----a-w- c:\programdata\DivX\DSAVCDecoder\Uninstaller.exe
2010-08-12 19:10 . 2010-08-12 19:10 57532 ----a-w- c:\programdata\DivX\DSASPDecoder\Uninstaller.exe
2010-08-12 19:10 . 2010-08-12 19:10 56458 ----a-w- c:\programdata\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-08-12 19:10 . 2010-08-12 19:10 54174 ----a-w- c:\programdata\DivX\DSAACDecoder\Uninstaller.exe
2010-08-12 19:10 . 2010-08-12 19:10 54128 ----a-w- c:\programdata\DivX\Converter\Uninstaller.exe
2010-08-12 19:10 . 2010-08-12 19:10 54644 ----a-w- c:\programdata\DivX\TranscodeEngine\Uninstaller.exe
2010-08-12 19:10 . 2010-08-12 19:10 54101 ----a-w- c:\programdata\DivX\MPEG2Plugin\Uninstaller.exe
2010-08-12 19:10 . 2010-08-12 19:10 57409 ----a-w- c:\programdata\DivX\ControlPanel\Uninstaller.exe
2010-08-12 19:10 . 2010-08-12 19:10 52963 ----a-w- c:\programdata\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-08-12 19:09 . 2010-08-12 19:09 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-08-12 19:09 . 2010-08-12 19:09 54073 ----a-w- c:\programdata\DivX\Qt4.5\Uninstaller.exe
2010-08-12 19:09 . 2010-08-12 19:09 56969 ----a-w- c:\programdata\DivX\ASPEncoder\Uninstaller.exe
2010-08-12 17:51 . 2010-08-12 17:51 -------- d-----w- c:\program files\DCoder Image Source
2010-08-12 17:51 . 2010-08-12 17:51 -------- d-----w- c:\program files\FFMPEG Core Files
2010-08-12 17:51 . 2010-08-12 17:51 -------- d-----w- c:\program files\SHOUTcast Source
2010-08-12 17:51 . 2010-08-12 17:51 -------- d-----w- c:\program files\MONOGRAM AMR SplitterDecoder
2010-08-12 17:51 . 2010-08-12 17:51 -------- d-----w- c:\program files\CD Audio Reader Filter
2010-08-12 17:51 . 2010-08-12 17:51 -------- d-----w- c:\program files\OpenSource AVI Splitter
2010-08-12 17:51 . 2010-08-12 17:51 -------- d-----w- c:\program files\Gabest MPEG Splitter
2010-08-12 17:50 . 2010-08-12 17:50 -------- d-----w- c:\program files\OpenSource DTSAC3DD+ Source Filter
2010-08-12 17:50 . 2010-08-12 17:50 -------- d-----w- c:\program files\RealMedia
2010-08-12 17:50 . 2010-08-12 17:50 -------- d-----w- c:\program files\DScaler5
2010-08-12 17:49 . 2010-08-12 17:49 -------- d-----w- c:\program files\OpenSource Flash Video Splitter
2010-08-12 17:49 . 2010-08-12 17:49 -------- d-----w- c:\program files\DirectVobSub
2010-08-12 17:49 . 2010-08-12 17:49 -------- d-----w- c:\program files\Haali
2010-08-12 17:49 . 2010-08-12 17:49 -------- d-----w- c:\program files\Bass Audio Decoder
2010-08-12 17:49 . 2010-08-12 17:49 -------- d-----w- c:\program files\ffdshow
2010-08-11 21:24 . 2010-08-12 19:12 -------- d-----w- c:\users\Krissy\AppData\Roaming\DivX
2010-08-10 04:06 . 2010-08-10 04:06 -------- d-----w- c:\programdata\Blizzard Entertainment
2010-08-10 04:05 . 2010-08-10 04:05 -------- d-----w- c:\programdata\Blizzard
2010-08-10 04:04 . 2010-08-10 04:04 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-08-08 22:55 . 2010-08-08 03:32 -------- d-----w- c:\users\Krissy\AppData\Roaming\Apple Computer
2010-08-08 22:46 . 2010-08-08 22:41 -------- d-----w- c:\users\Krissy\AppData\Roaming\Winamp
2010-08-08 22:41 . 2010-08-08 22:41 -------- d-----w- c:\program files\Winamp Detect
2010-08-08 07:48 . 2010-08-08 03:05 -------- d-----w- c:\program files\StepMania
2010-08-08 07:19 . 2010-08-08 07:19 -------- d-----w- c:\program files\Pando Networks
2010-08-08 07:11 . 2010-08-08 07:11 0 ----a-w- c:\users\Krissy\jagex__preferences3.dat
2010-08-08 03:50 . 2010-08-08 03:50 -------- d-----w- c:\program files\Microsoft Sync Framework
2010-08-08 03:44 . 2010-08-08 03:44 -------- d-----w- c:\programdata\McAfee
2010-08-08 03:32 . 2010-08-08 03:31 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-08-08 03:31 . 2010-08-08 03:29 -------- d-----w- c:\programdata\Apple Computer
2010-08-08 03:27 . 2010-08-08 03:27 -------- d-----w- c:\programdata\Apple
2010-08-08 03:06 . 2010-08-08 03:06 -------- d-----w- c:\users\Krissy\AppData\Roaming\OpenCandy
2010-08-08 03:06 . 2010-08-08 03:06 257257 ----a-w- c:\users\Krissy\AppData\Roaming\OpenCandy\OpenCandy_42EF4E00D6DE4B3ABE0159DBBD887C82\DLMGR3.exe
2010-08-08 02:24 . 2010-08-08 02:07 -------- d-----w- c:\users\Krissy\AppData\Roaming\Toshiba
2010-08-08 01:55 . 2010-08-08 01:55 -------- d-----w- c:\program files\Symantec
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-09-10 2424560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-23 150552]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-03-11 1697064]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-04-14 8555040]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RtHDVBg.exe" [2010-04-14 694816]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2010-03-04 425984]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2009-12-25 34160]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-02-23 352256]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-11-06 480608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2010-03-25 742712]
"TWebCamera"="c:\program files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-24 2454840]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 611672]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 22840]
"TosNC"="c:\program files\Toshiba\BulletinBoard\TosNcCore.exe" [2010-03-19 467816]
"TosReelTimeMonitor"="c:\program files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [2010-03-03 30040]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2010-05-31 323976]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-09 47904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [2010-01-28 5248]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-03-12 189984]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-19 1343400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1108000.005\SYMDS.SYS [2009-10-15 328752]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1108000.005\SYMEFA.SYS [2010-04-22 173104]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20100901.003\BHDrvx86.sys [2010-08-31 692272]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1108000.005\ccHPx86.sys [2010-02-26 501888]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20100930.005\IDSvix86.sys [2010-09-02 344112]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1108000.005\Ironx86.SYS [2010-04-29 116784]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NIS\1108000.005\SYMTDIV.SYS [2010-05-06 339504]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2010-01-28 185712]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe [2010-02-26 126392]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-09-15 102448]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 24064]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-03-05 277536]
S3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 111960]


--- Other Services/Drivers In Memory ---

*Deregistered* - Normandy

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc
Akamai REG_MULTI_SZ Akamai
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.toshiba.ca/welcome
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: {{0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\Windows Live\Companion\companioncore.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
FF - ProfilePath - c:\users\Krissy\AppData\Roaming\Mozilla\Firefox\Profiles\po4ahb7q.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - prefs.js: network.proxy.type - 0
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\users\Krissy\AppData\Roaming\Mozilla\Firefox\Profiles\po4ahb7q.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - plugin: c:\progra~1\MIF5BA~1\Office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Krissy\AppData\Roaming\Mozilla\Firefox\Profiles\po4ahb7q.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.8.0.5\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-10-04 16:29:35
ComboFix-quarantined-files.txt 2010-10-04 23:29

