Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Win32 trojan
Options
-
24-01-2013 8:45pm#1Hi,i have a dell laptop running windows 7 with microsoft security essentials,and i have a pop up appearing on my screen from my av on the bottom right of my screen saying threat detected.
The threat is a Trojan:Win32/Killav.Dr
Any ideas how to remove this?0
Comments
-
can you post the MSE log ?0
-
How do i do that?
Sorry for being a noob!0 -
Am not familiar with the program myself so maybe somebody else can pipe in if they know how.
When you run a scan, you should see something like "save as a log", "save as results", or a Log tab. If not, can you take a screenshot of what it found ? If you don't know how, skip that and just do the following instead
Download OTL to your Desktop- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- Click the Quick Scan button. Do not change any settings. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files here
0 -
Sorry for the delay in posting back about this.....
OTL logfile created on: 2/3/2013 5:27:15 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\castlebrook\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy
3.96 Gb Total Physical Memory | 2.35 Gb Available Physical Memory | 59.22% Memory free
7.92 Gb Paging File | 6.11 Gb Available in Paging File | 77.13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 299.15 Gb Free Space | 66.32% Space Free | Partition Type: NTFS
Drive E: | 25.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: CASTLEBROOK-PC | User Name: castlebrook | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - File not found --
PRC - [2013/01/19 21:30:55 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/12/18 14:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/10/09 10:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\castlebrook\AppData\Local\Akamai\netsession_win.exe
PRC - [2011/07/28 23:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/06/04 17:27:06 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/11/17 13:23:58 | 003,965,680 | ---- | M] (Birdstep Technology) -- C:\Program Files (x86)\3 Mobile Broadband\3Connect\WilogApp.exe
PRC - [2009/11/17 13:13:48 | 000,667,648 | ---- | M] (Birdstep Technology) -- C:\Program Files (x86)\3 Mobile Broadband\3Connect\AutoUpdateSrv.exe
PRC - [2009/09/11 18:07:00 | 001,779,952 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2009/06/09 16:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/06/05 01:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/05 01:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/09/26 15:19:04 | 000,210,208 | ---- | M] (Acresso Corporation) -- C:\ProgramData\Macrovision\FLEXnet Connect\11\ISUSPM.exe
========== Modules (No Company Name) ==========
MOD - [2013/01/19 21:30:27 | 003,022,232 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/01/11 15:09:53 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll
MOD - [2013/01/11 14:40:13 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\aa0c82eddc6cc12961a92835f777dcc0\System.Web.Services.ni.dll
MOD - [2013/01/11 14:39:35 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll
MOD - [2013/01/11 14:39:28 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/11 14:39:06 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/11 14:39:02 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013/01/11 14:39:01 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/11 14:38:56 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012/02/20 20:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 20:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/07/28 23:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 23:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2009/09/11 18:08:00 | 000,268,016 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
MOD - [2009/09/11 18:08:00 | 000,140,528 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
MOD - [2009/09/11 18:08:00 | 000,095,472 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
MOD - [2009/09/11 18:07:00 | 001,779,952 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
MOD - [2009/09/11 18:05:00 | 000,058,608 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
MOD - [2009/08/21 16:57:00 | 000,017,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\CppUtils.dll
========== Services (SafeList) ==========
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc -- (McAfee SiteAdvisor Service)
SRV:64bit: - [2012/09/12 21:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/09/12 21:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/07/17 01:06:22 | 000,033,280 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009/07/14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/29 04:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/06/09 16:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2013/01/19 21:30:54 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/01/09 15:47:46 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/18 14:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/11/12 19:59:00 | 004,539,712 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll -- (Akamai)
SRV - [2012/01/18 14:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/29 04:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe -- (STacSV)
SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/05 01:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2013/01/27 19:58:44 | 000,034,032 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\seehcri.sys -- (seehcri)
DRV:64bit: - [2012/08/30 22:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/08/23 14:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 14:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/06/17 16:31:07 | 000,027,176 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc)
DRV:64bit: - [2012/06/17 16:31:07 | 000,013,352 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt)
DRV:64bit: - [2012/03/01 06:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 10:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/06/15 09:10:14 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 13:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/10/21 09:45:20 | 000,034,816 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2010/10/21 09:45:18 | 000,028,160 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2010/10/21 09:45:18 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2010/07/12 18:36:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/09/28 09:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/09/10 13:31:56 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009/09/04 13:13:24 | 000,216,576 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2009/07/24 13:52:14 | 000,114,560 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ewusbdev.sys -- (hwusbdev)
DRV:64bit: - [2009/07/17 01:06:20 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2009/07/17 01:06:16 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 00:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/14 00:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/29 04:44:38 | 000,487,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/06/25 11:26:10 | 000,273,456 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/06/15 19:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/03 03:16:56 | 007,333,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/08 08:15:18 | 000,215,552 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {197ED3C0-0DD0-4D99-AFFB-7E683E2C857C}
IE:64bit: - HKLM\..\SearchScopes\{197ED3C0-0DD0-4D99-AFFB-7E683E2C857C}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {454AD6B7-CC71-4D1D-8E38-92FFF2428DDA}
IE - HKLM\..\SearchScopes\{454AD6B7-CC71-4D1D-8E38-92FFF2428DDA}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2504091
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {197ED3C0-0DD0-4D99-AFFB-7E683E2C857C}
IE - HKCU\..\SearchScopes\{AEC3E603-23C0-4A5A-9AE6-E9A1D0FD2444}: "URL" = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2504091
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "Twitter"
FF - prefs.js..extensions.enabledAddons: %7Bba14329e-9550-4989-b3f2-9732e92d17cc%7D:10.14.42.7
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=mcafee&p="
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.732: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\castlebrook\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/03/01 08:36:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/04/07 16:24:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/19 21:30:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/19 21:30:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/19 21:30:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/19 21:30:21 | 000,000,000 | ---D | M]
[2011/09/25 11:46:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\castlebrook\AppData\Roaming\Mozilla\Extensions
[2010/06/29 18:25:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\castlebrook\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2013/01/24 20:31:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\castlebrook\AppData\Roaming\Mozilla\Firefox\Profiles\naxtt7y0.default\extensions
