ZeroAccess Rootkit

X

xephyria

New Member
Thread author
Sep 30, 2011
12
Hi,

I have a Lenovo Y430 laptop and recently I noticed the presence of this zeroaccess rootkit a few days ago while I was working. I tried to do a scan, but my anti-virus programmes stopped working. It always showed 'Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item.' after I tried to open the programmes. It also always prompted me to download this file:

Name: navcancl
Type: HTML Document, 2.64KB
From: ieframe.dll

Your help is very much appreciated! :)
 
D

Deleted member 178

follow this procedure:

http://malwaretips.com/Thread-How-to-completely-remove-ZeroAccess-Sirefef-rootkit-Removal-Guide?highlight=zeroaccess
 
win7holic

win7holic

New Member
Apr 20, 2011
2,079
first, you need to make bootable CD. are you have another computer?
if you have, create 1 bootable CD for yourself. such as kaspersky rescue disc.
second, download and burn into a CD. then, turn on your infected computer go to boot order then, you need change boot from CD at number 1, number 1 default is Hard Disk.
third, scan with it.

after that, press F2 or Del , and then choose; Safe mode with networking. download malwarebytes and hitman pro.
scan with it.

I do it for myself. on my Virtual machine.
 
X

xephyria

New Member
Thread author
Sep 30, 2011
12
I tried the guide yesterday, rkill didn't work, antizeroaccess.exe couldn't get rid of the infected files. (read my first post for details)

unfortunately, I don't have access to another computer and my optical drive died like 2 years ago..
 
D

Deleted member 178

ok, as Win7holic suggest, you should use kaspersky rescue disk but with a bootable usb, follow the instructions : http://support.kaspersky.com/faq/?qid=208282163
or you can use the Kaspersky rescue disk by downloading SARDU http://www.sarducd.it/ then download in SARDU the Kasp. Rescue disk (and other rescue disk if needed) then use SARDU as a bootable usb. then launch KRD

you can also try:

- Gmer: http://www.gmer.net/ and download the renamed exe (by clicking "download exe" button)
- Comodo Cleaning Essential: http://help.comodo.com/topic-119-1-208-2073-downloading-comodo-cleaning-essentials.html the download of the database may be a bit long depending your internet speed.
- Powertool: http://malwaretips.com/Thread-PowerTool-4-1-2011-10-01-english-support
- Norton Power Eraser: http://security.symantec.com/nbrt/npe.aspx?

let us know the results
 
D

Deleted member 178

normal windows normally, but can be in safe mode if not possible in normal mode. did you try the kaspersky rescue boot usb?

win7holic said:
download malwarebytes (install and then update it) and hitman pro 32bit
Click to expand...

he did it already but they failed.

for hitman Pro use the force breach mode, hold down the left CTRL-key when you start Hitman Pro and all non-essential processes are terminated, including normally the malware process.
 
X

xephyria

New Member
Thread author
Sep 30, 2011
12
I tried all of the programmes in both normal and safe mode, none of them worked. While installing KRD, there was a pop-up saying there is an error during installation. Gmer, Norton and Comodo were killed on the first run. The Rootkit.Sirefef free removal tool did not work too.

What do I do with Power Tool? I did not see any infected files or anything like that. There are no suspicious kernel modules, no hooks, no drivers infected.
 
moonshine

moonshine

Level 7
Verified
Apr 19, 2011
1,264
Hello and Good day. I suggest that you should not use a tool unless it is recommended to avoid further problems. What I can suggest is that since you don't have an optical drive, You can create the SARDU Bootable Rescue Utility within a USB Flash Drive. I recommend you to use the Kaspersky Rescue Disk, Dr. Web LiveCD and Avira Antivir Rescue System, Also include the UBCD4WIN Utility in SARDU and try running Malwarebytes' Antimalware, Hitman Pro and the ZeroAccess Removal Tool.
 
moonshine

moonshine

Level 7
Verified
Apr 19, 2011
1,264
I'll get back to you when I have finished thinking of a viable solution. This problem of yours is one of the hardest one I've faced. You can try plugging your hard drive to another computer that has a n optical drive and try running SARDU again then use the tools that I have recommended in my previous post.
 
Jack

Jack

Administrator
Verified
Staff Member
Well-known
Jan 24, 2011
9,378
Hello,
Please try to run a scan with Otl.

Scan with OTL:

  1. Please download OTL and save it to your Desktop.
  2. Right-click on OTL.exe and select Run as Administrator to start OTL.
  3. Double click on OTL.exe to run it.
  4. Under Output, ensure that Minimal Output is selected.
  5. Under Extra Registry section, select Use SafeList.
  6. Click the Scan All Users checkbox.
  7. Click on Run Scan at the top left hand corner.
  8. When done, two Notepad files will open.
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  9. Please post the contents of these 2 Notepad files in your next reply.

When completed the above, please post back :
Both OTL logs. <-- Post them individually please, IE: one Log per post/reply.

attachment.php



Did you try the ForceBreach mode from Hitman Pro?
 
X

xephyria

New Member
Thread author
Sep 30, 2011
12
Hi Jack, OTL crashed when I hit the scan button. Yes, I tried ForceBreach mode but it didn't work.
 
Jack

Jack

Administrator
Verified
Staff Member
Well-known
Jan 24, 2011
9,378
1.Try to rename the OTL.exe to iExplore.exe before you run it
Code: 
iExplore.exe
To do this, right-click on the OTL.exe icon that should now be on your Desktop and select Rename. You can now edit the name of the file to iExplore.exe.
2.Can you open your taskmanager?
If Yes , please post a screenshot.
3.If you have Java installed , please uninstall it from your computer.
 