Pre-Run: 34,098,257,920 bytes free
Post-Run: 34,019,106,816 bytes free

- - End Of File - - 5087A6DA88F9A2E9F6A43600CD85B0A3

#8 vitalbeach

vitalbeach
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Vancouver, BC
  • Local time:04:10 AM

Posted 04 October 2010 - 07:40 PM

Oh, and here are the OTL logs:

OTL.txt:

OTL logfile created on: 10/4/2010 5:23:36 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Krissy\Downloads
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1,013.00 Mb Total Physical Memory | 162.00 Mb Available Physical Memory | 16.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 43.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 124.74 Gb Total Space | 32.32 Gb Free Space | 25.91% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KRISSY-PC
Current User Name: Krissy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/10/04 06:54:10 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Krissy\Downloads\OTL.exe
PRC - [2010/09/22 23:28:10 | 000,025,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2010/09/22 12:03:38 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2010/09/21 14:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2010/09/21 14:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2010/09/15 22:23:10 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/09/15 22:23:08 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/05/31 04:18:16 | 000,323,976 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2010/04/23 01:24:26 | 000,173,080 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxext.exe
PRC - [2010/04/13 17:25:00 | 008,555,040 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
PRC - [2010/04/13 17:24:58 | 000,694,816 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
PRC - [2010/03/25 13:09:24 | 000,742,712 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
PRC - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2010/03/03 12:17:48 | 000,030,040 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
PRC - [2010/02/25 17:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccsvchst.exe
PRC - [2010/02/05 17:41:00 | 000,111,960 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
PRC - [2010/02/05 17:40:44 | 001,021,272 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
PRC - [2010/01/28 16:44:24 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
PRC - [2009/12/25 15:21:16 | 000,034,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
PRC - [2009/11/05 22:04:20 | 000,468,320 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2009/11/05 22:04:12 | 000,480,608 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
PRC - [2009/10/30 22:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/10/06 09:23:12 | 001,294,136 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
PRC - [2009/10/06 09:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
PRC - [2009/09/29 23:59:26 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/28 15:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2009/07/28 14:00:10 | 000,460,088 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
PRC - [2009/03/10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe


========== Modules (SafeList) ==========

MOD - [2010/10/04 06:54:10 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Krissy\Downloads\OTL.exe
MOD - [2009/07/13 18:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/13 18:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/13 18:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/13 18:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/13 18:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/13 18:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/13 18:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/13 18:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/13 18:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/13 18:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/13 18:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2009/07/13 18:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/09/23 00:21:24 | 001,493,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2010/09/22 22:26:49 | 002,950,744 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_062a651.dll -- (Akamai)
SRV - [2010/09/22 16:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010/09/22 12:03:38 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010/09/21 14:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010/09/19 03:04:33 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/25 17:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe -- (NIS)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/02/05 17:41:00 | 000,111,960 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV - [2010/01/28 16:44:24 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe -- (cfWiMAXService)
SRV - [2010/01/09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009/12/03 19:30:18 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/11/05 22:04:20 | 000,468,320 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2009/10/06 09:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/07/28 15:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2009/07/13 18:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/13 18:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/13 18:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/13 18:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/13 18:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/13 18:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 18:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 18:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 18:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/13 18:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/13 18:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 18:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/13 18:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 18:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/13 18:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/13 18:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 18:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/13 18:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/13 18:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/13 18:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/13 18:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009/03/10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - [2010/09/28 21:28:32 | 001,371,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20101004.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/09/28 21:28:31 | 000,086,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20101004.003\NAVENG.SYS -- (NAVENG)
DRV - [2010/09/23 00:21:24 | 000,039,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV - [2010/09/15 14:59:12 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/09/15 14:59:12 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/09/01 20:04:32 | 000,344,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20100930.005\IDSvix86.sys -- (IDSVix86)
DRV - [2010/08/31 15:57:04 | 000,692,272 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20100901.003\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/08/07 18:55:13 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/05/10 11:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/05/05 21:01:59 | 000,339,504 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\windows\System32\Drivers\NIS\1108000.005\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2010/04/28 22:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\windows\system32\drivers\NIS\1108000.005\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/21 20:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\windows\system32\drivers\NIS\1108000.005\SYMEFA.SYS -- (SymEFA)
DRV - [2010/04/21 19:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\windows\System32\Drivers\NIS\1108000.005\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/21 19:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\windows\system32\drivers\NIS\1108000.005\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/04/19 09:12:58 | 004,806,144 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2010/04/13 17:08:16 | 003,074,528 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2010/03/12 11:23:14 | 000,189,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2010/03/10 18:51:36 | 000,242,864 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2010/03/04 21:42:58 | 000,277,536 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167)
DRV - [2010/02/25 17:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\windows\system32\drivers\NIS\1108000.005\ccHPx86.sys -- (ccHP)
DRV - [2010/02/17 11:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/01/27 18:10:44 | 000,005,248 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - [2009/12/11 00:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/11/06 12:53:58 | 001,227,776 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/10/14 20:50:05 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\NIS\1108000.005\SYMDS.SYS -- (SymDS)
DRV - [2009/07/30 21:02:34 | 000,036,208 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\LPCFilter.sys -- (LPCFilter)
DRV - [2009/07/30 17:45:56 | 000,022,912 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2009/07/14 15:28:42 | 000,023,512 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2009/07/13 18:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/13 18:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/13 18:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/13 18:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/13 18:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/13 18:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/13 18:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/13 18:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/13 18:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/13 18:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/13 18:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/13 18:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/13 18:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/13 18:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/13 18:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/13 18:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/13 18:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/13 18:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/13 18:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/13 18:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/13 18:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/13 18:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/13 18:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/13 18:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/13 18:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/13 18:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/13 18:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/13 18:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/13 18:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 18:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/13 18:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/13 18:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/13 18:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/13 18:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/13 18:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/13 18:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/13 18:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/13 18:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/13 17:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/13 17:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/13 17:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 16:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/13 16:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 16:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 16:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)
DRV - [2009/07/13 16:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 16:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV - [2009/07/13 16:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/13 16:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 16:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 16:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/13 16:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/13 16:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/13 16:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 16:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009/07/13 16:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/13 16:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 15:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 15:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 15:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 15:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 15:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 15:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 15:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 15:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 15:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/06/22 17:04:58 | 000,024,064 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PGEffect.sys -- (PGEffect)
DRV - [2009/06/04 18:43:16 | 000,330,264 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\iaStor.sys -- (iaStor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.ca/welcome


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2662990470-3689529364-4260953244-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKU\S-1-5-21-2662990470-3689529364-4260953244-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F7 C3 A6 AC 82 57 CB 01 [binary data]
IE - HKU\S-1-5-21-2662990470-3689529364-4260953244-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2662990470-3689529364-4260953244-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\IPSFFPlgn\ [2010/08/09 12:59:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\coFFPlgn\ [2010/08/07 18:55:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/22 22:51:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/22 22:51:04 | 000,000,000 | ---D | M]