[2013/01/24 20:31:17 | 000,000,000 | ---D | M] (Vuze Remote) -- C:\Users\castlebrook\AppData\Roaming\Mozilla\Firefox\Profiles\naxtt7y0.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2013/01/19 21:30:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/01/19 21:30:55 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/04/14 13:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2012/12/07 21:47:36 | 000,001,738 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/09/08 07:29:44 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/12/07 21:47:36 | 000,001,148 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/12/07 21:47:36 | 000,001,379 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/05/19 15:52:25 | 000,002,024 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012/10/12 21:14:50 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[2012/12/07 21:47:36 | 000,001,334 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml
O1 HOSTS File: ([2011/05/13 16:12:13 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL File not found
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120625004041.dll File not found
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll File not found
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120625004041.dll File not found
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\castlebrook\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\Macrovision\FLEXnet Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKCU..\Run: [Sony PC Companion] "C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /Background File not found
O4 - Startup: C:\Users\castlebrook\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F833173-1E52-46D5-9352-D8F70DCE13C4}: NameServer = 83.136.47.249 193.120.14.101
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AC7E5A78-367C-4F4B-A89F-157B512C25B7}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/11/18 14:18:22 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) - E:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2009/03/20 17:20:32 | 000,027,750 | R--- | M] () - E:\AutoRun.ico -- [ CDFS ]
O32 - AutoRun File - [2009/11/17 14:01:12 | 000,000,047 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013/02/03 17:26:18 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\castlebrook\Desktop\OTL.exe
[2013/01/31 17:42:30 | 000,000,000 | ---D | C] -- C:\Users\castlebrook\AppData\Local\Unity
[2013/01/27 19:59:51 | 000,000,000 | ---D | C] -- C:\Users\castlebrook\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sony Mobile
[2013/01/27 19:58:44 | 000,034,032 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\SysNative\drivers\seehcri.sys
[2013/01/27 19:57:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony Mobile
[2013/01/24 20:22:28 | 000,000,000 | ---D | C] -- C:\Users\castlebrook\AppData\Local\Programs
[2013/01/24 20:09:30 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013/01/19 21:30:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/01/10 13:15:58 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013/01/10 13:15:58 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013/01/10 13:15:02 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013/01/10 13:15:00 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2013/01/10 13:14:54 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs
[2013/01/10 13:14:54 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs
[2013/01/10 13:14:54 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs
[2013/01/10 13:14:54 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs
[2013/01/10 13:14:54 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs
[2013/01/10 13:14:54 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs
[2013/01/10 13:14:54 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs
[2013/01/10 13:14:54 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs
[2013/01/10 13:14:54 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs
[2013/01/10 13:14:54 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs
[2013/01/10 13:14:54 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs
[2013/01/10 13:14:54 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs
[2013/01/10 13:14:54 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs
[2013/01/10 13:14:54 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs
[2013/01/10 13:14:54 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs
[2013/01/10 13:14:54 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs
[2013/01/10 13:14:54 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs
[2013/01/10 13:14:54 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs
[2013/01/10 13:14:54 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs
[2013/01/10 13:14:54 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs
[2013/01/10 13:14:53 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2013/01/10 13:14:53 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2013/01/10 13:14:53 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll
[2013/01/10 13:14:53 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll
[2013/01/10 13:14:51 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs
[2013/01/10 13:14:51 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs
[2013/01/10 13:14:51 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs
[2013/01/10 13:14:51 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs
[2013/01/10 13:14:51 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs
[2013/01/10 13:14:51 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs
[2013/01/10 13:14:51 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs
[2013/01/10 13:14:51 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs
[2013/01/10 13:13:34 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013/01/10 13:13:32 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013/01/10 13:13:31 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013/01/10 13:13:31 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013/01/10 13:13:31 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013/01/10 13:13:30 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/01/10 13:13:30 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013/01/10 13:13:30 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/01/10 13:13:30 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013/01/10 13:13:30 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/01/10 13:13:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013/01/10 13:13:28 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013/01/10 13:13:28 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013/01/10 13:13:27 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013/01/10 13:13:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/10 13:13:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/10 13:13:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/10 13:13:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/10 13:13:26 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/10 13:13:26 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/10 13:13:26 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/10 13:13:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/10 13:13:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/10 13:13:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013/01/10 13:13:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013/01/10 13:13:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/10 13:13:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/10 13:13:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/10 13:13:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/10 13:13:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/10 13:13:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013/01/10 13:13:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013/01/10 13:13:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013/01/10 13:13:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013/01/10 13:13:25 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013/01/10 13:13:25 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/10 13:13:25 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/10 13:13:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013/01/10 13:13:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013/01/10 13:13:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013/01/10 13:13:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/10 13:13:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/10 13:13:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/10 13:13:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013/01/10 13:13:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013/01/10 13:13:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013/01/10 13:13:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013/01/10 13:13:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/10 13:13:24 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013/01/10 13:13:24 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/10 13:13:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/10 13:13:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013/01/10 13:13:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/10 13:13:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013/01/10 13:13:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013/01/10 13:13:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/10 13:13:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/10 13:13:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/10 13:13:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013/01/10 13:13:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013/01/10 13:13:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/10 13:13:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/10 13:13:22 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/01/10 13:13:22 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/01/10 13:13:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013/01/10 13:13:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013/01/10 13:13:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013/01/10 13:13:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013/01/10 13:13:20 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/01/10 13:11:44 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[2010/01/15 19:28:37 | 008,653,312 | ---- | C] (Dell, Inc. ) -- C:\Users\castlebrook\AppData\Roaming\DataSafeDotNet.exe