X

xephyria

New Member
Thread author
Sep 30, 2011
12
I managed to get it to scan in safe mode. Here are the contents in OTL.txt

OTL logfile created on: 2/10/2011 12:28:05 AM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Xephyria\Desktop\New folder
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00004809 | Country: Singapore | Language: ENE | Date Format: d/M/yyyy

2.99 Gb Total Physical Memory | 2.21 Gb Available Physical Memory | 73.72% Memory free
5.99 Gb Paging File | 5.25 Gb Available in Paging File | 87.60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 252.81 Gb Total Space | 100.75 Gb Free Space | 39.85% Space Free | Partition Type: NTFS
Drive D: | 30.52 Gb Total Space | 16.86 Gb Free Space | 55.23% Space Free | Partition Type: NTFS

Computer Name: XEPHYRIA-PC | User Name: Xephyria | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Windows\207992514:1028233971.exe File not found
PRC - C:\Users\Xephyria\Desktop\New folder\iExplorer.exe (OldTimer Tools)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Windows\System32\IcnOvrly.dll ()


========== Win32 Services (SafeList) ==========

SRV - (WRConsumerService) -- File not found
SRV - (WebrootSpySweeperService) -- File not found
SRV - (nvsvc) -- File not found
SRV - (HitmanPro35CrusaderBoot) Hitman Pro 3.5 Crusader (Boot) -- C:\Users\Xephyria\Downloads\HitmanPro35.exe ()
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe ()
SRV - (nosGetPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (System_Repair_UpdateMonitor) -- C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe (Lenovo Group Limited)
SRV - (IGRS) -- C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe (Lenovo Group Limited)
SRV - (ReadyComm.DirectRouter) -- C:\Windows\System32\IgrsSvcs.exe (Microsoft Corporation)
SRV - (PS_MDP) -- C:\Windows\System32\IgrsSvcs.exe (Microsoft Corporation)
SRV - (IncSvc) -- C:\Windows\System32\IgrsSvcs.exe (Microsoft Corporation)
SRV - (O2FLASH) -- C:\Windows\System32\drivers\o2flash.exe (O2Micro International)
SRV - (SuperProServer) -- C:\Program Files\Soft Flow\FCAP Array v1.0\Server\WinNT\spnsrvnt.exe ()


========== Driver Services (SafeList) ==========

DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (hitmanpro35) -- C:\Windows\System32\drivers\hitmanpro35.sys ()
DRV - (TrufosAlt) -- C:\Windows\System32\drivers\TrufosAlt.sys (BitDefender S.R.L.)
DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\Windows\System32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSEH) -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\Windows\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (ssidrv) -- C:\Windows\system32\DRIVERS\ssidrv.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (ssfs0bbc) -- C:\Windows\system32\DRIVERS\ssfs0bbc.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (sshrmd) -- C:\Windows\system32\DRIVERS\sshrmd.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (PCTCore) -- C:\Windows\system32\drivers\PCTCore.sys (PC Tools)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (pctDS) -- C:\Windows\system32\drivers\pctDS.sys (PC Tools)
DRV - (PSI) -- C:\Windows\System32\drivers\psi_mf.sys (Secunia)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (NETw5s32) Intel(R) -- C:\Windows\System32\drivers\NETw5s32.sys (Intel Corporation)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (Cam5607) -- C:\Windows\System32\drivers\BisonC07.sys (Bison Electronics. Inc. )
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (ACPIVPC) -- C:\Windows\System32\drivers\AcpiVpc.sys (Lenovo Corporation)
DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (O2SDRDR) -- C:\Windows\System32\drivers\o2sd.sys (O2Micro )
DRV - (O2MDRDR) -- C:\Windows\System32\drivers\o2media.sys (O2Micro )
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (WDC_SAM) -- C:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (enecirhid) -- C:\Windows\System32\drivers\enecirhid.sys (ENE TECHNOLOGY INC.)
DRV - (enecir) -- C:\Windows\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.)
DRV - (enecirhidma) -- C:\Windows\System32\drivers\enecirhidma.sys (ENE TECHNOLOGY INC.)
DRV - (WSVD) -- C:\Windows\System32\drivers\WSVD.sys (CyberLink)
DRV - (tvtumon) -- C:\Windows\System32\drivers\tvtumon.sys (Lenovo)
DRV - (EMSC) -- C:\Windows\system32\DRIVERS\EMSC.SYS (Windows (R) Codename Longhorn DDK provider)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (SNTNLUSB) -- C:\Windows\System32\drivers\SNTNLUSB.SYS (Rainbow Technologies Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {ea0969b3-6e12-4ac0-b6c9-148e81247954} - C:\Program Files\Messenger_Plus_Live_Australia\tbMess.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3987451672-638147033-4213727604-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
IE - HKU\S-1-5-21-3987451672-638147033-4213727604-1004\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3987451672-638147033-4213727604-1004\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No CLSID value found
IE - HKU\S-1-5-21-3987451672-638147033-4213727604-1004\..\URLSearchHook: {1e82937c-f660-4a34-b6f0-b185c8729ea5} - No CLSID value found
IE - HKU\S-1-5-21-3987451672-638147033-4213727604-1004\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKU\S-1-5-21-3987451672-638147033-4213727604-1004\..\URLSearchHook: {ea0969b3-6e12-4ac0-b6c9-148e81247954} - C:\Program Files\Messenger_Plus_Live_Australia\tbMess.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3987451672-638147033-4213727604-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3987451672-638147033-4213727604-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Fast Browser Search"
FF - prefs.js..browser.search.defaulturl: "http://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=4&q="
FF - prefs.js..browser.search.order.1: "Fast Browser Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=616163"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com.sg/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:6.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.99
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1806
FF - prefs.js..extensions.enabledItems: redshift_V2@shift-themes.com:3.6
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@ahnlab.com/asp/npaosmgr.1: C:\Program Files\AhnLab\ASP\Components\aosmgr\conflict_221\npaosmgr.dll (AhnLab, Inc.)
FF - HKLM\Software\MozillaPlugins\@ahnlab.com/asp/npmkd25aos: C:\Program Files\AhnLab\ASP\MyKeyDefense 2.5\npmkd25aos.dll (AhnLab, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@ahnlab.com/asp/npmkd25aos: C:\Program Files\AhnLab\ASP\MyKeyDefense 2.5\npmkd25aos.dll (AhnLab, Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\Xephyria\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Xephyria\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Xephyria\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll (Octoshape ApS)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Xephyria\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Xephyria\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Xephyria\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Xephyria\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Xephyria\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/09/27 11:12:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/17 13:23:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/17 13:23:49 | 000,000,000 | ---D | M]