[2010/09/04 01:01:26 | 000,000,000 | ---D | M] -- C:\Users\Krissy\AppData\Roaming\Mozilla\Extensions
[2010/08/07 20:53:38 | 000,000,000 | ---D | M] -- C:\Users\Krissy\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010/10/04 16:40:31 | 000,000,000 | ---D | M] -- C:\Users\Krissy\AppData\Roaming\Mozilla\Firefox\Profiles\po4ahb7q.default\extensions
[2010/09/04 14:47:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Krissy\AppData\Roaming\Mozilla\Firefox\Profiles\po4ahb7q.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2010/09/30 21:17:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Krissy\AppData\Roaming\Mozilla\Firefox\Profiles\po4ahb7q.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2010/09/04 01:01:26 | 000,000,000 | ---D | M] -- C:\Users\Krissy\AppData\Roaming\Mozilla\Firefox\Profiles\yttpvhm6.default\extensions
[2010/10/04 16:40:31 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/17 10:28:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/07/12 09:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2010/10/04 16:21:17 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-2662990470-3689529364-4260953244-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-2662990470-3689529364-4260953244-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKU\S-1-5-21-2662990470-3689529364-4260953244-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2662990470-3689529364-4260953244-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2662990470-3689529364-4260953244-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialo...osoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 64.59.144.90 64.59.144.91
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\windows\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\windows\System32\livessp.dll (Microsoft Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/10/04 16:30:07 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/10/04 16:29:47 | 000,000,000 | ---D | C] -- C:\windows\temp
[2010/10/04 16:29:46 | 000,000,000 | ---D | C] -- C:\Users\Krissy\AppData\Local\temp
[2010/10/04 10:39:48 | 000,161,792 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2010/10/04 10:39:48 | 000,136,704 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2010/10/04 10:39:48 | 000,031,232 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2010/10/04 10:37:41 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/04 10:35:01 | 000,212,480 | ---- | C] (SteelWerX) -- C:\windows\SWXCACLS.exe
[2010/10/04 10:34:51 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/10/04 10:11:10 | 000,000,000 | ---D | C] -- C:\windows\en
[2010/10/04 09:48:34 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar
[2010/10/04 09:43:37 | 000,000,000 | ---D | C] -- C:\Program Files\Bing Bar Installer
[2010/10/04 09:13:13 | 000,000,000 | ---D | C] -- C:\Users\Krissy\AppData\Local\Windows Live
[2010/09/29 17:17:55 | 000,000,000 | ---D | C] -- C:\Users\Krissy\AppData\Roaming\SUPERAntiSpyware.com
[2010/09/29 17:17:55 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/09/29 17:17:31 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/09/29 16:04:05 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/09/29 16:03:59 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/09/29 15:57:14 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/09/28 10:35:11 | 000,000,000 | ---D | C] -- C:\Users\Krissy\AppData\Roaming\Research In Motion
[2010/09/28 10:34:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Research In Motion
[2010/09/25 14:55:52 | 000,000,000 | ---D | C] -- C:\Users\Krissy\Documents\My Chat Logs
[2010/09/25 14:55:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Messenger Plus!
[2010/09/25 14:54:54 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger Plus! Live
[2010/09/22 22:49:24 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/09/22 12:35:09 | 000,000,000 | ---D | C] -- C:\Users\Krissy\Desktop\Miku
[2010/09/20 22:55:27 | 000,000,000 | ---D | C] -- C:\hegames
[2010/09/19 22:28:58 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2010/09/19 22:24:28 | 000,000,000 | ---D | C] -- C:\Users\Krissy\AppData\Roaming\WinPatrol
[2010/09/19 22:24:08 | 000,000,000 | ---D | C] -- C:\Program Files\BillP Studios
[2010/09/19 03:32:33 | 000,000,000 | ---D | C] -- C:\windows\System32\Wat
[2010/09/18 18:03:46 | 000,000,000 | ---D | C] -- C:\Users\Krissy\Documents\Electronic Arts
[2010/09/18 15:48:07 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/09/18 15:04:07 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/09/18 14:16:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/09/18 01:17:59 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2010/09/17 10:29:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/09/17 10:29:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/09/17 09:49:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/09/17 09:49:24 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/09/17 01:06:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2010/09/17 00:37:14 | 000,000,000 | ---D | C] -- C:\Users\Krissy\AppData\Roaming\Malwarebytes
[2010/09/17 00:36:48 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2010/09/17 00:36:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/09/17 00:36:44 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2010/09/17 00:36:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/17 00:23:14 | 000,447,752 | ---- | C] (On2.com) -- C:\windows\System32\vp6vfw.dll
[2010/09/17 00:23:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft WSE
[2010/09/16 23:53:47 | 000,000,000 | ---D | C] -- C:\Program Files\Electronic Arts
[2010/09/16 23:44:26 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2010/09/16 23:44:25 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2010/09/16 23:41:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/09/15 15:04:07 | 000,737,280 | ---- | C] (Indigo Rose Corporation) -- C:\windows\iun6002.exe
[2010/09/15 15:02:45 | 000,000,000 | ---D | C] -- C:\Program Files\PopCap Games
[2010/09/11 19:26:04 | 000,000,000 | ---D | C] -- C:\Users\Krissy\AppData\Local\Diagnostics