========== Files - Modified Within 30 Days ==========
[2013/02/03 17:29:59 | 000,393,216 | ---- | M] () -- C:\Users\Public\Documents\Documents.exe
[2013/02/03 17:26:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\castlebrook\Desktop\OTL.exe
[2013/02/03 16:45:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/03 12:46:00 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/03 12:46:00 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/03 12:38:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/03 12:38:31 | 3190,050,816 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/01 14:02:21 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/02/01 14:02:21 | 000,628,874 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/02/01 14:02:21 | 000,111,026 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/01/29 14:25:48 | 000,191,563 | ---- | M] () -- C:\Users\castlebrook\Documents\munster.themepack
[2013/01/27 19:58:44 | 000,034,032 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\SysNative\drivers\seehcri.sys
[2013/01/27 18:47:46 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01009.Wdf
[2013/01/24 20:22:54 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/22 22:32:50 | 000,001,810 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk
[2013/01/22 22:32:50 | 000,001,810 | ---- | M] () -- C:\Users\castlebrook\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2013/01/22 20:35:29 | 002,773,466 | ---- | M] () -- C:\Users\castlebrook\Desktop\DSC_0201.jpg
[2013/01/22 20:35:24 | 002,464,655 | ---- | M] () -- C:\Users\castlebrook\Desktop\DSC_0192.jpg
[2013/01/22 20:35:14 | 002,208,297 | ---- | M] () -- C:\Users\castlebrook\Desktop\DSC_0193.jpg
[2013/01/22 20:34:59 | 002,199,151 | ---- | M] () -- C:\Users\castlebrook\Desktop\DSC_0194.jpg
[2013/01/22 20:34:45 | 002,408,041 | ---- | M] () -- C:\Users\castlebrook\Desktop\DSC_0195.jpg
[2013/01/22 19:30:11 | 002,266,707 | ---- | M] () -- C:\Users\castlebrook\Desktop\DSC_0212.jpg
[2013/01/22 19:29:19 | 002,006,031 | ---- | M] () -- C:\Users\castlebrook\Desktop\DSC_0209.jpg
[2013/01/22 18:08:06 | 000,057,459 | ---- | M] () -- C:\Users\castlebrook\Desktop\130122-180806.jpg
[2013/01/22 18:06:46 | 000,053,804 | ---- | M] () -- C:\Users\castlebrook\Desktop\130122-180646.jpg
[2013/01/21 18:13:54 | 002,666,721 | ---- | M] () -- C:\Users\castlebrook\Desktop\DSC_0206.jpg
[2013/01/11 14:32:39 | 000,426,840 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/01/09 15:47:45 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/01/09 15:47:45 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
========== Files Created - No Company Name ==========
[2013/02/03 17:22:22 | 000,393,216 | ---- | C] () -- C:\Users\Public\Documents\Documents.exe
[2013/01/29 14:25:47 | 000,191,563 | ---- | C] () -- C:\Users\castlebrook\Documents\munster.themepack
[2013/01/27 18:47:46 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01009.Wdf
[2013/01/22 20:34:25 | 002,408,041 | ---- | C] () -- C:\Users\castlebrook\Desktop\DSC_0195.jpg
[2013/01/22 20:34:20 | 002,199,151 | ---- | C] () -- C:\Users\castlebrook\Desktop\DSC_0194.jpg
[2013/01/22 20:34:15 | 002,208,297 | ---- | C] () -- C:\Users\castlebrook\Desktop\DSC_0193.jpg
[2013/01/22 20:34:10 | 002,464,655 | ---- | C] () -- C:\Users\castlebrook\Desktop\DSC_0192.jpg
[2013/01/22 20:34:03 | 001,680,412 | ---- | C] () -- C:\Users\castlebrook\Desktop\DSC_0190.jpg
[2013/01/22 20:33:18 | 002,773,466 | ---- | C] () -- C:\Users\castlebrook\Desktop\DSC_0201.jpg
[2013/01/22 20:33:07 | 002,666,721 | ---- | C] () -- C:\Users\castlebrook\Desktop\DSC_0206.jpg
[2013/01/22 20:32:57 | 002,006,031 | ---- | C] () -- C:\Users\castlebrook\Desktop\DSC_0209.jpg
[2013/01/22 20:32:50 | 002,266,707 | ---- | C] () -- C:\Users\castlebrook\Desktop\DSC_0212.jpg
[2013/01/22 18:08:06 | 000,057,459 | ---- | C] () -- C:\Users\castlebrook\Desktop\130122-180806.jpg
[2013/01/22 18:06:46 | 000,053,804 | ---- | C] () -- C:\Users\castlebrook\Desktop\130122-180646.jpg
[2012/11/04 12:30:47 | 000,000,850 | ---- | C] () -- C:\Users\castlebrook\.recently-used.xbel
[2012/09/13 23:59:00 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/06/25 12:28:26 | 000,071,262 | ---- | C] () -- C:\Windows\Huawei ModemsUninstall.exe
[2010/11/23 22:59:30 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/07/09 15:49:32 | 000,000,429 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2010/02/05 21:14:24 | 000,007,600 | ---- | C] () -- C:\Users\castlebrook\AppData\Local\Resmon.ResmonCfg
[2010/01/27 10:34:34 | 000,020,992 | ---- | C] () -- C:\Users\castlebrook\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/13 20:16:40 | 000,000,530 | ---- | C] () -- C:\Users\castlebrook\AppData\Roaming\wklnhst.dat
========== ZeroAccess Check ==========
[2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 05:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 12:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== Alternate Data Streams ==========
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:8CE646EE
< End of report >0 -
I see you ran tdsskiller before, can you post the log from it, it should be at C:\
Any luck getting the MSE log ?
open OTL copy and paste this into the custom scan/fixes box
:OTL
O32 - AutoRun File - [2009/11/18 14:18:22 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) - E:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2009/03/20 17:20:32 | 000,027,750 | R--- | M] () - E:\AutoRun.ico -- [ CDFS ]
O32 - AutoRun File - [2009/11/17 14:01:12 | 000,000,047 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
[2013/02/03 17:22:22 | 000,393,216 | ---- | C] () -- C:\Users\Public\Documents\Documents.exe
:Commands
[PURITY]
[EMPTYTEMP]
[EMPTYFLASH]
[RESETHOSTS]
[EMPTYJAVA]
[CREATERESTOREPOINT]
[Reboot]
:Files
ipconfig /flushdns /c
click run fix post the log it gives.0 -
Advertisement
-
You could tell i ran tds killer from all that:eek:
Here's the otl log
All processes killed
========== OTL ==========
File move failed. E:\AutoRun.exe scheduled to be moved on reboot.
File move failed. E:\AutoRun.ico scheduled to be moved on reboot.
File move failed. E:\AUTORUN.INF scheduled to be moved on reboot.
C:\Users\Public\Documents\Documents.exe moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: castlebrook
->Temp folder emptied: 254466609 bytes
->Temporary Internet Files folder emptied: 13488678 bytes
->Java cache emptied: 901997 bytes
->FireFox cache emptied: 86079322 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 3092460 bytes
User: castlebrook conna
->Temp folder emptied: 10837 bytes
->Temporary Internet Files folder emptied: 4071337 bytes
->Flash cache emptied: 456 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Mcx1-CASTLEBROOK-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 287682655 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 53977 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 666 bytes
RecycleBin emptied: 1065 bytes
Total Files Cleaned = 620.00 mb
[EMPTYFLASH]
User: All Users
User: castlebrook
->Flash cache emptied: 0 bytes
User: castlebrook conna
->Flash cache emptied: 0 bytes
User: Default
->Flash cache emptied: 0 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: Mcx1-CASTLEBROOK-PC
User: Public
Total Flash Files Cleaned = 0.00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYJAVA]
User: All Users
User: castlebrook
->Java cache emptied: 0 bytes
User: castlebrook conna
User: Default
User: Default User
User: Mcx1-CASTLEBROOK-PC
User: Public
Total Java Files Cleaned = 0.00 mb
System Restore Service not available.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\castlebrook\Downloads\cmd.bat deleted successfully.
C:\Users\castlebrook\Downloads\cmd.txt deleted successfully.
OTL by OldTimer - Version 3.2.69.0 log created on 02032013_194108
Files\Folders moved on Reboot...
File move failed. E:\AutoRun.exe scheduled to be moved on reboot.
File move failed. E:\AutoRun.ico scheduled to be moved on reboot.
File move failed. E:\AUTORUN.INF scheduled to be moved on reboot.