[2010/03/09 09:48:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Xephyria\AppData\Roaming\Mozilla\Extensions
[2011/10/01 15:03:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Xephyria\AppData\Roaming\Mozilla\Firefox\Profiles\jth42vui.default\extensions
[2010/04/27 21:16:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Xephyria\AppData\Roaming\Mozilla\Firefox\Profiles\jth42vui.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/08/23 20:54:33 | 000,000,000 | ---D | M] (Stylish) -- C:\Users\Xephyria\AppData\Roaming\Mozilla\Firefox\Profiles\jth42vui.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2010/10/17 12:10:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Xephyria\AppData\Roaming\Mozilla\Firefox\Profiles\jth42vui.default\extensions\{50931610-3d8e-11dd-ae16-0800200c9a66}
[2011/08/25 11:54:56 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\Xephyria\AppData\Roaming\Mozilla\Firefox\Profiles\jth42vui.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2011/07/04 09:51:45 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Xephyria\AppData\Roaming\Mozilla\Firefox\Profiles\jth42vui.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/03/18 11:28:34 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Xephyria\AppData\Roaming\Mozilla\Firefox\Profiles\jth42vui.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011/01/17 08:28:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Xephyria\AppData\Roaming\Mozilla\Firefox\Profiles\jth42vui.default\extensions\{ea0969b3-6e12-4ac0-b6c9-148e81247954}-trash
[2010/10/17 12:09:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Xephyria\AppData\Roaming\Mozilla\Firefox\Profiles\jth42vui.default\extensions\info@djzig.com
[2010/10/17 12:08:38 | 000,000,000 | ---D | M] (RedShift V3) -- C:\Users\Xephyria\AppData\Roaming\Mozilla\Firefox\Profiles\jth42vui.default\extensions\redshift_V2@shift-themes.com
[2011/09/27 11:13:43 | 000,003,739 | ---- | M] () -- C:\Users\Xephyria\AppData\Roaming\Mozilla\Firefox\Profiles\jth42vui.default\searchplugins\avg-secure-search.xml
[2009/12/23 23:40:32 | 000,009,941 | ---- | M] () -- C:\Users\Xephyria\AppData\Roaming\Mozilla\Firefox\Profiles\jth42vui.default\searchplugins\mywebsearch.xml
[2011/09/27 11:17:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/17 23:17:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/20 20:55:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/14 22:43:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/02/05 10:43:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/04/05 01:37:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/07/04 10:03:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/09/27 11:12:58 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/02/21 08:24:52 | 000,660,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npOGAPlugin.dll
[2011/09/17 13:23:43 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/09/17 13:23:43 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/09/17 13:23:43 | 000,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/09/17 13:23:43 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: AVG Secure Search (Enabled)
CHR - default_search_provider: search_url = http://isearch.avg.com/search?cid={D3939C4A-B65B-4244-A081-B1514F47A099}&mid=58b4285e2b2398758bea4a45a5d97b4f-a645f0db1685d84c007f550ea279318f5e3fa1c3&lang=en&ds=AVG&pr=fr&d=&v=&sap=dsp&q={searchTerms}
CHR - default_search_provider: suggest_url = http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Xephyria\AppData\Local\Google\Chrome\Application\14.0.835.186\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Xephyria\AppData\Local\Google\Chrome\Application\14.0.835.186\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Xephyria\AppData\Local\Google\Chrome\Application\14.0.835.186\pdf.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: Office Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Xephyria\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Xephyria\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Users\Xephyria\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Users\Xephyria\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll
CHR - plugin: AhnLab Online Security (Enabled) = C:\Program Files\AhnLab\ASP\Components\aosmgr\conflict_221\npaosmgr.dll
CHR - plugin: AhnLab MyKeyDefense 2.5 (Enabled) = C:\Program Files\AhnLab\ASP\MyKeyDefense 2.5\npmkd25aos.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Xephyria\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Xephyria\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Xephyria\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Xephyria\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: AVG Safe Search = C:\Users\Xephyria\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1804_0\