[2010/09/11 16:34:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony
[2010/09/11 16:33:24 | 000,000,000 | ---D | C] -- C:\Program Files\Sony
[2010/09/11 14:10:09 | 000,000,000 | ---D | C] -- C:\Users\Krissy\AppData\Roaming\Sony
[2010/09/11 14:10:09 | 000,000,000 | ---D | C] -- C:\Users\Krissy\AppData\Local\Sony
[2010/09/09 18:01:56 | 000,000,000 | ---D | C] -- C:\Users\Krissy\AppData\Roaming\QuickScan
[2010/09/09 17:53:30 | 000,000,000 | ---D | C] -- C:\windows\Sun
[2010/09/07 22:49:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2010/09/07 22:49:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/09/07 22:48:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/09/07 22:39:27 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2010/09/07 22:37:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2010/09/07 22:37:04 | 000,000,000 | ---D | C] -- C:\Users\Krissy\AppData\Local\Microsoft Help
[2010/09/07 19:14:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2010/09/07 18:38:35 | 000,000,000 | ---D | C] -- C:\windows\System32\appmgmt
[2010/09/07 10:46:45 | 000,000,000 | ---D | C] -- C:\Program Files\osu!
[2010/09/07 10:44:30 | 000,000,000 | ---D | C] -- C:\Users\Krissy\AppData\Roaming\Downloaded Installations
[2010/09/04 21:41:49 | 000,000,000 | ---D | C] -- C:\windows\Minidump
[2010/09/04 14:04:48 | 000,000,000 | ---D | C] -- C:\Users\Krissy\Documents\My Received Files
[2010/09/04 13:13:25 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Journal
[2010/09/04 13:13:19 | 000,000,000 | ---D | C] -- C:\windows\ehome
[2010/09/04 13:13:19 | 000,000,000 | ---D | C] -- C:\windows\CSC
[2010/09/04 00:21:08 | 000,000,000 | ---D | C] -- C:\Users\Krissy\AppData\Roaming\Opera
[2010/09/04 00:21:08 | 000,000,000 | ---D | C] -- C:\Users\Krissy\AppData\Local\Opera
[2010/09/04 00:20:27 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2010/09/03 12:51:21 | 000,000,000 | ---D | C] -- C:\Users\Krissy\AppData\Roaming\Tific
[2010/09/03 12:51:03 | 000,000,000 | ---D | C] -- C:\Users\Krissy\AppData\Local\Symantec
[2010/09/02 14:43:23 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Security Scan
[2010/09/02 14:43:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2010/08/31 15:00:02 | 000,000,000 | ---D | C] -- C:\Program Files\Project64 1.6
[2010/08/31 12:46:56 | 000,000,000 | ---D | C] -- C:\Program Files\CLANNAD Full Voice
[2010/08/28 14:09:38 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/08/17 21:30:31 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2010/08/17 21:16:20 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2010/08/17 21:05:37 | 000,000,000 | ---D | C] -- C:\Users\Krissy\AppData\Local\Adobe
[2010/08/17 20:31:45 | 001,228,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Users\Krissy\Photoshop_12_LS1.exe
[2010/08/17 20:30:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Akamai
[2010/08/15 20:06:55 | 000,000,000 | ---D | C] -- C:\Program Files\Daniel Corp
[2010/08/14 21:23:34 | 000,000,000 | ---D | C] -- C:\Users\Krissy\AppData\Roaming\LimeWire
[2010/08/13 17:44:43 | 000,000,000 | ---D | C] -- C:\Users\Krissy\AppData\Roaming\WildTangent
[2010/08/12 12:12:43 | 000,000,000 | ---D | C] -- C:\Users\Krissy\AppData\Roaming\DivX
[2010/08/12 12:09:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2010/08/12 12:09:02 | 000,000,000 | ---D | C] -- C:\Users\Krissy\AppData\Local\Google
[2010/08/12 12:08:48 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010/08/12 12:08:28 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2010/08/12 12:08:06 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2010/08/12 10:51:55 | 000,000,000 | ---D | C] -- C:\Program Files\DCoder Image Source
[2010/08/12 10:51:40 | 000,000,000 | ---D | C] -- C:\Program Files\FFMPEG Core Files
[2010/08/12 10:51:14 | 000,000,000 | ---D | C] -- C:\Program Files\SHOUTcast Source
[2010/08/12 10:51:10 | 000,000,000 | ---D | C] -- C:\Program Files\MONOGRAM AMR SplitterDecoder
[2010/08/12 10:51:06 | 000,000,000 | ---D | C] -- C:\Program Files\CD Audio Reader Filter
[2010/08/12 10:51:04 | 000,000,000 | ---D | C] -- C:\Program Files\OpenSource AVI Splitter
[2010/08/12 10:51:01 | 000,000,000 | ---D | C] -- C:\Program Files\Gabest MPEG Splitter
[2010/08/12 10:50:57 | 000,000,000 | ---D | C] -- C:\Program Files\OpenSource DTSAC3DD+ Source Filter
[2010/08/12 10:50:48 | 000,000,000 | ---D | C] -- C:\Program Files\RealMedia
[2010/08/12 10:50:10 | 000,000,000 | ---D | C] -- C:\Program Files\DScaler5
[2010/08/12 10:49:35 | 000,000,000 | ---D | C] -- C:\Program Files\OpenSource Flash Video Splitter
[2010/08/12 10:49:32 | 000,000,000 | ---D | C] -- C:\Program Files\DirectVobSub
[2010/08/12 10:49:25 | 000,000,000 | ---D | C] -- C:\Program Files\Haali
[2010/08/12 10:49:15 | 000,000,000 | ---D | C] -- C:\Program Files\Bass Audio Decoder
[2010/08/12 10:49:00 | 000,000,000 | ---D | C] -- C:\Program Files\ffdshow
[2010/08/12 10:47:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Zoom Player
[2010/08/12 10:47:27 | 000,000,000 | ---D | C] -- C:\Program Files\Zoom Player
[2010/08/12 10:31:56 | 000,000,000 | ---D | C] -- C:\Users\Krissy\Documents\Symantec
[2010/08/11 13:03:50 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2010/08/11 13:03:35 | 000,000,000 | ---D | C] -- C:\Users\Krissy\AppData\Roaming\uTorrent
[2010/08/09 21:06:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2010/08/09 21:05:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard
[2010/08/09 21:04:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment
[2010/08/09 21:03:49 | 000,000,000 | ---D | C] -- C:\Users\Krissy\AppData\Local\Blizzard Entertainment
[2010/08/09 20:59:44 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Blizzard Entertainment
[2010/08/08 16:14:00 | 000,000,000 | ---D | C] -- C:\Users\Krissy\AppData\Local\CrashDumps
[2010/08/08 15:41:58 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp Detect
[2010/08/08 15:41:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2010/08/08 15:41:09 | 000,000,000 | ---D | C] -- C:\Users\Krissy\AppData\Roaming\Winamp
[2010/08/08 15:41:09 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp
[2010/08/08 13:06:50 | 000,339,504 | ---- | C] (Symantec Corporation) -- C:\windows\System32\drivers\symtdiv.sys
[2010/08/08 13:06:49 | 000,328,752 | R--- | C] (Symantec Corporation) -- C:\windows\System32\drivers\symds.sys
[2010/08/08 13:06:49 | 000,173,104 | ---- | C] (Symantec Corporation) -- C:\windows\System32\drivers\symefa.sys
[2010/08/08 13:06:48 | 000,043,696 | ---- | C] (Symantec Corporation) -- C:\windows\System32\drivers\srtspx.sys
[2010/08/08 13:06:47 | 000,501,888 | ---- | C] (Symantec Corporation) -- C:\windows\System32\drivers\cchpx86.sys
[2010/08/08 13:06:47 | 000,116,784 | ---- | C] (Symantec Corporation) -- C:\windows\System32\drivers\ironx86.sys
[2010/08/08 00:45:52 | 000,000,000 | ---D | C] -- C:\Users\Krissy\AppData\Roaming\WinRAR
[2010/08/08 00:20:03 | 000,000,000 | ---D | C] -- C:\Users\Krissy\AppData\Local\PMB Files
[2010/08/08 00:19:58 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2010/08/08 00:19:31 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2010/08/08 00:09:29 | 000,000,000 | ---D | C] -- C:\.jagex_cache_32
[2010/08/07 23:45:25 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/08/07 20:54:22 | 000,000,000 | ---D | C] -- C:\Users\Krissy\Documents\LimeWire
[2010/08/07 20:52:17 | 000,000,000 | ---D | C] -- C:\Users\Krissy\Tracing
[2010/08/07 20:51:45 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2010/08/07 20:50:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2010/08/07 20:49:35 | 000,000,000 | ---D | C] -- C:\Program Files\LimeWire
[2010/08/07 20:44:50 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2010/08/07 20:32:48 | 000,000,000 | ---D | C] -- C:\Users\Krissy\AppData\Roaming\Apple Computer
[2010/08/07 20:32:48 | 000,000,000 | ---D | C] -- C:\Users\Krissy\AppData\Local\Apple Computer
[2010/08/07 20:32:26 | 000,000,000 | ---D | C] -- C:\windows\System32\DRVSTORE
[2010/08/07 20:31:37 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/08/07 20:29:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010/08/07 20:29:14 | 000,000,000 | ---D | C] -- C:\Users\Krissy\AppData\Local\Apple
[2010/08/07 20:29:09 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/08/07 20:27:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010/08/07 20:27:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/08/07 20:06:03 | 000,000,000 | ---D | C] -- C:\Users\Krissy\AppData\Local\OpenCandy
[2010/08/07 20:06:00 | 000,000,000 | ---D | C] -- C:\Users\Krissy\AppData\Roaming\OpenCandy
[2010/08/07 20:05:44 | 000,000,000 | ---D | C] -- C:\Program Files\StepMania
[2010/08/07 19:56:27 | 000,000,000 | ---D | C] -- C:\Users\Krissy\AppData\Roaming\Mozilla
[2010/08/07 19:56:27 | 000,000,000 | ---D | C] -- C:\Users\Krissy\AppData\Local\Mozilla
[2010/08/07 19:56:04 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/08/07 19:39:01 | 000,000,000 | ---D | C] -- C:\Users\Krissy\AppData\Roaming\Macromedia
[2010/08/07 19:38:59 | 000,000,000 | ---D | C] -- C:\Users\Krissy\AppData\Roaming\Adobe
[2010/08/07 19:07:17 | 000,000,000 | ---D | C] -- C:\Users\Krissy\AppData\Local\TOSHIBA_Corporation
[2010/08/07 19:07:16 | 000,000,000 | ---D | C] -- C:\Users\Krissy\AppData\Roaming\Toshiba
[2010/08/07 18:55:14 | 000,124,976 | ---- | C] (Symantec Corporation) -- C:\windows\System32\drivers\SYMEVENT.SYS
[2010/08/07 18:55:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/08/07 18:55:13 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/08/07 18:54:46 | 000,000,000 | ---D | C] -- C:\Users\Krissy\AppData\Local\Toshiba
[2010/08/07 18:53:34 | 000,000,000 | R--D | C] -- C:\Users\Krissy\Searches
[2010/08/07 18:53:34 | 000,000,000 | -H-D | C] -- C:\Users\Krissy\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2010/08/07 18:53:25 | 000,000,000 | ---D | C] -- C:\Users\Krissy\AppData\Roaming\Identities
[2010/08/07 18:53:22 | 000,000,000 | R--D | C] -- C:\Users\Krissy\Contacts
[2010/08/07 18:52:20 | 000,000,000 | ---D | C] -- C:\Users\Krissy\AppData\Local\VirtualStore
[2010/08/07 18:52:18 | 000,000,000 | -HSD | C] -- C:\Users\Krissy\AppData\Local\Temporary Internet Files
[2010/08/07 18:52:18 | 000,000,000 | -HSD | C] -- C:\Users\Krissy\Templates
[2010/08/07 18:52:18 | 000,000,000 | -HSD | C] -- C:\Users\Krissy\Start Menu
[2010/08/07 18:52:18 | 000,000,000 | -HSD | C] -- C:\Users\Krissy\SendTo
[2010/08/07 18:52:18 | 000,000,000 | -HSD | C] -- C:\Users\Krissy\Recent
[2010/08/07 18:52:18 | 000,000,000 | -HSD | C] -- C:\Users\Krissy\PrintHood
[2010/08/07 18:52:18 | 000,000,000 | -HSD | C] -- C:\Users\Krissy\NetHood
[2010/08/07 18:52:18 | 000,000,000 | -HSD | C] -- C:\Users\Krissy\Documents\My Videos
[2010/08/07 18:52:18 | 000,000,000 | -HSD | C] -- C:\Users\Krissy\Documents\My Pictures
[2010/08/07 18:52:18 | 000,000,000 | -HSD | C] -- C:\Users\Krissy\Documents\My Music
[2010/08/07 18:52:18 | 000,000,000 | -HSD | C] -- C:\Users\Krissy\Local Settings
[2010/08/07 18:52:18 | 000,000,000 | -HSD | C] -- C:\Users\Krissy\AppData\Local\History
[2010/08/07 18:52:18 | 000,000,000 | -HSD | C] -- C:\Users\Krissy\Cookies
[2010/08/07 18:52:18 | 000,000,000 | -HSD | C] -- C:\Users\Krissy\Application Data
[2010/08/07 18:52:18 | 000,000,000 | -HSD | C] -- C:\Users\Krissy\AppData\Local\Application Data
[2010/08/07 18:52:17 | 000,000,000 | --SD | C] -- C:\Users\Krissy\AppData\Roaming\Microsoft
[2010/08/07 18:52:17 | 000,000,000 | R--D | C] -- C:\Users\Krissy\Videos
[2010/08/07 18:52:17 | 000,000,000 | R--D | C] -- C:\Users\Krissy\Saved Games
[2010/08/07 18:52:17 | 000,000,000 | R--D | C] -- C:\Users\Krissy\Music
[2010/08/07 18:52:17 | 000,000,000 | R--D | C] -- C:\Users\Krissy\Links
[2010/08/07 18:52:17 | 000,000,000 | R--D | C] -- C:\Users\Krissy\Favorites
[2010/08/07 18:52:17 | 000,000,000 | R--D | C] -- C:\Users\Krissy\Downloads
[2010/08/07 18:52:17 | 000,000,000 | R--D | C] -- C:\Users\Krissy\My Documents
[2010/08/07 18:52:17 | 000,000,000 | R--D | C] -- C:\Users\Krissy\Desktop
[2010/08/07 18:52:17 | 000,000,000 | -HSD | C] -- C:\Users\Krissy\My Documents
[2010/08/07 18:52:17 | 000,000,000 | -H-D | C] -- C:\Users\Krissy\AppData
[2010/08/07 18:52:17 | 000,000,000 | ---D | C] -- C:\Users\Krissy\Pictures
[2010/08/07 18:52:17 | 000,000,000 | ---D | C] -- C:\Users\Krissy\AppData\Local\Microsoft