C:\Users\castlebrook\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Checked the c drive for the tds killer log but it doesnt seem to be there?
Did a bit of digging and found this in
c:\program data\microsoft\microsoft antimalware\support
2013-01-12T10:41:09.540Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2013-01-12T10:41:19.265Z Version: Product 4.1.522.0 Service 4.1.522.0 Engine 1.1.9002.0 AS 1.141.3711.0 AV 1.141.3711.0
2013-01-12T22:22:06.421Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2013-01-12T22:22:11.024Z Version: Product 4.1.522.0 Service 4.1.522.0 Engine 1.1.9002.0 AS 1.141.3711.0 AV 1.141.3711.0
2013-01-13T10:41:57.561Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2013-01-13T10:42:01.600Z Version: Product 4.1.522.0 Service 4.1.522.0 Engine 1.1.9002.0 AS 1.141.3805.0 AV 1.141.3805.0
2013-01-15T16:01:15.360Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2013-01-15T16:01:21.630Z Version: Product 4.1.522.0 Service 4.1.522.0 Engine 1.1.9002.0 AS 1.141.3874.0 AV 1.141.3874.0
2013-01-16T16:42:27.847Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2013-01-16T16:42:31.450Z Version: Product 4.1.522.0 Service 4.1.522.0 Engine 1.1.9002.0 AS 1.141.3946.0 AV 1.141.3946.0
2013-01-16T21:05:42.369Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2013-01-16T21:05:45.037Z Version: Product 4.1.522.0 Service 4.1.522.0 Engine 1.1.9103.0 AS 1.143.94.0 AV 1.143.94.0
2013-01-17T10:01:41.738Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2013-01-17T10:02:42.406Z Version: Product 4.1.522.0 Service 4.1.522.0 Engine 1.1.9103.0 AS 1.143.94.0 AV 1.143.94.0
2013-01-17T17:34:36.315Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2013-01-17T17:34:38.920Z Version: Product 4.1.522.0 Service 4.1.522.0 Engine 1.1.9103.0 AS 1.143.94.0 AV 1.143.94.0
2013-01-18T07:48:58.660Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2013-01-18T07:49:03.214Z Version: Product 4.1.522.0 Service 4.1.522.0 Engine 1.1.9103.0 AS 1.143.180.0 AV 1.143.180.0
2013-01-19T21:08:25.003Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2013-01-19T21:08:29.121Z Version: Product 4.1.522.0 Service 4.1.522.0 Engine 1.1.9103.0 AS 1.143.180.0 AV 1.143.180.0
2013-01-20T09:13:10.739Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2013-01-20T09:13:13.968Z Version: Product 4.1.522.0 Service 4.1.522.0 Engine 1.1.9103.0 AS 1.143.376.0 AV 1.143.376.0
2013-01-21T18:11:49.861Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2013-01-21T18:11:52.794Z Version: Product 4.1.522.0 Service 4.1.522.0 Engine 1.1.9103.0 AS 1.143.376.0 AV 1.143.376.0
2013-01-21T18:24:34.814Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Public.exe
2013-01-21T18:25:23.389Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Public.exe
2013-01-21T18:28:20.496Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Public.exe
2013-01-21T18:31:36.937Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Public.exe
2013-01-21T18:33:26.898Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Public.exe
2013-01-21T18:34:10.835Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\AppData\AppData.exe
2013-01-21T18:34:43.464Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\AppData\AppData.exe
2013-01-21T18:35:23.932Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\AppData\AppData.exe
2013-01-21T18:36:07.418Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\AppData\AppData.exe
2013-01-21T18:36:48.536Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\AppData\AppData.exe
2013-01-21T18:37:49.470Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\AppData\Local\Local.exe
2013-01-21T18:39:05.214Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\AppData\Local\Local.exe
2013-01-21T18:39:51.128Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\AppData\Local\Local.exe
2013-01-21T18:40:34.842Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\AppData\Local\Local.exe
2013-01-21T18:41:20.448Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\AppData\Local\Local.exe
2013-01-21T18:41:51.400Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\AppData\Local\temp\temp.exe
2013-01-21T18:42:46.225Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\AppData\Local\temp\temp.exe
2013-01-21T18:43:36.797Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\AppData\Local\temp\temp.exe
2013-01-21T18:44:22.199Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\AppData\Local\temp\temp.exe
2013-01-21T18:45:19.417Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\AppData\Local\temp\temp.exe
2013-01-21T18:46:01.274Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Documents.exe
2013-01-21T18:46:43.810Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Documents.exe
2013-01-21T18:47:31.098Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Documents.exe
2013-01-21T18:48:16.453Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Documents.exe
2013-01-21T18:49:04.104Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Documents.exe
2013-01-21T18:49:41.929Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\microsoft\microsoft.exe
2013-01-21T18:50:21.772Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\microsoft\microsoft.exe
2013-01-21T18:50:41.790Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\microsoft\microsoft.exe
2013-01-21T18:51:26.453Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\microsoft\Any Video Converter Professional\Video Converter Professional.pif
2013-01-21T18:52:09.481Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\microsoft\Any Video Converter Professional\Video Converter Professional.pif
2013-01-21T18:52:54.393Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\microsoft\Any Video Converter Professional\Video Converter Professional.pif
2013-01-21T18:53:36.866Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\microsoft\Any Video Converter Professional\Video Converter Professional.pif
2013-01-21T18:54:28.214Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\microsoft\Any Video Converter Professional\Video Converter Professional.pif
2013-01-21T18:55:10.117Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\microsoft\Any Video Converter Professional\IPOD\IPOD.exe
2013-01-21T18:56:00.190Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\microsoft\Any Video Converter Professional\IPOD\IPOD.exe
2013-01-21T18:56:35.807Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\microsoft\Any Video Converter Professional\IPOD\IPOD.exe
2013-01-21T18:57:17.921Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\microsoft\Any Video Converter Professional\IPOD\IPOD.exe
2013-01-21T18:58:04.516Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\microsoft\Any Video Converter Professional\IPOD\IPOD.exe
2013-01-21T18:58:48.867Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\microsoft\IdentityCRL\IdentityCRL.pif
2013-01-21T18:59:38.365Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\microsoft\IdentityCRL\IdentityCRL.pif
2013-01-21T19:00:22.973Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\microsoft\IdentityCRL\IdentityCRL.pif
2013-01-21T19:00:57.705Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\microsoft\IdentityCRL\IdentityCRL.pif
2013-01-21T19:01:45.874Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\microsoft\IdentityCRL\IdentityCRL.pif
2013-01-21T19:02:33.659Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\microsoft\IdentityCRL\production\production.bat
2013-01-21T19:03:48.071Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\microsoft\IdentityCRL\production\production.bat