Hosts file not found
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - No CLSID value found.
O2 - BHO: (Messenger Plus Live Australia Toolbar) - {ea0969b3-6e12-4ac0-b6c9-148e81247954} - C:\Program Files\Messenger_Plus_Live_Australia\tbMess.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Messenger Plus Live Australia Toolbar) - {ea0969b3-6e12-4ac0-b6c9-148e81247954} - C:\Program Files\Messenger_Plus_Live_Australia\tbMess.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3987451672-638147033-4213727604-1004\..\Toolbar\WebBrowser: (no name) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No CLSID value found.
O3 - HKU\S-1-5-21-3987451672-638147033-4213727604-1004\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-3987451672-638147033-4213727604-1004\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKU\S-1-5-21-3987451672-638147033-4213727604-1004\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O3 - HKU\S-1-5-21-3987451672-638147033-4213727604-1004\..\Toolbar\WebBrowser: (Messenger Plus Live Australia Toolbar) - {EA0969B3-6E12-4AC0-B6C9-148E81247954} - C:\Program Files\Messenger_Plus_Live_Australia\tbMess.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4 - HKLM..\Run: [PlusService] C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
O4 - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SMARTAUDIO\SMAUDIO.EXE (Conexant Systems, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TmlCMode] C:\Program Files\Compal\TmlCMode\TmlCMode.exe (Compal Electronic Inc.)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files\Lenovo\VeriFaceIII\PManage.exe ()
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3987451672-638147033-4213727604-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3987451672-638147033-4213727604-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - %SystemRoot%\System32\winrnr.dll File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7C60CD6A-A8B0-4CAC-9C11-C4EBF776D116}: DhcpNameServer = 10.1.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A30652C-DA78-4742-80DC-9F48B0C2DF81}: DhcpNameServer = 10.176.66.71 10.188.66.103
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O24 - Desktop WallPaper: C:\Users\Xephyria\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Xephyria\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 07:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{34d0e4a5-6496-11e0-9e9f-001fe2f7c64c}\Shell - "" = AutoRun
O33 - MountPoints2\{34d0e4a5-6496-11e0-9e9f-001fe2f7c64c}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{3f740a0e-dffd-11e0-8662-001eec67b3a4}\Shell - "" = AutoRun
O33 - MountPoints2\{3f740a0e-dffd-11e0-8662-001eec67b3a4}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O34 - HKLM BootExecute: (bootdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\Windows\System32\drivers\
File not found -- C:\Windows\System32\
[2011/10/01 20:23:51 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\CrashDumps
[2011/10/01 20:23:40 | 000,040,016 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys_CLN
[2011/10/01 20:15:55 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\NPE
[2011/10/01 20:15:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011/10/01 14:31:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hitman Pro 3.5
[2011/10/01 14:31:36 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011/10/01 14:07:06 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\Desktop\New folder
[2011/10/01 13:45:36 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{E2DC0DFD-BB8F-4534-BE96-5B7264E8BFC8}
[2011/10/01 13:45:23 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{CCC4AC9A-0BA2-4C00-9097-D6821D34677E}
[2011/10/01 12:58:48 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{F0F5A646-4002-43A3-9A92-E621D0001F00}
[2011/10/01 03:39:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/10/01 03:23:27 | 000,656,320 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctEFA.sys
[2011/10/01 03:23:27 | 000,338,880 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctDS.sys
[2011/10/01 03:23:26 | 000,249,616 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2011/10/01 03:23:26 | 000,102,184 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2011/10/01 03:23:24 | 000,239,168 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2011/10/01 03:23:24 | 000,160,448 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2011/10/01 03:23:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security
[2011/10/01 03:23:22 | 000,070,536 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2011/10/01 03:23:18 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Roaming\PC Tools
[2011/10/01 03:23:18 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/10/01 03:15:25 | 000,339,600 | ---- | C] (BitDefender S.R.L.) -- C:\Windows\System32\drivers\TrufosAlt.sys
[2011/10/01 00:58:18 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{59C732E1-AB9D-45C3-93E4-6FB8E14A863A}
[2011/10/01 00:58:05 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{1C10D30D-989F-4FF4-BEF6-F77B8B3F86CA}
[2011/10/01 00:55:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/10/01 00:54:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/10/01 00:54:57 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/09/30 12:57:45 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{B1464504-4F9F-4B5F-AF87-0999F348769D}
[2011/09/30 12:57:42 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{508E5F87-B1FC-412C-AE75-4F9658F2204C}
[2011/09/29 23:53:34 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{2DDE5CE7-72A0-4B9A-AF13-582700F3DFB4}
[2011/09/29 23:53:08 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{92955107-18F8-4BFB-90C9-99FA2CC08DCB}
[2011/09/29 11:52:43 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{800D026F-221C-44AB-BC85-1B8CA4910EA2}
[2011/09/29 11:52:41 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{5EE3412E-9743-40BA-B565-8A7AD1883A08}
[2011/09/29 02:30:04 | 000,000,000 | ---D | C] -- C:\Program Files\MSSOAP
[2011/09/29 02:30:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2011/09/29 02:29:49 | 000,000,000 | ---D | C] -- C:\Program Files\Webroot
[2011/09/29 01:40:41 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2011/09/29 01:40:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011/09/28 23:52:09 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{D4380F8F-DF30-4EE3-A7E4-9C3AEA67141C}
[2011/09/28 23:51:57 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{D8E15083-E743-47EA-9897-62ADC60B496E}
[2011/09/28 11:09:52 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{B70B1CCC-A74D-4D45-B93F-31277C3387BE}
[2011/09/28 11:09:51 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{60E85EBC-2C33-4E94-BC56-462DF53A6BF8}
[2011/09/27 23:09:20 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{424DB085-4FF5-4FAB-9599-C93DC521B577}
[2011/09/27 23:09:07 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{146449F0-EE85-4F95-8050-602412AC8455}
[2011/09/27 12:00:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/09/27 11:27:07 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Roaming\AVG
[2011/09/27 11:14:32 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Roaming\AVG2012
[2011/09/27 11:12:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
[2011/09/27 11:11:24 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2011/09/27 11:08:20 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{EE9E42C1-C5CE-4767-BF03-D5E8690822B6}
[2011/09/27 11:08:01 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{1B661A3C-FF8B-4059-884D-2E6F8343D751}
[2011/09/26 23:54:47 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2011/09/26 23:52:47 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/09/26 22:53:05 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/09/26 22:53:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/09/26 22:53:05 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/09/26 22:52:52 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/09/26 22:52:45 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/09/26 20:30:49 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{9D18FDD1-23B7-4907-8691-6296D4ED62DA}
[2011/09/26 20:30:34 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{07C42C93-DEDF-4BCF-9B6C-EDA60582DA62}