========== Files - Modified Within 90 Days ==========

[2010/10/04 17:29:40 | 003,145,728 | -HS- | M] () -- C:\Users\Krissy\ntuser.dat
[2010/10/04 17:22:50 | 000,726,316 | ---- | M] () -- C:\windows\System32\PerfStringBackup.INI
[2010/10/04 17:22:50 | 000,628,460 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2010/10/04 17:22:50 | 000,110,612 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2010/10/04 17:21:18 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2010/10/04 16:22:00 | 000,000,215 | ---- | M] () -- C:\windows\system.ini
[2010/10/04 16:21:43 | 000,975,280 | ---- | M] () -- C:\windows\System32\drivers\NIS\1108000.005\Cat.DB
[2010/10/04 16:21:17 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
[2010/10/03 15:27:42 | 000,027,552 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/03 15:27:42 | 000,027,552 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/02 09:54:51 | 000,001,878 | ---- | M] () -- C:\Users\Krissy\Desktop\LimeWire 5.5.16.lnk
[2010/09/30 21:25:15 | 000,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
[2010/09/30 21:24:46 | 796,987,392 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/30 21:22:16 | 002,584,376 | -H-- | M] () -- C:\Users\Krissy\AppData\Local\IconCache.db
[2010/09/29 18:03:20 | 215,408,040 | ---- | M] () -- C:\windows\MEMORY.DMP
[2010/09/29 16:05:31 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/09/24 15:15:21 | 000,002,425 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2010/09/20 22:57:37 | 000,000,534 | ---- | M] () -- C:\windows\hegames.ini
[2010/09/20 14:52:57 | 000,000,172 | ---- | M] () -- C:\windows\System32\drivers\NIS\1108000.005\isolate.ini
[2010/09/20 14:25:37 | 000,016,487 | ---- | M] () -- C:\Users\Krissy\Documents\Edmund Burke PC.docx
[2010/09/15 15:03:31 | 000,737,280 | ---- | M] (Indigo Rose Corporation) -- C:\windows\iun6002.exe
[2010/09/15 15:02:56 | 000,001,320 | ---- | M] () -- C:\Users\Public\Desktop\Insaniquarium Deluxe.lnk
[2010/09/15 15:02:45 | 000,000,000 | ---- | M] () -- C:\windows\popcinfo.dat
[2010/09/14 15:43:31 | 000,001,242 | ---- | M] () -- C:\Users\Krissy\Desktop\Paint.lnk
[2010/09/07 23:24:37 | 000,110,816 | ---- | M] () -- C:\Users\Krissy\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/09/07 23:21:58 | 003,772,944 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2010/09/07 23:07:02 | 000,000,478 | ---- | M] () -- C:\windows\win.ini
[2010/09/07 22:53:02 | 000,003,021 | ---- | M] () -- C:\Users\Krissy\Desktop\Microsoft Word 2010.lnk
[2010/09/05 16:51:05 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/09/05 16:51:05 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/09/04 12:48:56 | 000,524,288 | -HS- | M] () -- C:\Users\Krissy\ntuser.dat{cebf6ede-b854-11df-a526-88ae1d3f0a53}.TMContainer00000000000000000002.regtrans-ms
[2010/09/04 12:48:56 | 000,524,288 | -HS- | M] () -- C:\Users\Krissy\ntuser.dat{cebf6ede-b854-11df-a526-88ae1d3f0a53}.TMContainer00000000000000000001.regtrans-ms
[2010/09/04 12:48:56 | 000,065,536 | -HS- | M] () -- C:\Users\Krissy\ntuser.dat{cebf6ede-b854-11df-a526-88ae1d3f0a53}.TM.blf
[2010/09/04 12:48:19 | 000,000,020 | RHS- | M] () -- C:\win7.ld
[2010/09/04 12:48:18 | 000,291,725 | RHS- | M] () -- C:\IXCLS
[2010/09/04 00:37:23 | 000,052,498 | ---- | M] () -- C:\Users\Krissy\Documents\Windows.XP.Professional.SP3.July.2010.5803525.TPB.torrent
[2010/09/04 00:36:33 | 000,052,498 | ---- | M] () -- C:\Users\Krissy\Documents\Windows_XP_Final___All_Updates.5805983.TPB.torrent
[2010/09/03 17:39:39 | 000,000,046 | ---- | M] () -- C:\Users\Krissy\jagex_runescape_preferences.dat
[2010/09/03 17:38:51 | 000,000,099 | ---- | M] () -- C:\Users\Krissy\jagex_runescape_preferences2.dat
[2010/09/03 15:09:47 | 000,065,536 | -HS- | M] () -- C:\Users\Krissy\ntuser.dat{f23e75e5-b792-11df-b10e-e5827c19434b}.TM.blf
[2010/09/03 15:09:46 | 000,524,288 | -HS- | M] () -- C:\Users\Krissy\ntuser.dat{f23e75e5-b792-11df-b10e-e5827c19434b}.TMContainer00000000000000000002.regtrans-ms
[2010/09/03 15:09:46 | 000,524,288 | -HS- | M] () -- C:\Users\Krissy\ntuser.dat{f23e75e5-b792-11df-b10e-e5827c19434b}.TMContainer00000000000000000001.regtrans-ms
[2010/08/31 13:12:22 | 000,002,060 | ---- | M] () -- C:\Users\Public\Desktop\CLANNAD Full Voice.lnk
[2010/08/22 20:31:58 | 000,001,924 | ---- | M] () -- C:\Users\Krissy\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/22 20:31:58 | 000,001,900 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/08/17 21:32:15 | 000,001,180 | ---- | M] () -- C:\Users\Krissy\Desktop\Photoshop CS5.lnk
[2010/08/17 20:50:56 | 1026,293,791 | ---- | M] () -- C:\Users\Krissy\Photoshop_12_LS1.7z
[2010/08/11 13:04:04 | 000,000,952 | ---- | M] () -- C:\Users\Krissy\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2010/08/11 13:04:04 | 000,000,928 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2010/08/08 15:43:21 | 000,000,976 | ---- | M] () -- C:\Users\Krissy\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2010/08/08 15:43:21 | 000,000,952 | ---- | M] () -- C:\Users\Public\Desktop\Winamp.lnk
[2010/08/08 00:11:23 | 000,000,000 | ---- | M] () -- C:\Users\Krissy\jagex__preferences3.dat
[2010/08/07 20:11:36 | 000,001,116 | ---- | M] () -- C:\Users\Krissy\Desktop\StepMania 3.9a.lnk
[2010/08/07 19:25:55 | 000,001,422 | ---- | M] () -- C:\Users\Krissy\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/08/07 19:07:21 | 000,524,288 | -HS- | M] () -- C:\Users\Krissy\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2010/08/07 19:07:21 | 000,524,288 | -HS- | M] () -- C:\Users\Krissy\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010/08/07 19:07:21 | 000,065,536 | -HS- | M] () -- C:\Users\Krissy\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010/08/07 18:55:13 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\windows\System32\drivers\SYMEVENT.SYS
[2010/08/07 18:55:13 | 000,007,443 | ---- | M] () -- C:\windows\System32\drivers\SYMEVENT.CAT
[2010/08/07 18:55:13 | 000,000,805 | ---- | M] () -- C:\windows\System32\drivers\SYMEVENT.INF
[2010/08/07 18:52:18 | 000,000,020 | -HS- | M] () -- C:\Users\Krissy\ntuser.ini
[2010/08/07 09:46:07 | 000,035,789 | ---- | M] () -- C:\windows\System32\license.rtf