2013-01-21T19:04:38.782Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\microsoft\IdentityCRL\production\production.bat
2013-01-21T19:05:48.636Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\microsoft\IdentityCRL\production\production.bat
2013-01-21T19:06:36.656Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\microsoft\IdentityCRL\production\production.bat
2013-01-21T19:07:24.088Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Reallusion.bat
2013-01-21T19:08:22.802Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Reallusion.bat
2013-01-21T19:09:11.819Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Reallusion.bat
2013-01-21T19:09:34.671Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Reallusion.bat
2013-01-21T19:10:30.737Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Custom\Custom.exe
2013-01-21T19:11:23.973Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Custom\Custom.exe
2013-01-21T19:12:24.944Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Custom\Custom.exe
2013-01-21T19:13:29.271Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Custom\Custom.exe
2013-01-21T19:14:28.667Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Custom\Custom.exe
2013-01-21T19:15:20.577Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Custom\CrazyTalk 4 Custom\4 Custom.exe
2013-01-21T19:16:10.134Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Custom\CrazyTalk 4 Custom\4 Custom.exe
2013-01-21T19:16:43.064Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Custom\CrazyTalk 4 Custom\4 Custom.exe
2013-01-21T19:17:51.560Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Custom\CrazyTalk 4 Custom\4 Custom.exe
2013-01-21T19:21:03.151Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Custom\CrazyTalk 4 Custom\4 Custom.exe
2013-01-21T19:21:37.627Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Custom\CrazyTalk 4 Custom\ComicEffect\ComicEffect.exe
2013-01-21T19:22:26.810Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Custom\CrazyTalk 4 Custom\ComicEffect\ComicEffect.exe
2013-01-21T19:23:17.293Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Custom\CrazyTalk 4 Custom\ComicEffect\ComicEffect.exe
2013-01-21T19:24:34.889Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Custom\CrazyTalk 4 Custom\ComicEffect\ComicEffect.exe
2013-01-21T19:26:27.091Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Custom\CrazyTalk 4 Custom\ComicEffect\ComicEffect.exe
2013-01-21T19:28:52.451Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Custom\CrazyTalk 4 Custom\Custom Expression\Expression.bat
2013-01-21T19:33:17.377Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Custom\CrazyTalk 4 Custom\Custom Expression\Expression.bat
2013-01-21T19:33:50.596Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Custom\CrazyTalk 4 Custom\Custom Expression\Expression.bat
2013-01-21T19:37:45.491Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Custom\CrazyTalk 4 Custom\Custom Expression\Expression.bat
2013-01-21T19:38:51.646Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Custom\CrazyTalk 4 Custom\Custom Expression\Expression.bat
2013-01-21T19:40:35.975Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Custom\CrazyTalk 4 Custom\Custom Expression\Expression.bat
2013-01-21T19:41:22.689Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Custom\CrazyTalk 4 Custom\Custom Model\Model.pif
2013-01-21T19:42:24.848Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Custom\CrazyTalk 4 Custom\Custom Model\Model.pif
2013-01-21T19:43:05.980Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Custom\CrazyTalk 4 Custom\Custom Model\Model.pif
2013-01-21T19:43:59.494Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Custom\CrazyTalk 4 Custom\Custom Model\Model.pif
2013-01-21T19:44:51.644Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Custom\CrazyTalk 4 Custom\Custom Model\Model.pif
2013-01-21T19:45:33.943Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Custom\CrazyTalk 4 Custom\Custom VoiceFilter\VoiceFilter.scr
2013-01-21T19:47:19.748Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Custom\CrazyTalk 4 Custom\Custom VoiceFilter\VoiceFilter.scr
2013-01-21T19:48:19.521Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Custom\CrazyTalk 4 Custom\Custom VoiceFilter\VoiceFilter.scr
2013-01-21T19:50:12.349Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Custom\CrazyTalk 4 Custom\Custom VoiceFilter\VoiceFilter.scr
2013-01-21T19:51:48.490Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Custom\CrazyTalk 4 Custom\Model\Model.pif
2013-01-21T19:52:43.954Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Custom\CrazyTalk 4 Custom\Model\Model.pif
2013-01-21T19:53:23.237Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Custom\CrazyTalk 4 Custom\Model\Model.pif
2013-01-21T19:54:07.468Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Custom\CrazyTalk 4 Custom\Model\Model.pif
2013-01-21T19:54:53.957Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Custom\CrazyTalk 4 Custom\Model\Model.pif
2013-01-21T19:55:35.031Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Custom\CrazyTalk 4 Custom\Model\New Folder\Folder.pif
2013-01-21T19:56:19.399Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Custom\CrazyTalk 4 Custom\Model\New Folder\Folder.pif
2013-01-21T19:57:10.017Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Custom\CrazyTalk 4 Custom\Model\New Folder\Folder.pif
2013-01-21T19:58:21.690Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Custom\CrazyTalk 4 Custom\Model\New Folder\Folder.pif
2013-01-21T19:59:20.527Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Custom\CrazyTalk 4 Custom\Model\New Folder\Folder.pif
2013-01-21T19:59:59.076Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Custom\CrazyTalk 4 Custom\VoiceFilter\VoiceFilter.scr
2013-01-21T20:00:50.795Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Custom\CrazyTalk 4 Custom\VoiceFilter\VoiceFilter.scr
2013-01-21T20:01:30.320Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Custom\CrazyTalk 4 Custom\VoiceFilter\VoiceFilter.scr
2013-01-21T20:02:17.463Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Custom\CrazyTalk 4 Custom\VoiceFilter\VoiceFilter.scr
2013-01-21T20:03:06.792Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Custom\CrazyTalk 4 Custom\VoiceFilter\VoiceFilter.scr
2013-01-21T20:04:12.460Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\OneNote Notebooks\Notebooks.pif
2013-01-21T20:05:14.272Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\OneNote Notebooks\Notebooks.pif
2013-01-21T20:05:52.681Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\OneNote Notebooks\Notebooks.pif
2013-01-21T20:06:39.620Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\OneNote Notebooks\Notebooks.pif
2013-01-21T20:07:07.289Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\OneNote Notebooks\Notebooks.pif
2013-01-21T20:07:48.684Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\OneNote Notebooks\OneNote 2007 Guide\2007 Guide.exe
2013-01-21T20:08:23.103Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\OneNote Notebooks\OneNote 2007 Guide\2007 Guide.exe
2013-01-21T20:09:36.179Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\OneNote Notebooks\OneNote 2007 Guide\2007 Guide.exe
2013-01-21T20:11:14.760Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\OneNote Notebooks\OneNote 2007 Guide\2007 Guide.exe
2013-01-21T20:12:51.638Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\OneNote Notebooks\OneNote 2007 Guide\2007 Guide.exe
2013-01-21T20:14:57.171Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\OneNote Notebooks\Personal Notebook\Notebook.exe