[2011/09/26 11:45:44 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{E28135DA-0D0D-400E-87C5-384991271C15}
[2011/09/25 23:23:30 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Roaming\PDAppFlex
[2011/09/25 19:15:51 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{CD3F4BC3-7639-4AAD-8DCC-D06F79CEC305}
[2011/09/25 19:15:39 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{F173B534-9B7B-45EB-88CF-3148D54174B0}
[2011/09/25 07:15:51 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{00123D7C-66C3-499E-83B6-4C41CB020252}
[2011/09/24 19:15:37 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{C1826960-0490-48B2-AB52-7EE94C3D45E9}
[2011/09/24 19:15:25 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{C2FA8F88-182D-40F8-A7B7-0EF7827DCDE4}
[2011/09/24 07:14:58 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{053792B8-477F-4EF5-B3F3-05B11B23F099}
[2011/09/23 19:14:26 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{91433428-79D9-4B1B-9E14-64642C5AABD9}
[2011/09/23 19:14:10 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{FC7BAF89-5900-446F-A699-BF7D8077E0B2}
[2011/09/23 10:14:34 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{E545B141-18EE-4DFA-85B8-592613FD467E}
[2011/09/22 20:43:52 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{0A14CBB7-4E8A-4EC7-859B-1278D3DAE7BE}
[2011/09/22 20:43:33 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{844BA3F3-79D3-4E73-9784-9E1D880BBB2A}
[2011/09/22 10:00:25 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{4C7ABF38-F518-4924-8DD2-B9EAF3F419C9}
[2011/09/21 16:36:20 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{28D23E4F-CD8F-46CA-94C4-D7C73CEB73FB}
[2011/09/21 16:35:36 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{07D42F86-0AD4-42E1-A067-68CE85C4B381}
[2011/09/21 12:04:56 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/09/21 10:22:15 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{7AE849AE-44D7-416E-A216-AAD815632D91}
[2011/09/20 14:00:41 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{40C799D2-35EB-4EF3-BDC8-AB6F40DE78B8}
[2011/09/19 20:16:30 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{FD689BBB-7CA9-42F4-801E-420799FB10DF}
[2011/09/19 20:16:17 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{BCC5CD4C-E34E-4899-B13D-5BACCC8AACA7}
[2011/09/19 16:42:12 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011/09/19 16:42:08 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Download Assistant
[2011/09/19 11:57:27 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{8A8C72C7-04DC-4A74-B785-E4E070736EDD}
[2011/09/18 14:55:34 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{FF708B01-0FA9-4D94-85C0-CDE17418105F}
[2011/09/18 01:24:36 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{3F248BC5-DB61-45BB-B970-47DB9E339068}
[2011/09/17 13:23:58 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{72B8E1FE-B5A0-42C3-AD62-BCC6FEA29872}
[2011/09/17 13:23:42 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{763C4A95-99F0-4B3A-9CC1-8E6356BE8011}
[2011/09/17 05:01:54 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{F7961D84-AA07-4A13-86FC-2B9A24EDC60F}
[2011/09/16 17:01:36 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{1262316B-C871-4348-9C23-48C4443E89B4}
[2011/09/16 17:01:18 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{226D39C1-5704-4D7F-BC47-6FA553880AD0}
[2011/09/16 10:48:01 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{BBAD94B5-CB73-437F-9D86-D032DCC78340}
[2011/09/15 19:19:02 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{EFB59BDD-CD56-4B2B-A983-480FDFBA72A5}
[2011/09/15 19:18:46 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{2ECBFD61-C04B-47E2-8E02-CC8F4D250D09}
[2011/09/15 11:19:11 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{1258DA56-E88E-45C6-97CE-328452CAD500}
[2011/09/14 21:03:20 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{333180A8-7761-4E6A-81C8-50818D623E09}
[2011/09/14 21:03:08 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{CE962796-C179-4E95-ADBC-18D793EB040A}
[2011/09/14 13:07:01 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{62364E6F-D3DB-4CDC-9234-B91D6BE1B2E4}
[2011/09/13 20:21:08 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{D23E90EC-F711-456C-9C68-993AA4B3F39E}
[2011/09/13 20:20:55 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{DB2BE91C-23E7-4573-9A44-24DB9C042141}
[2011/09/13 11:09:45 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{F5BBC159-3EE4-4798-9063-6B8DCAB179ED}
[2011/09/13 11:01:53 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{CB3754D2-B3A6-4F2D-87A2-D84C6B3EEC40}
[2011/09/12 20:50:19 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{3D9E3A1F-C1C7-4053-A7DF-8F6A7F3C16E8}
[2011/09/12 20:50:00 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{1E3F4723-4CA8-4924-957A-18DA75CE06F4}
[2011/09/12 11:42:09 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{50F0F80A-9C87-442E-AC3C-469747378D25}
[2011/09/11 18:44:54 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{C1988CBB-CD1A-40F6-A3EC-2A387B42E671}
[2011/09/11 18:44:39 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{72586E9C-89AC-4740-8DD9-3575AE029555}
[2011/09/10 22:06:55 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{210ADADF-C21F-4DE8-8FAF-948264DC9279}
[2011/09/10 22:06:40 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{1DA92F09-C301-4A7F-8C09-42E0731C18F5}
[2011/09/10 10:06:11 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{750032A0-FEF5-457D-87AD-29B271DFBC8D}
[2011/09/09 22:05:44 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{4E7BA25C-BAA8-4544-80B5-A9A24AEF2451}
[2011/09/09 22:05:32 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{644532CB-F1EF-4DB7-8E65-E8ACE61AB1D0}
[2011/09/09 10:05:16 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{1EA20CF4-8F02-4BED-A7D7-A57C3812F728}
[2011/09/09 10:05:14 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{0F29B55D-7379-4864-8C29-8054586BFC32}
[2011/09/08 22:04:46 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{386DA140-11F7-4053-BD93-4612E79F7167}
[2011/09/08 22:04:33 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{22E78469-0A66-4B29-B070-2AA660F66D07}
[2011/09/07 21:46:01 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{43A67F2A-D53B-4FD7-96E9-1B236390D5E3}
[2011/09/07 21:45:48 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{8790CBFD-27EB-47D3-A6C5-342E7D3EB696}
[2011/09/07 09:45:30 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{C6C8DF46-61DC-4511-B9E6-B7DB7E795228}
[2011/09/07 09:45:27 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{1B26DF2F-0550-4F8B-A12F-8DBFA6015F21}
[2011/09/06 20:35:49 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{C498A37C-A4C0-44DC-8B5A-9E8718B4BAD8}
[2011/09/06 20:35:32 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{404550A1-37D6-45EE-B87C-48EB52A76C43}
[2011/09/06 07:57:10 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{E9203349-8904-49AA-8D06-11AF68379750}
[2011/09/05 19:39:42 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{53F1957C-2364-4242-AB45-8E360BBFC08F}
[2011/09/05 19:39:41 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{EB135E73-9209-42E6-A375-92CB2A91F632}
[2011/09/05 07:39:06 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{B3B64FBE-2FA2-4A82-AB4D-DDEDAA316185}
[2011/09/05 07:38:24 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{B85EE0A5-7C50-45ED-AE34-C44A9BE67462}
[2011/09/04 13:03:31 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{B8AABB06-8963-45B3-A480-ED93EDC4B9D2}
[2011/09/04 13:03:19 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{F4BEBD93-FCDA-4FD1-A0A2-F9AD1F5FFB0C}
[2011/09/03 21:29:50 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{0651F868-2850-4E8D-BFC6-F256DE4C363D}
[2011/09/03 09:29:12 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{DB0E994F-8633-4B6B-A934-77FEA29B4C55}
[2011/09/02 21:28:38 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{1EA7A2A3-351C-45C8-9CA1-F1EAE2A7AFB9}
[2011/09/02 21:28:22 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{9DEFD901-C7ED-4835-B5EC-EEFE3EBBADAE}
[2011/09/02 11:02:36 | 000,000,000 | ---D | C] -- C:\Users\Xephyria\AppData\Local\{F932588B-EEB2-4F8A-9C02-2FFBACF93EED}
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