========== Files Created - No Company Name ==========

[2010/10/04 10:39:48 | 000,256,512 | ---- | C] () -- C:\windows\PEV.exe
[2010/10/04 10:39:48 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2010/10/04 10:39:48 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2010/10/04 10:39:48 | 000,077,312 | ---- | C] () -- C:\windows\MBR.exe
[2010/10/04 10:39:48 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2010/10/02 09:54:50 | 000,001,878 | ---- | C] () -- C:\Users\Krissy\Desktop\LimeWire 5.5.16.lnk
[2010/09/29 18:03:20 | 215,408,040 | ---- | C] () -- C:\windows\MEMORY.DMP
[2010/09/29 16:05:31 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/09/24 15:15:21 | 000,002,425 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2010/09/20 22:55:11 | 000,000,534 | ---- | C] () -- C:\windows\hegames.ini
[2010/09/20 14:25:34 | 000,016,487 | ---- | C] () -- C:\Users\Krissy\Documents\Edmund Burke PC.docx
[2010/09/15 15:02:56 | 000,001,320 | ---- | C] () -- C:\Users\Public\Desktop\Insaniquarium Deluxe.lnk
[2010/09/15 15:02:45 | 000,000,000 | ---- | C] () -- C:\windows\popcinfo.dat
[2010/09/14 15:43:31 | 000,001,242 | ---- | C] () -- C:\Users\Krissy\Desktop\Paint.lnk
[2010/09/07 22:53:02 | 000,003,021 | ---- | C] () -- C:\Users\Krissy\Desktop\Microsoft Word 2010.lnk
[2010/09/05 16:51:05 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010/09/05 16:51:05 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2010/09/04 13:12:03 | 000,053,551 | ---- | C] () -- C:\windows\Professional.xml
[2010/09/04 12:48:19 | 000,000,020 | RHS- | C] () -- C:\win7.ld
[2010/09/04 12:48:17 | 000,291,725 | RHS- | C] () -- C:\IXCLS
[2010/09/04 12:07:57 | 000,524,288 | -HS- | C] () -- C:\Users\Krissy\ntuser.dat{cebf6ede-b854-11df-a526-88ae1d3f0a53}.TMContainer00000000000000000002.regtrans-ms
[2010/09/04 12:07:57 | 000,524,288 | -HS- | C] () -- C:\Users\Krissy\ntuser.dat{cebf6ede-b854-11df-a526-88ae1d3f0a53}.TMContainer00000000000000000001.regtrans-ms
[2010/09/04 12:07:57 | 000,065,536 | -HS- | C] () -- C:\Users\Krissy\ntuser.dat{cebf6ede-b854-11df-a526-88ae1d3f0a53}.TM.blf
[2010/09/04 00:37:22 | 000,052,498 | ---- | C] () -- C:\Users\Krissy\Documents\Windows.XP.Professional.SP3.July.2010.5803525.TPB.torrent
[2010/09/04 00:33:54 | 000,052,498 | ---- | C] () -- C:\Users\Krissy\Documents\Windows_XP_Final___All_Updates.5805983.TPB.torrent
[2010/09/03 12:49:22 | 000,524,288 | -HS- | C] () -- C:\Users\Krissy\ntuser.dat{f23e75e5-b792-11df-b10e-e5827c19434b}.TMContainer00000000000000000002.regtrans-ms
[2010/09/03 12:49:22 | 000,524,288 | -HS- | C] () -- C:\Users\Krissy\ntuser.dat{f23e75e5-b792-11df-b10e-e5827c19434b}.TMContainer00000000000000000001.regtrans-ms
[2010/09/03 12:49:22 | 000,065,536 | -HS- | C] () -- C:\Users\Krissy\ntuser.dat{f23e75e5-b792-11df-b10e-e5827c19434b}.TM.blf
[2010/08/31 13:12:21 | 000,002,060 | ---- | C] () -- C:\Users\Public\Desktop\CLANNAD Full Voice.lnk
[2010/08/22 20:31:58 | 000,001,924 | ---- | C] () -- C:\Users\Krissy\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/22 20:31:58 | 000,001,900 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/08/17 21:32:15 | 000,001,180 | ---- | C] () -- C:\Users\Krissy\Desktop\Photoshop CS5.lnk
[2010/08/17 20:31:45 | 1026,293,791 | ---- | C] () -- C:\Users\Krissy\Photoshop_12_LS1.7z
[2010/08/12 10:49:03 | 000,085,504 | ---- | C] () -- C:\windows\System32\ff_vfw.dll
[2010/08/11 13:04:04 | 000,000,952 | ---- | C] () -- C:\Users\Krissy\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2010/08/11 13:04:04 | 000,000,928 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2010/08/08 15:43:21 | 000,000,976 | ---- | C] () -- C:\Users\Krissy\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2010/08/08 15:43:21 | 000,000,952 | ---- | C] () -- C:\Users\Public\Desktop\Winamp.lnk
[2010/08/08 00:11:23 | 000,000,000 | ---- | C] () -- C:\Users\Krissy\jagex__preferences3.dat
[2010/08/08 00:11:19 | 000,000,099 | ---- | C] () -- C:\Users\Krissy\jagex_runescape_preferences2.dat
[2010/08/08 00:09:50 | 000,000,046 | ---- | C] () -- C:\Users\Krissy\jagex_runescape_preferences.dat
[2010/08/07 20:11:36 | 000,001,116 | ---- | C] () -- C:\Users\Krissy\Desktop\StepMania 3.9a.lnk
[2010/08/07 19:25:55 | 000,001,422 | ---- | C] () -- C:\Users\Krissy\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/08/07 18:55:14 | 000,007,443 | ---- | C] () -- C:\windows\System32\drivers\SYMEVENT.CAT
[2010/08/07 18:55:14 | 000,000,805 | ---- | C] () -- C:\windows\System32\drivers\SYMEVENT.INF
[2010/08/07 18:52:18 | 000,000,020 | -HS- | C] () -- C:\Users\Krissy\ntuser.ini
[2010/08/07 18:52:17 | 003,145,728 | -HS- | C] () -- C:\Users\Krissy\ntuser.dat
[2010/08/07 18:52:17 | 000,524,288 | -HS- | C] () -- C:\Users\Krissy\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2010/08/07 18:52:17 | 000,524,288 | -HS- | C] () -- C:\Users\Krissy\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010/08/07 18:52:17 | 000,262,144 | -HS- | C] () -- C:\Users\Krissy\ntuser.dat.LOG1
[2010/08/07 18:52:17 | 000,065,536 | -HS- | C] () -- C:\Users\Krissy\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010/08/07 18:52:17 | 000,000,290 | ---- | C] () -- C:\Users\Krissy\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2010/08/07 18:52:17 | 000,000,272 | ---- | C] () -- C:\Users\Krissy\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010/08/07 18:52:17 | 000,000,000 | -HS- | C] () -- C:\Users\Krissy\ntuser.dat.LOG2
[2010/05/29 09:14:08 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI
[2010/05/29 08:56:34 | 000,045,056 | ---- | C] () -- C:\windows\System32\HWS_Ctrl.dll
[2010/05/29 08:54:11 | 000,080,416 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll
[2009/07/13 16:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/04/28 04:37:00 | 000,028,672 | ---- | C] () -- C:\windows\System32\SPCtl.dll

========== LOP Check ==========

[2010/09/07 10:44:30 | 000,000,000 | ---D | M] -- C:\Users\Krissy\AppData\Roaming\Downloaded Installations
[2010/10/04 09:59:40 | 000,000,000 | ---D | M] -- C:\Users\Krissy\AppData\Roaming\LimeWire
[2010/08/07 20:06:07 | 000,000,000 | ---D | M] -- C:\Users\Krissy\AppData\Roaming\OpenCandy
[2010/09/04 00:21:08 | 000,000,000 | ---D | M] -- C:\Users\Krissy\AppData\Roaming\Opera
[2010/09/30 23:29:51 | 000,000,000 | ---D | M] -- C:\Users\Krissy\AppData\Roaming\QuickScan
[2010/09/28 10:35:11 | 000,000,000 | ---D | M] -- C:\Users\Krissy\AppData\Roaming\Research In Motion
[2010/09/11 14:10:09 | 000,000,000 | ---D | M] -- C:\Users\Krissy\AppData\Roaming\Sony
[2010/09/03 12:51:21 | 000,000,000 | ---D | M] -- C:\Users\Krissy\AppData\Roaming\Tific
[2010/08/07 19:24:45 | 000,000,000 | ---D | M] -- C:\Users\Krissy\AppData\Roaming\Toshiba
[2010/09/22 15:39:11 | 000,000,000 | ---D | M] -- C:\Users\Krissy\AppData\Roaming\uTorrent
[2010/08/13 17:44:43 | 000,000,000 | ---D | M] -- C:\Users\Krissy\AppData\Roaming\WildTangent
[2010/09/19 22:24:28 | 000,000,000 | ---D | M] -- C:\Users\Krissy\AppData\Roaming\WinPatrol
[2009/07/13 21:53:46 | 000,010,928 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU(37).TXT
[2010/09/06 00:52:34 | 000,020,028 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========


< End of report >


Extras.txt:

OTL Extras logfile created on: 10/4/2010 5:23:36 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Krissy\Downloads
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1,013.00 Mb Total Physical Memory | 162.00 Mb Available Physical Memory | 16.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 43.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 124.74 Gb Total Space | 32.32 Gb Free Space | 25.91% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KRISSY-PC
Current User Name: Krissy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2662990470-3689529364-4260953244-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0283EDE1-D8A9-4F64-A035-5E35B4DD199A}_is1" = CLANNAD Full Voice 1.5
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 21
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{2A8E4833-F483-4074-B4DB-F295F7901A8D}" = MobileMe Control Panel
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{607BE7BF-7C28-4ADB-A4A0-385962B901C3}" = TOSHIBA ConfigFree
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65C0025A-2CDE-43C5-82D0-C7A56EF0DB39}" = Bing Bar Platform
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{95431C66-CF9A-4913-BFFF-6050785AFB65}" = SpyHunter
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2FB7DBA-CEEC-41F1-BC23-3323D96290F6}" = TOSHIBA Bulletin Board
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B894522E-C079-4DC8-A305-30BA6E2F4459}" = TOSHIBA ReelTime
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7A4F26F-F9B0-41B2-8659-99181108CDE3}" = TOSHIBA Media Controller
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CCF62642-ECB1-4D2B-80C0-3FD3286AEAED}" = TOSHIBA Sync Utility
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DC785DB7-D389-48C3-B146-96FE99BF4E2B}" = Vegas Pro 9.0
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EA50F6E4-8542-4B2B-B344-D080D5DA0EB1}" = BlackBerry Device Software Updater
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Akamai" = Akamai NetSession Interface
"Bass Audio Decoder" = Bass Audio Decoder (remove only)
"CD Audio Reader Filter" = CD Audio Reader Filter (remove only)
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DCoder Image Source" = DCoder Image Source (remove only)
"DirectVobSub" = DirectVobSub (remove only)
"DivX Setup.divx.com" = DivX Setup
"DScaler 5 Mpeg Decoders_is1" = DScaler 5 Mpeg Decoders
"EA Download Manager" = EA Download Manager
"ESET Online Scanner" = ESET Online Scanner v3
"ffdshow_is1" = ffdshow [rev 3124] [2009-11-03]
"FFMPEG Core Files" = FFMPEG Core Files (remove only)
"Gabest MPEG Splitter" = Gabest MPEG Splitter (remove only)
"HaaliMkx" = Haali Media Splitter
"HDMI" = Intel® Graphics Media Accelerator Driver
"Insaniquarium Deluxe 1.0" = Insaniquarium Deluxe 1.0
"Insaniquarium_Patch_Installer_1.2" = Insaniquarium Patch Installer 1.2
"InstallShield_{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{B2FB7DBA-CEEC-41F1-BC23-3323D96290F6}" = TOSHIBA Bulletin Board
"InstallShield_{B894522E-C079-4DC8-A305-30BA6E2F4459}" = TOSHIBA ReelTime
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"LimeWire" = LimeWire 5.5.16
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MONOGRAM AMR Splitter/Decoder" = MONOGRAM AMR Splitter/Decoder (remove only)
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"Nintendo DS Emulator" = Nintendo DS Emulator
"NIS" = Norton Internet Security
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OpenSource AVI Splitter" = OpenSource AVI Splitter (remove only)
"OpenSource DTS/AC3/DD+ Source Filter" = OpenSource DTS/AC3/DD+ Source Filter (remove only)
"OpenSource Flash Video Splitter" = OpenSource Flash Video Splitter (remove only)
"RealMedia" = RealMedia (remove only)
"SHOUTcast Source" = SHOUTcast Source (remove only)
"SpywareBlaster_is1" = SpywareBlaster 4.4
"StepMania" = StepMania 3.9a (remove only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Game Console" = WildTangent ORB Game Console
"uTorrent" = µTorrent
"WildTangent toshiba Master Uninstall" = WildTangent Games
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinPatrol" = WinPatrol
"WinRAR archiver" = WinRAR archiver
"WT083877" = Chuzzle Deluxe
"WT083885" = Zuma's Revenge
"WT083898" = Virtual Villagers - The Secret City
"WT083903" = Escape Rosecliff Island
"WT083929" = Bejeweled 2 Deluxe
"WT083957" = Jewel Quest 3
"WT083958" = Penguins!
"WT083959" = Polar Bowler
"WT083969" = Virtual Families
"WT084018" = FATE - The Traitor Soul
"ZoomPlayer" = Zoom Player (remove only)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2662990470-3689529364-4260953244-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Detector Plug-in
"World of Warcraft Trial" = World of Warcraft Trial

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/1/2010 5:57:06 PM | Computer Name = Krissy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10390

Error - 10/1/2010 5:57:07 PM | Computer Name = Krissy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10/1/2010 5:57:07 PM | Computer Name = Krissy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 11388

Error - 10/1/2010 5:57:07 PM | Computer Name = Krissy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 11388

Error - 10/1/2010 5:57:08 PM | Computer Name = Krissy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10/1/2010 5:57:08 PM | Computer Name = Krissy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 12386

Error - 10/1/2010 5:57:08 PM | Computer Name = Krissy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 12386

Error - 10/1/2010 5:57:09 PM | Computer Name = Krissy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10/1/2010 5:57:09 PM | Computer Name = Krissy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 13463

Error - 10/1/2010 5:57:09 PM | Computer Name = Krissy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 13463

[ System Events ]
Error - 9/23/2010 3:37:14 PM | Computer Name = Krissy-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Wlansvc service.

Error - 9/23/2010 8:50:43 PM | Computer Name = Krissy-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 9/24/2010 2:51:18 AM | Computer Name = Krissy-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 9/24/2010 1:21:56 PM | Computer Name = Krissy-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Wlansvc service.

Error - 9/24/2010 6:16:13 PM | Computer Name = Krissy-PC | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 9/24/2010 7:58:01 PM | Computer Name = Krissy-PC | Source = DCOM | ID = 10010
Description =

Error - 9/24/2010 9:15:34 PM | Computer Name = Krissy-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the NIS service.

Error - 9/24/2010 9:25:14 PM | Computer Name = Krissy-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Wlansvc service.

Error - 9/25/2010 7:46:42 AM | Computer Name = Krissy-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 9/25/2010 12:03:36 PM | Computer Name = Krissy-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.


< End of report >

#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,815 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:10 PM

Posted 05 October 2010 - 09:41 AM

Hi again, how are things running now?


P2P WARNING
-------------------
Going over your logs I noticed that you have uTorrent installed.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.



MALWAREBYTES ANTIMALWARE
-------------------------------------------
Please launch MBAM and update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#10 vitalbeach

vitalbeach
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Vancouver, BC
  • Local time:04:10 AM

Posted 05 October 2010 - 05:55 PM

Hi Elise,

My computer is still running pretty slowly.

Here is the MBAM log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4649

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

05/10/2010 3:49:50 PM
mbam-log-2010-10-05 (15-49-50).txt

Scan type: Full scan (C:\|)
Objects scanned: 248217
Time elapsed: 3 hour(s), 6 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,815 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:10 PM

Posted 06 October 2010 - 06:46 AM

QUOTE
1,013.00 Mb Total Physical Memory | 162.00 Mb Available Physical Memory | 16.00% Memory free
This is a small amount of RAM to run windows7 on.

You can try to run Startup Lite to disable any unnecessary items from starting up with Windows.

ESET ONLINE SCANNER
----------------------------
I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    Note - when ESET doesn't find any threats, no report will be created.
  12. Push the button.
  13. Push

Edited by elise025, 06 October 2010 - 06:47 AM.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 vitalbeach

vitalbeach
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Vancouver, BC
  • Local time:04:10 AM

Posted 06 October 2010 - 07:19 PM

Okay, here is the ESET log:

C:\Users\Krissy\Downloads\MsgPlusLive-485.exe a variant of Win32/MessengerPlus application cleaned by deleting - quarantined

#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,815 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:10 PM

Posted 07 October 2010 - 04:13 AM

Hi again,

ALL CLEAN
--------------
Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean smile.gif

Please do the following to remove the remaining programs from your PC:
  • Delete the tools used during the disinfection:
    • Click start > run and type combofix /uninstall, press enter. This will remove Combofix from your computer.
    • Delete DDS, GMER (this is a random named file) and OTL.
Please read these advices, in order to prevent reinfecting your PC:
  1. Install and update the following programs regularly:
    • an outbound firewall. If you are connected to the internet through a router, you are already behind a hardware firewall and as such you do not need an extra software firewall.
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
    • MVPs hosts file
      A tutorial for MVPs hosts file can be found here. If you would like automatic updates you might want to take a look at HostMan host file manager. For more information on thehosts file, and what it can do for you,please consult the Tutorial on the Hosts file
  2. Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.
    Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!
  3. Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.
  4. Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.
Some more links you might find of interest:

Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 vitalbeach

vitalbeach
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Vancouver, BC
  • Local time:04:10 AM

Posted 07 October 2010 - 10:32 AM

Hello, my computer seems to be working okay, although still a bit slow, but I assume this is for a different reason.

#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,815 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:10 PM

Posted 07 October 2010 - 11:28 AM

The slowness is most likely because of the small amount of RAM installed. There is little to do about that, except installing more RAM.

This topic will now be closed. If you need it reopened, please send me a PM.

Everyone else, please start a new topic.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users