2013-01-21T20:16:44.168Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\OneNote Notebooks\Personal Notebook\Notebook.exe
2013-01-21T20:18:36.211Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\OneNote Notebooks\Personal Notebook\Notebook.exe
2013-01-21T20:19:24.424Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\OneNote Notebooks\Personal Notebook\Notebook.exe
2013-01-21T20:20:06.835Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\OneNote Notebooks\Personal Notebook\Notebook.exe
2013-01-21T20:21:05.273Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\OneNote Notebooks\Work Notebook\Notebook.exe
2013-01-21T20:22:05.727Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\OneNote Notebooks\Work Notebook\Notebook.exe
2013-01-21T20:23:30.005Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\OneNote Notebooks\Work Notebook\Notebook.exe
2013-01-21T20:25:05.006Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\OneNote Notebooks\Work Notebook\Notebook.exe
2013-01-21T20:26:29.771Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\OneNote Notebooks\Work Notebook\Notebook.exe
2013-01-21T20:27:38.726Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Shared Custom\Custom.exe
2013-01-21T20:28:32.921Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Shared Custom\Custom.exe
2013-01-21T20:29:40.171Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Shared Custom\Custom.exe
2013-01-21T20:30:43.712Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Shared Custom\Custom.exe
2013-01-21T20:31:30.926Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Shared Custom\Custom.exe
2013-01-22T12:24:32.001Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2013-01-22T12:24:35.106Z Version: Product 4.1.522.0 Service 4.1.522.0 Engine 1.1.9103.0 AS 1.143.376.0 AV 1.143.376.0
2013-01-23T09:09:06.422Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2013-01-23T09:09:10.542Z Version: Product 4.1.522.0 Service 4.1.522.0 Engine 1.1.9103.0 AS 1.143.427.0 AV 1.143.427.0
2013-01-24T15:44:27.000Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2013-01-24T15:44:30.369Z Version: Product 4.1.522.0 Service 4.1.522.0 Engine 1.1.9103.0 AS 1.143.427.0 AV 1.143.427.0
2013-01-24T15:57:10.492Z Version: Product 4.1.522.0 Service 4.1.522.0 Engine 1.1.9103.0 AS 1.143.723.0 AV 1.143.723.0
2013-01-24T19:26:46.923Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Public.exe
2013-01-24T19:27:06.248Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Public.exe
2013-01-24T19:27:30.408Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Public.exe
2013-01-24T19:28:18.272Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Public.exe
2013-01-24T19:28:34.908Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Public.exe
2013-01-24T19:29:08.786Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\AppData\AppData.exe
2013-01-24T19:30:08.658Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\AppData\AppData.exe
2013-01-24T19:30:59.701Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\AppData\AppData.exe
2013-01-24T19:31:37.436Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\AppData\AppData.exe
2013-01-24T19:31:54.339Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\AppData\AppData.exe
2013-01-24T19:32:35.920Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\AppData\Local\Local.exe
2013-01-24T19:33:09.516Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\AppData\Local\Local.exe
2013-01-24T19:33:26.336Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\AppData\Local\Local.exe
2013-01-24T19:33:50.864Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\AppData\Local\Local.exe
2013-01-24T19:34:17.352Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\AppData\Local\Local.exe
2013-01-24T19:34:54.873Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\AppData\Local\temp\temp.exe
2013-01-24T19:35:17.638Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\AppData\Local\temp\temp.exe
2013-01-24T19:35:43.523Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\AppData\Local\temp\temp.exe
2013-01-24T19:36:18.168Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\AppData\Local\temp\temp.exe
2013-01-24T19:36:49.723Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\AppData\Local\temp\temp.exe
2013-01-24T19:37:29.643Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Documents.exe
2013-01-24T19:38:10.053Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Documents.exe
2013-01-24T19:38:47.046Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Documents.exe
2013-01-24T19:39:30.498Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Documents.exe
2013-01-24T19:40:01.474Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Documents.exe
2013-01-24T19:40:42.313Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\microsoft\microsoft.exe
2013-01-24T19:42:01.518Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\microsoft\microsoft.exe
2013-01-24T19:43:26.557Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\microsoft\microsoft.exe
2013-01-24T19:43:43.312Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\microsoft\microsoft.exe
2013-01-24T19:44:28.421Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\microsoft\Any Video Converter Professional\Video Converter Professional.pif
2013-01-24T19:45:15.062Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\microsoft\Any Video Converter Professional\Video Converter Professional.pif
2013-01-24T19:45:37.648Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\microsoft\Any Video Converter Professional\Video Converter Professional.pif
2013-01-24T19:46:14.086Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\microsoft\Any Video Converter Professional\Video Converter Professional.pif
2013-01-24T19:46:28.708Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\microsoft\Any Video Converter Professional\Video Converter Professional.pif
2013-01-24T19:47:13.025Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\microsoft\Any Video Converter Professional\IPOD\IPOD.exe
2013-01-24T19:47:43.514Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\microsoft\Any Video Converter Professional\IPOD\IPOD.exe
2013-01-24T19:48:22.292Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\microsoft\Any Video Converter Professional\IPOD\IPOD.exe
2013-01-24T19:48:39.135Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\microsoft\Any Video Converter Professional\IPOD\IPOD.exe
2013-01-24T19:49:08.319Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\microsoft\Any Video Converter Professional\IPOD\IPOD.exe
2013-01-24T19:49:46.119Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\microsoft\IdentityCRL\IdentityCRL.pif
2013-01-24T19:50:06.862Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\microsoft\IdentityCRL\IdentityCRL.pif
2013-01-24T19:51:00.512Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\microsoft\IdentityCRL\IdentityCRL.pif
2013-01-24T19:51:33.253Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\microsoft\IdentityCRL\production\production.bat
2013-01-24T19:52:04.301Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\microsoft\IdentityCRL\production\production.bat
2013-01-24T19:52:19.189Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\microsoft\IdentityCRL\production\production.bat
2013-01-24T19:52:57.026Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\microsoft\IdentityCRL\production\production.bat
2013-01-24T19:53:14.410Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\microsoft\IdentityCRL\production\production.bat
2013-01-24T19:53:49.479Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Reallusion.bat