File not found -- C:\Windows\System32\drivers\
File not found -- C:\Windows\System32\
[2011/10/02 00:31:22 | 000,714,162 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/10/02 00:31:22 | 000,152,218 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/10/02 00:26:13 | 000,000,000 | ---- | M] () -- C:\Windows\207992514
[2011/10/02 00:25:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/02 00:25:58 | 2411,655,168 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/02 00:22:36 | 000,215,926 | ---- | M] () -- C:\Users\Xephyria\Desktop\task manger.jpg
[2011/10/01 23:57:01 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3987451672-638147033-4213727604-1004UA.job
[2011/10/01 21:09:03 | 000,009,728 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/01 21:09:03 | 000,009,728 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/01 21:01:41 | 000,000,056 | -HS- | M] () -- C:\_PartitionInfo
[2011/10/01 21:01:37 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\RegCure Startup.job
[2011/10/01 21:01:24 | 000,048,016 | -HS- | M] () -- C:\Windows\System32\c_41391.nl_
[2011/10/01 21:00:56 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2011/10/01 20:23:40 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys_CLN
[2011/10/01 16:57:02 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3987451672-638147033-4213727604-1004Core.job
[2011/10/01 16:46:26 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/10/01 14:31:38 | 000,023,624 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/10/01 13:57:55 | 000,646,656 | ---- | M] () -- C:\Users\Xephyria\Desktop\OTS.exe
[2011/10/01 13:48:26 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/10/01 13:42:03 | 000,007,252 | ---- | M] () -- C:\Windows\System32\.crusader
[2011/10/01 03:15:26 | 000,339,600 | ---- | M] (BitDefender S.R.L.) -- C:\Windows\System32\drivers\TrufosAlt.sys
[2011/10/01 02:47:01 | 001,008,092 | ---- | M] () -- C:\Users\Xephyria\Desktop\rkill(2).com
[2011/10/01 02:16:10 | 001,008,092 | ---- | M] () -- C:\Users\Xephyria\Desktop\iExplore(2).exe
[2011/10/01 02:12:53 | 000,000,164 | ---- | M] () -- C:\Windows\install.dat
[2011/10/01 01:33:56 | 000,294,400 | ---- | M] () -- C:\Users\Xephyria\Desktop\exeHelper (2).com
[2011/10/01 01:10:03 | 001,008,092 | ---- | M] () -- C:\Users\Xephyria\Desktop\rkill.scr
[2011/10/01 01:09:35 | 001,008,092 | ---- | M] () -- C:\Users\Xephyria\Desktop\rkill.exe
[2011/09/30 12:53:23 | 473,517,156 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/09/30 11:58:18 | 000,000,103 | -H-- | M] () -- C:\ProgramData\obmlf5
[2011/09/29 02:27:54 | 001,008,092 | ---- | M] () -- C:\Users\Xephyria\Desktop\rkill.com
[2011/09/29 01:42:13 | 001,454,782 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2011/09/29 00:40:04 | 004,228,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/09/28 23:53:52 | 047,369,160 | ---- | M] () -- C:\Windows\System32\MRT.exe
[2011/09/28 22:38:25 | 000,007,513 | ---- | M] () -- C:\Users\Xephyria\Documents\FlowJo75.prefs
[2011/09/27 11:15:44 | 105,150,346 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2011/09/27 00:17:30 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msclmd.dll
[2011/09/26 22:31:32 | 000,000,837 | ---- | M] () -- C:\Windows\System32\drivers\etc\HOSTS.MVP
[2011/09/26 20:52:23 | 000,000,000 | ---- | M] () -- C:\Users\Xephyria\AppData\Local\prvlcl.dat
[2011/09/26 20:42:29 | 000,000,000 | -HS- | M] () -- C:\Windows\{2521BB91-29B1-4d7e-9137-AC9875D77735}
[2011/09/24 03:00:00 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\RegCure.job
[2011/09/23 11:34:51 | 000,020,588 | ---- | M] () -- C:\Users\Xephyria\Desktop\VID ethics_2011.pdf
[2011/09/14 22:26:55 | 000,000,272 | ---- | M] () -- C:\Users\Xephyria\AppData\Roaming\.backup.dm
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/02 00:22:35 | 000,215,926 | ---- | C] () -- C:\Users\Xephyria\Desktop\task manger.jpg
[2011/10/01 13:57:40 | 000,646,656 | ---- | C] () -- C:\Users\Xephyria\Desktop\OTS.exe
[2011/10/01 13:43:58 | 000,000,000 | ---- | C] () -- C:\Windows\207992514
[2011/10/01 13:43:18 | 000,048,016 | -HS- | C] () -- C:\Windows\System32\c_41391.nl_
[2011/10/01 13:42:03 | 000,007,252 | ---- | C] () -- C:\Windows\System32\.crusader
[2011/10/01 03:39:31 | 000,023,624 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/10/01 02:46:53 | 001,008,092 | ---- | C] () -- C:\Users\Xephyria\Desktop\rkill(2).com
[2011/10/01 02:15:59 | 001,008,092 | ---- | C] () -- C:\Users\Xephyria\Desktop\iExplore(2).exe
[2011/10/01 01:33:47 | 000,294,400 | ---- | C] () -- C:\Users\Xephyria\Desktop\exeHelper (2).com
[2011/10/01 01:09:45 | 001,008,092 | ---- | C] () -- C:\Users\Xephyria\Desktop\rkill.scr
[2011/10/01 01:09:11 | 001,008,092 | ---- | C] () -- C:\Users\Xephyria\Desktop\rkill.exe
[2011/09/29 12:06:43 | 473,517,156 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/09/29 02:27:51 | 001,008,092 | ---- | C] () -- C:\Users\Xephyria\Desktop\rkill.com
[2011/09/29 02:09:08 | 000,000,164 | ---- | C] () -- C:\Windows\install.dat
[2011/09/29 01:41:47 | 001,454,782 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2011/09/26 22:53:05 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/09/26 22:53:05 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/09/26 22:53:05 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/09/26 22:53:05 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/09/26 22:53:05 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/09/26 20:42:29 | 000,000,000 | -HS- | C] () -- C:\Windows\{2521BB91-29B1-4d7e-9137-AC9875D77735}
[2011/09/26 00:25:25 | 000,001,181 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.1.lnk
[2011/09/26 00:23:25 | 000,001,143 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.1.lnk
[2011/09/26 00:22:43 | 000,001,236 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.5.lnk
[2011/09/26 00:21:08 | 000,001,337 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.5.lnk
[2011/09/26 00:20:55 | 000,001,509 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.5.lnk
[2011/09/23 11:34:36 | 000,020,588 | ---- | C] () -- C:\Users\Xephyria\Desktop\VID ethics_2011.pdf
[2011/09/19 17:09:40 | 000,000,967 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2011/09/19 16:42:08 | 000,001,013 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk
[2011/09/14 22:26:55 | 000,000,272 | ---- | C] () -- C:\Users\Xephyria\AppData\Roaming\.backup.dm
[2011/05/02 13:24:40 | 000,000,016 | -H-- | C] () -- C:\ProgramData\obtf504
[2011/03/02 22:37:25 | 000,000,600 | ---- | C] () -- C:\Users\Xephyria\AppData\Roaming\winscp.rnd
[2010/09/09 23:07:14 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2010/08/28 11:13:58 | 000,129,024 | ---- | C] () -- C:\Windows\System32\AVERM.dll
[2010/08/28 11:13:58 | 000,028,672 | ---- | C] () -- C:\Windows\System32\AVEQT.dll
[2010/08/18 14:01:53 | 000,303,104 | ---- | C] () -- C:\Windows\System32\eST3snm.dll
[2010/06/15 23:56:17 | 000,921,600 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll
[2010/06/15 23:56:17 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll
[2010/06/15 23:56:17 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2010/06/15 23:56:17 | 000,045,056 | ---- | C] () -- C:\Windows\System32\Ogg.dll
[2010/06/02 13:44:18 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2010/06/02 13:44:18 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
[2010/05/06 21:13:52 | 000,711,168 | ---- | C] () -- C:\Windows\is-T77SI.exe
[2010/04/24 15:39:33 | 000,000,000 | ---- | C] () -- C:\Users\Xephyria\AppData\Local\prvlcl.dat
[2010/04/16 17:55:18 | 000,000,103 | -H-- | C] () -- C:\ProgramData\obmlf5
[2010/03/12 17:48:05 | 047,369,160 | ---- | C] () -- C:\Windows\System32\MRT.exe
[2010/03/09 11:55:12 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/03/09 10:00:47 | 000,021,316 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2009/10/28 09:22:08 | 004,835,652 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2009/10/28 09:16:44 | 001,632,375 | ---- | C] () -- C:\Windows\System32\ffmpegmt.dll
[2009/10/28 09:16:12 | 000,611,638 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2009/10/28 09:10:02 | 000,143,872 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2009/10/28 08:46:26 | 000,248,320 | ---- | C] () -- C:\Windows\System32\ff_kernelDeint.dll
[2009/10/28 08:28:08 | 000,324,096 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2009/10/17 09:58:06 | 000,183,296 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2009/10/17 09:57:06 | 000,146,944 | ---- | C] () -- C:\Windows\System32\ff_tremor.dll
[2009/10/17 09:04:24 | 000,178,688 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2009/10/17 09:04:08 | 000,113,152 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2009/10/17 09:03:48 | 000,257,024 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2009/10/17 09:03:44 | 000,142,848 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2009/10/17 09:03:40 | 000,484,864 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll
[2009/10/17 06:53:32 | 000,100,864 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2009/10/17 06:53:20 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/10/17 05:40:42 | 000,957,047 | ---- | C] () -- C:\Windows\System32\ff_x264.dll
[2009/10/17 05:38:20 | 000,914,464 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/08/12 06:21:26 | 000,087,552 | ---- | C] () -- C:\Windows\System32\ac3config.exe
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/08/01 08:56:43 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/07/14 14:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 14:33:53 | 004,228,720 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 12:05:48 | 000,697,864 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 12:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 12:05:48 | 000,144,308 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 12:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 12:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 12:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 09:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 09:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 09:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/25 22:26:01 | 000,000,000 | ---- | C] () -- C:\Windows\popcinfo.dat
[2009/06/11 07:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/06/03 16:19:39 | 000,000,174 | ---- | C] () -- C:\Windows\hpbafd.ini
[2009/06/03 16:15:46 | 000,094,274 | ---- | C] () -- C:\Windows\System32\HPBHEALR.DLL
[2009/06/03 14:07:21 | 000,135,168 | ---- | C] () -- C:\Windows\System32\snmp_pp.dll
[2009/06/03 14:07:20 | 000,278,528 | ---- | C] () -- C:\Windows\System32\GL2PRCFG.DLL
[2009/06/03 14:07:20 | 000,143,360 | ---- | C] () -- C:\Windows\System32\GL2CFG.DLL
[2009/05/14 02:36:06 | 000,000,065 | ---- | C] () -- C:\Windows\FISHUI.INI
[2009/03/13 19:35:25 | 000,151,552 | ---- | C] () -- C:\Windows\System32\nvRegDev.dll
[2009/03/04 18:43:28 | 000,508,200 | ---- | C] () -- C:\Windows\System32\ICCProfiles.dll
[2009/01/11 08:17:32 | 000,163,840 | ---- | C] () -- C:\Windows\System32\ts.dll
[2009/01/11 08:16:56 | 000,148,480 | ---- | C] () -- C:\Windows\System32\mkx.dll
[2009/01/11 08:16:50 | 000,108,032 | ---- | C] () -- C:\Windows\System32\avi.dll
[2009/01/11 08:16:14 | 000,141,312 | ---- | C] () -- C:\Windows\System32\mp4.dll
[2009/01/11 08:16:04 | 000,335,872 | ---- | C] () -- C:\Windows\System32\gdsmux.exe
[2009/01/11 08:15:54 | 000,120,832 | ---- | C] () -- C:\Windows\System32\ogm.dll
[2009/01/11 08:15:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\mmfinfo.dll
[2009/01/11 08:15:36 | 000,103,424 | ---- | C] () -- C:\Windows\System32\dsmux.exe
[2009/01/11 08:15:32 | 000,102,400 | ---- | C] () -- C:\Windows\System32\avss.dll
[2009/01/11 08:15:28 | 000,246,784 | ---- | C] () -- C:\Windows\System32\dxr.dll
[2009/01/11 08:15:12 | 000,097,280 | ---- | C] () -- C:\Windows\System32\avs.dll
[2009/01/11 08:15:06 | 000,135,168 | ---- | C] () -- C:\Windows\System32\mkv2vfr.exe
[2009/01/11 08:14:08 | 000,079,360 | ---- | C] () -- C:\Windows\System32\mkzlib.dll
[2009/01/11 08:14:06 | 000,023,552 | ---- | C] () -- C:\Windows\System32\mkunicode.dll
[2008/12/04 08:11:50 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/11/07 02:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/10/21 03:09:46 | 000,034,308 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2008/08/12 09:23:16 | 009,338,880 | ---- | C] () -- C:\Windows\System32\Facev.dll
[2008/08/12 09:23:16 | 000,491,520 | ---- | C] () -- C:\Windows\System32\picn.dll
[2008/08/12 09:23:16 | 000,208,896 | ---- | C] () -- C:\Windows\System32\image.dll
[2008/08/12 09:23:13 | 000,655,360 | ---- | C] () -- C:\Windows\System32\EncIcons.dll
[2008/08/12 09:23:13 | 000,507,904 | ---- | C] () -- C:\Windows\System32\SimpleExt.dll
[2008/08/12 09:23:13 | 000,241,752 | ---- | C] () -- C:\Windows\System32\IcnOvrly.dll
[2008/08/12 09:23:13 | 000,053,248 | ---- | C] () -- C:\Windows\System32\FunFrm.dll
[2008/08/12 09:23:12 | 009,502,720 | ---- | C] () -- C:\Windows\System32\FaceVerify.dll
[2008/08/12 09:23:12 | 001,564,672 | ---- | C] () -- C:\Windows\System32\MainOp.dll
[2008/08/12 09:23:12 | 001,163,264 | ---- | C] () -- C:\Windows\System32\PicNotify.dll
[2008/08/12 09:23:12 | 000,221,184 | ---- | C] () -- C:\Windows\System32\SetDev.dll
[2008/08/12 09:23:12 | 000,126,976 | ---- | C] () -- C:\Windows\System32\VideoOp.dll
[2008/08/12 09:23:12 | 000,094,208 | ---- | C] () -- C:\Windows\System32\Momo.dll
[2008/08/12 09:23:12 | 000,049,152 | ---- | C] () -- C:\Windows\System32\DevFilt.dll
[2008/08/12 09:23:11 | 001,974,272 | ---- | C] () -- C:\Windows\System32\Imagereog.dll
[2008/08/12 09:23:11 | 000,442,368 | ---- | C] () -- C:\Windows\System32\Apblend.dll
[2008/08/12 09:22:33 | 000,057,344 | ---- | C] () -- C:\Windows\AsfHelper.dll
[2008/08/12 08:50:24 | 000,015,190 | ---- | C] () -- C:\Windows\M
 
X

xephyria

New Member
Thread author
Sep 30, 2011
12
and here is the screenshot of task manager.[attachment=834]
 

Attachments

  • task manger.jpg
    task manger.jpg
    210.9 KB · Views: 284
D

Deleted member 178

you did all i suggested to you and it kill all of them even the force breach mode of HMP...it is very nasty....

can you go to a internet shop or using a friend computer then redo the Kaspersky Rescue disk usb or cd?
 
Jack

Jack

Administrator
Verified
Staff Member
Well-known
Jan 24, 2011
9,378
STEP 1 : Run the OTL Fix
  1. Start OTL again.
  2. Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    Ratzw.png


    Code: 
    :OTL
PRC - C:\Windows\207992514:1028233971.exe File not found
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3987451672-638147033-4213727604-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3987451672-638147033-4213727604-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7C60CD6A-A8B0-4CAC-9C11-C4EBF776D116}: DhcpNameServer = 10.1.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A30652C-DA78-4742-80DC-9F48B0C2DF81}: DhcpNameServer = 10.176.66.71 10.188.66.103
[2011/10/01 21:09:03 | 000,009,728 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/01 21:09:03 | 000,009,728 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/02 00:26:13 | 000,000,000 | ---- | M] () -- C:\Windows\207992514
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2011/10/01 21:01:37 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\RegCure Startup.job
[2011/09/24 03:00:00 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\RegCure.job
:Services
:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*
:Files
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[emptytemp]
[emptyflash]
[createrestorepoint]
[reboot]
  3. Then click the Run Fix button at the top
  4. Let the program run unhindered, reboot the PC when it is done.

STEP 2 : Start your computer in Safe Mode with Networking

  1. Remove all floppy disks, CDs, and DVDs from your computer, and then restart your computer.
  2. Do one of the following:
    • If your computer has a single operating system installed, press and hold the F8 key as your computer restarts. You need to press F8 before the Windows logo appears. If the Windows logo appears, you will need to try again by waiting until the Windows logon prompt appears, and then shutting down and restarting your computer.
    • If your computer has more than one operating system, use the arrow keys to highlight the operating system you want to start in safe mode, and then press F8.
  3. On the Advanced Boot Options screen, use the arrow keys to highlight Safe Mode with Networking , and then press ENTER. For more information about options, see Advanced startup options (including safe mode).
    I6J8P.jpg
  4. Log on to your computer with a user account that has administrator rights.


STEP 3 : Download and run RKill to terminate known malware processes.

  1. Download RKill - http://download.bleepingcomputer.com/grinler/iExplore.exe
  2. Double-click on the RKill icon in order to automatically attempt to stop any processes associated with this rouge.
    ZnT7s.png
  3. Now RKill will start working in the background, please be patient while the program looks for various malware programs and tries to ends them.
    gATdF.png
    • If you receive a message that RKill is an infection, that is a fake warning given by the rogue. As a possible solution we advise you to leave the warning on the screen and then try to run RKill again.Run RKill until the fake program is not visible but not more than ten times.
    • If you continue having problems running RKill, you can download the other renamed versions of RKill from the above links.
  4. When Rkill has completed its task, it will generate a log. You can then proceed with the rest of the guide.
Note: Do not reboot your computer after running RKill as the malware programs will start again.



STEP 4 : Download and run TDSSKiller


  1. Please download the latest official version of TDSSKiller.
  2. Before you can run TDSSKiller, you first need to rename it so that
    you can get it to run. To do this, right-click on the TDSSKiller.exe icon that should now be on your Desktop and select Rename. You can now rename it to iExplorer.exe
    Code: 
    iExplorer.exe
    ZXhAz.png
  3. Once the file is renamed, double-click on it to launch it.
  4. TDSSKiller will now start and display the welcome screen as shown below.In order to start a system scan , press the 'Start Scan' button.
    wmoCi.png
  5. TDSSKiller will now scan your computer for the TDSS infection.
    C5myc.png
  6. When the scan has finished it will display a result screen stating whether or not the infection was found on your computer. If it was found it will display a screen similar to the one below.
    7zchO.png
  7. To remove the infection simply click on the Continue button and TDSSKiller will attempt to clean the infection.
  8. A reboot might require to completely remove the malware from your system. In this scenario, always confirm the reboot action to be on the safe side.
  9. A log will be generated please post it in your next reply


STEP 4 : Download and run a scan with Dr.Web CureIt!

Download Dr.Web CureIt from here and rename it to iExplorer.exe.

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with Dr.Web CureIt as follows:
  1. Double-click on iExplorer.exe to open the program and click Start. (There is no need to update if you just downloaded the most current version)
  2. Read the anti-virus check by DrWeb scanner prompt and click Yes where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs. Be patient as loading of this file is not immediate.
  3. The Express scan will automatically begin.
    (This is a preliminary scan of files currently running in memory, boot sectors, and targeted folders).
  4. If prompted to download the Full version Free Trial, just ignore and click the X to close the window.
  5. If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All. (This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)
  6. After the Express Scan is finished, put a check next to Complete scan to scan all local disks and removable media.
  7. In the top menu, click Settings > Change settings, and uncheck "Heuristic analysis" under the "Scanning" tab, then click Apply, Ok.
  8. Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.
  9. Please be patient as this scan could take a long time to complete.
  10. When the scan has finished, a message will be displayed at the bottom indicating if any viruses were found.
  11. Click Select All, then choose Cure > Move incurable.
  12. In the top menu, click file and choose save report list.
  13. Save the DrWeb.csv report to your desktop.
  14. Exit Dr.Web Cureit when done.
  15. Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  16. After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)
 

Similar threads

L
  • Locked
Waiting for reply I have my first virus
Replies
1
Views
158
Windows Malware Removal Help & Support
nasdaq
nasdaq
C
    • Like
  • Locked
Help - Google Chrome Extension Virus reinstalls itself every hour
Replies
3
Views
843
Windows Malware Removal Help & Support
nasdaq
nasdaq
Guilhermesene
    • Like
    • Applause
Hot Take [Tutorial] Update Kaspersky when starting the system automatically
Replies
9
Views
736
Kaspersky
Jonny Quest
Jonny Quest

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top