2013-01-24T19:54:09.726Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Reallusion.bat
2013-01-24T19:54:34.455Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Reallusion.bat
2013-01-24T19:54:57.589Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Reallusion.bat
2013-01-24T19:55:31.711Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Reallusion.bat
2013-01-24T19:56:00.861Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Custom\Custom.exe
2013-01-24T19:56:45.412Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Custom\Custom.exe
2013-01-24T19:57:00.757Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Custom\Custom.exe
2013-01-24T19:57:39.059Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Custom\Custom.exe
2013-01-24T19:57:53.944Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Custom\Custom.exe
2013-01-24T19:58:27.930Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Custom\CrazyTalk 4 Custom\4 Custom.exe
2013-01-24T19:59:02.751Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Custom\CrazyTalk 4 Custom\4 Custom.exe
2013-01-24T19:59:30.966Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Custom\CrazyTalk 4 Custom\4 Custom.exe
2013-01-24T19:59:49.680Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Custom\CrazyTalk 4 Custom\4 Custom.exe
2013-01-24T20:00:18.509Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Custom\CrazyTalk 4 Custom\4 Custom.exe
2013-01-24T20:01:05.861Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Custom\CrazyTalk 4 Custom\ComicEffect\ComicEffect.exe
2013-01-24T20:02:16.972Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Custom\CrazyTalk 4 Custom\ComicEffect\ComicEffect.exe
2013-01-24T20:02:52.951Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Custom\CrazyTalk 4 Custom\ComicEffect\ComicEffect.exe
2013-01-24T20:03:25.521Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Custom\CrazyTalk 4 Custom\ComicEffect\ComicEffect.exe
2013-01-24T20:04:20.722Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Custom\CrazyTalk 4 Custom\ComicEffect\ComicEffect.exe
2013-01-24T20:05:03.912Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Custom\CrazyTalk 4 Custom\Custom Expression\Expression.bat
2013-01-24T20:05:52.748Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Custom\CrazyTalk 4 Custom\Custom Expression\Expression.bat
2013-01-24T20:06:42.972Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Custom\CrazyTalk 4 Custom\Custom Expression\Expression.bat
2013-01-24T20:07:04.073Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Custom\CrazyTalk 4 Custom\Custom Expression\Expression.bat
2013-01-24T20:07:42.591Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Custom\CrazyTalk 4 Custom\Custom Expression\Expression.bat
2013-01-24T20:08:21.567Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Custom\CrazyTalk 4 Custom\Custom Model\Model.pif
2013-01-24T20:08:57.036Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Custom\CrazyTalk 4 Custom\Custom Model\Model.pif
2013-01-24T20:09:28.418Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Custom\CrazyTalk 4 Custom\Custom Model\Model.pif
2013-01-24T20:10:00.727Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Custom\CrazyTalk 4 Custom\Custom Model\Model.pif
2013-01-24T20:10:39.033Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Custom\CrazyTalk 4 Custom\Custom Model\Model.pif
2013-01-24T20:11:22.386Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Custom\CrazyTalk 4 Custom\Custom VoiceFilter\VoiceFilter.scr
2013-01-24T20:11:57.779Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Custom\CrazyTalk 4 Custom\Custom VoiceFilter\VoiceFilter.scr
2013-01-24T20:12:34.804Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Custom\CrazyTalk 4 Custom\Custom VoiceFilter\VoiceFilter.scr
2013-01-24T20:13:33.238Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Custom\CrazyTalk 4 Custom\Custom VoiceFilter\VoiceFilter.scr
2013-01-24T20:14:22.319Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Custom\CrazyTalk 4 Custom\Custom VoiceFilter\VoiceFilter.scr
2013-01-24T20:14:57.656Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Custom\CrazyTalk 4 Custom\Model\Model.pif
2013-01-24T20:15:36.041Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Custom\CrazyTalk 4 Custom\Model\Model.pif
2013-01-24T20:16:07.608Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Custom\CrazyTalk 4 Custom\Model\Model.pif
2013-01-24T20:18:07.777Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Custom\CrazyTalk 4 Custom\Model\Model.pif
2013-01-24T20:18:19.148Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Custom\CrazyTalk 4 Custom\Model\Model.pif
2013-01-24T20:19:05.646Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Custom\CrazyTalk 4 Custom\Model\New Folder\Folder.pif
2013-01-24T20:19:31.225Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Custom\CrazyTalk 4 Custom\Model\New Folder\Folder.pif
2013-01-24T20:19:51.295Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Custom\CrazyTalk 4 Custom\Model\New Folder\Folder.pif
2013-01-24T20:20:58.393Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Custom\CrazyTalk 4 Custom\VoiceFilter\VoiceFilter.scr
2013-01-24T20:22:12.402Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Custom\CrazyTalk 4 Custom\VoiceFilter\VoiceFilter.scr
2013-01-24T20:22:53.011Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Custom\CrazyTalk 4 Custom\VoiceFilter\VoiceFilter.scr
2013-01-24T20:24:19.874Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Custom\CrazyTalk 4 Custom\VoiceFilter\VoiceFilter.scr
2013-01-24T20:24:42.638Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Custom\CrazyTalk 4 Custom\VoiceFilter\VoiceFilter.scr
2013-01-24T20:25:30.560Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\OneNote Notebooks\Notebooks.pif
2013-01-24T20:26:02.866Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\OneNote Notebooks\Notebooks.pif
2013-01-24T20:26:46.121Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\OneNote Notebooks\Notebooks.pif
2013-01-24T20:27:15.121Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\OneNote Notebooks\Notebooks.pif
2013-01-24T20:27:56.715Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\OneNote Notebooks\Notebooks.pif
2013-01-24T20:28:38.697Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\OneNote Notebooks\OneNote 2007 Guide\2007 Guide.exe
2013-01-24T20:29:31.616Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\OneNote Notebooks\OneNote 2007 Guide\2007 Guide.exe
2013-01-24T20:30:06.647Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\OneNote Notebooks\OneNote 2007 Guide\2007 Guide.exe
2013-01-24T20:30:44.746Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\OneNote Notebooks\OneNote 2007 Guide\2007 Guide.exe
2013-01-24T20:31:04.057Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\OneNote Notebooks\OneNote 2007 Guide\2007 Guide.exe
2013-01-24T20:31:35.525Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\OneNote Notebooks\Personal Notebook\Notebook.exe
2013-01-24T20:31:54.547Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\OneNote Notebooks\Personal Notebook\Notebook.exe
2013-01-24T20:32:25.706Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\OneNote Notebooks\Personal Notebook\Notebook.exe
2013-01-24T20:33:07.010Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\OneNote Notebooks\Personal Notebook\Notebook.exe
2013-01-24T20:33:42.650Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\OneNote Notebooks\Personal Notebook\Notebook.exe
2013-01-24T20:34:24.779Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\OneNote Notebooks\Work Notebook\Notebook.exe
2013-01-24T20:34:57.187Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\OneNote Notebooks\Work Notebook\Notebook.exe
2013-01-24T20:35:29.232Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\OneNote Notebooks\Work Notebook\Notebook.exe
2013-01-24T20:35:51.062Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\OneNote Notebooks\Work Notebook\Notebook.exe
2013-01-24T20:36:25.313Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\OneNote Notebooks\Work Notebook\Notebook.exe
2013-01-24T20:37:03.669Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Shared Custom\Custom.exe
2013-01-24T20:37:43.091Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Shared Custom\Custom.exe
2013-01-24T20:38:19.426Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Shared Custom\Custom.exe
2013-01-24T20:38:31.835Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Shared Custom\Custom.exe
2013-01-24T20:39:34.504Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Shared Custom\CrazyTalk 4 Custom\4 Custom.exe
2013-01-24T20:41:57.598Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Shared Custom\CrazyTalk 4 Custom\Expression\Expression.bat
2013-01-24T20:45:05.295Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Documents\Reallusion\Shared Custom\CrazyTalk 4 Custom\Script\Script.pif
2013-01-24T20:47:47.078Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Downloads\Downloads.exe
2013-01-24T20:50:13.311Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Favorites\Favorites.bat
2013-01-24T20:53:07.736Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Libraries\Libraries.pif
2013-01-24T20:55:26.745Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Music\Music.scr
2013-01-24T20:57:23.859Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Music\Sample Music\Music.scr
2013-01-24T21:05:07.013Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Pictures\Pictures.exe
2013-01-24T21:12:09.205Z DETECTION Trojan:Win32/Killav.DR file:C:\Users\Public\Pictures\Sample Pictures\Pictures.exe
2013-01-24T21:56:27.897Z Service stopped with exit code 0x0
2013-01-25T09:21:19.578Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2013-01-25T09:21:22.714Z Version: Product 4.1.522.0 Service 4.1.522.0 Engine 1.1.9103.0 AS 1.143.723.0 AV 1.143.723.0
2013-01-25T14:24:51.421Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2013-01-25T14:24:54.400Z Version: Product 4.1.522.0 Service 4.1.522.0 Engine 1.1.9103.0 AS 1.143.723.0 AV 1.143.723.0
2013-01-25T21:37:07.128Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2013-01-25T21:37:08.245Z Version: Product 4.1.522.0 Service 4.1.522.0 Engine 1.1.9103.0 AS 1.143.723.0 AV 1.143.723.0
2013-01-26T12:48:35.112Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2013-01-26T12:48:38.761Z Version: Product 4.1.522.0 Service 4.1.522.0 Engine 1.1.9103.0 AS 1.143.856.0 AV 1.143.856.0
2013-01-26T16:32:47.630Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2013-01-26T16:32:52.920Z Version: Product 4.1.522.0 Service 4.1.522.0 Engine 1.1.9103.0 AS 1.143.856.0 AV 1.143.856.0
2013-01-27T13:17:06.802Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2013-01-27T13:17:11.253Z Version: Product 4.1.522.0 Service 4.1.522.0 Engine 1.1.9103.0 AS 1.143.856.0 AV 1.143.856.0
2013-01-27T14:50:29.892Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2013-01-27T14:50:33.056Z Version: Product 4.1.522.0 Service 4.1.522.0 Engine 1.1.9103.0 AS 1.143.856.0 AV 1.143.856.0
2013-01-27T21:04:59.740Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2013-01-27T21:05:05.382Z Version: Product 4.1.522.0 Service 4.1.522.0 Engine 1.1.9103.0 AS 1.143.948.0 AV 1.143.948.0
2013-01-28T23:21:05.862Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2013-01-28T23:21:10.646Z Version: Product 4.1.522.0 Service 4.1.522.0 Engine 1.1.9103.0 AS 1.143.948.0 AV 1.143.948.0
2013-01-29T09:25:29.528Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2013-01-29T09:25:35.538Z Version: Product 4.1.522.0 Service 4.1.522.0 Engine 1.1.9103.0 AS 1.143.1010.0 AV 1.143.1010.0
2013-01-29T21:56:21.065Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2013-01-29T21:56:24.513Z Version: Product 4.1.522.0 Service 4.1.522.0 Engine 1.1.9103.0 AS 1.143.1010.0 AV 1.143.1010.0
2013-01-30T09:17:48.034Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2013-01-30T09:17:52.734Z Version: Product 4.1.522.0 Service 4.1.522.0 Engine 1.1.9103.0 AS 1.143.1010.0 AV 1.143.1010.0
2013-01-30T17:11:25.784Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2013-01-30T17:11:29.999Z Version: Product 4.1.522.0 Service 4.1.522.0 Engine 1.1.9103.0 AS 1.143.1150.0 AV 1.143.1150.0
2013-01-31T07:08:17.831Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2013-01-31T07:08:22.378Z Version: Product 4.1.522.0 Service 4.1.522.0 Engine 1.1.9103.0 AS 1.143.1150.0 AV 1.143.1150.0
2013-01-31T16:52:36.922Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2013-01-31T16:52:40.530Z Version: Product 4.1.522.0 Service 4.1.522.0 Engine 1.1.9103.0 AS 1.143.1150.0 AV 1.143.1150.0
2013-02-01T12:26:27.315Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2013-02-01T12:26:31.677Z Version: Product 4.1.522.0 Service 4.1.522.0 Engine 1.1.9103.0 AS 1.143.1237.0 AV 1.143.1237.0
2013-02-01T23:45:55.783Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2013-02-01T23:46:00.782Z Version: Product 4.1.522.0 Service 4.1.522.0 Engine 1.1.9103.0 AS 1.143.1237.0 AV 1.143.1237.0
2013-02-02T13:53:08.753Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2013-02-02T13:53:13.730Z Version: Product 4.1.522.0 Service 4.1.522.0 Engine 1.1.9103.0 AS 1.143.1366.0 AV 1.143.1366.0
2013-02-03T07:20:44.140Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2013-02-03T07:20:48.376Z Version: Product 4.1.522.0 Service 4.1.522.0 Engine 1.1.9103.0 AS 1.143.1366.0 AV 1.143.1366.0
2013-02-03T12:38:41.067Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2013-02-03T12:38:44.882Z Version: Product 4.1.522.0 Service 4.1.522.0 Engine 1.1.9103.0 AS 1.143.1436.0 AV 1.143.1436.0
2013-02-03T17:55:05.722Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2013-02-03T17:55:10.022Z Version: Product 4.1.522.0 Service 4.1.522.0 Engine 1.1.9103.0 AS 1.143.1436.0 AV 1.143.1436.0
2013-02-03T19:44:13.564Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2013-02-03T19:44:16.748Z Version: Product 4.1.522.0 Service 4.1.522.0 Engine 1.1.9103.0 AS 1.143.1436.0 AV 1.143.1436.00 -
yeah the scan tells ya a lot, which is good for helping me remove malware. looks like you have a worm, this may not be fixable.
I'd recommend formatting if its a possibility. If not, do this, run combofix and post its log
http://www.bleepingcomputer.com/download/combofix/0 -
Ran the combofix,and the laptop rebooted and things have gone from bad to worse......when the laptop starts up get all these windows popping up about pathway not found....i cant even connect to the web(using a heap of **** laptop atm):mad:0
-
do you have the combofix log ?0
-
I managed to do a system restore on my main laptop(the one im using to type this)and im back up and running,i dont have the combofix log.
Only as i said it rebooted the laptop and when it started up i couldnt open anything from my desktop,i could'nt launch mozilla,open word documents,do anything without a error box popping up telling me ......no pathway found.0 -
Advertisement
-
Is MSE flagging any infection at the moment ?
Having any other problems with the machine ?0 -
No not,since the restore.....and the annoying pop up pathway windows have stopped also.....so maybe im in the clear?0
Advertisement