chillaxn

Members

View Profile See their activity

Posts
2
Joined
June 23, 2012
Last visited
June 23, 2012

Content Type

All Activity

Events

Profiles

Forums

Topics
Posts

Everything posted by chillaxn

Chillaxn{split}

chillaxn replied to chillaxn's topic in Resolved Malware Removal Logs

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 20-06-2012 01 Ran by SYSTEM at 23-06-2012 09:00:10 Running from F:\ Windows Vista Home Premium Service Pack 1 (X86) OS Language: English(US) The current controlset is ControlSet001 ========================== Registry (Whitelisted) ============= HKLM\...\Run: [] [x] HKLM\...\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [61440 2009-04-21] (Advanced Micro Devices, Inc.) HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [6965792 2009-03-12] (Realtek Semiconductor) HKLM\...\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1451304 2009-03-18] (Synaptics Incorporated) HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [468320 2009-03-06] (TOSHIBA Corporation) HKLM\...\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe [55160 2009-03-09] (TOSHIBA Corporation) HKLM\...\Run: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe [448376 2008-12-18] (TOSHIBA Corporation) HKLM\...\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [729088 2009-03-23] (TOSHIBA Corporation) HKLM\...\Run: [NDSTray.exe] "C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe" [299008 2009-05-12] (TOSHIBA CORPORATION) HKLM\...\Run: [cfFncEnabler.exe] "C:\Program Files\TOSHIBA\ConfigFree\cfFncEnabler.exe" [16384 2009-03-24] (Toshiba Corporation) HKLM\...\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r [1318912 2009-04-14] (TOSHIBA Corporation) HKLM\...\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe [1007616 2009-03-24] (TOSHIBA Corporation) HKLM\...\Run: [LELA] "C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" /minimized [131072 2008-05-01] (Linksys LLC - A Division of Cisco Systems) HKLM\...\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [648504 2008-04-08] (Pure Networks, Inc.) HKLM\...\Run: [TPCHWMsg] %ProgramFiles%\TOSHIBA\TPHM\TPCHWMsg.exe [570736 2009-04-09] (TOSHIBA Corporation) HKLM\...\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60 [1294712 2010-11-29] (TOSHIBA Corporation) HKLM\...\Run: [skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-03-12] (Realtek Semiconductor Corp.) HKLM\...\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide [2793304 2009-10-14] () HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.) HKLM\...\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] () HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.) HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-03-27] (Adobe Systems Incorporated) HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated) HKLM\...\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\Update\realsched.exe" -osboot [296056 2012-02-20] (RealNetworks, Inc.) HKLM\...\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation) HKLM\...\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.) HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.) HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-26] (Microsoft Corporation) HKU\chillaxn\...\Run: [EPSON NX110 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFBA.EXE /FU "C:\Windows\TEMP\E_S420E.tmp" /EF "HKCU" [199680 2008-09-25] (SEIKO EPSON CORPORATION) HKLM\...\Winlogon: [userinit] C:\Windows\system32\userinit.exe [25088 2008-01-20] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 Startup: C:\Users\chillaxn\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk ShortcutTarget: Epson all-in-one Registration.lnk -> (No File) Startup: C:\Users\chillaxn\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) ================================ Services (Whitelisted) ================== 2 AMD External Events Utility; C:\Windows\System32\atiesrxx.exe [176128 2009-04-21] (AMD) 2 ConfigFree Service; "C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe" [46448 2009-03-10] (TOSHIBA CORPORATION) 3 ehRecvr; C:\Windows\ehome\ehRecvr.exe [441856 2008-07-02] (Microsoft Corporation) 3 ehSched; C:\Windows\ehome\ehsched.exe [103424 2008-07-02] (Microsoft Corporation) 2 Eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [21504 2008-01-20] (Microsoft Corporation) 3 GamesAppService; "C:\Program Files\WildTangent Games\App\GamesAppService.exe" [206072 2010-10-12] (WildTangent, Inc.) 2 IBUpdaterService; "C:\ProgramData\IBUpdaterService\ibsvc.exe" /SERVICE [397848 2012-04-30] () 2 LVPrcSrv; "C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe" [154136 2009-10-06] (Logitech Inc.) 3 Microsoft SharePoint Workspace Audit Service; "C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" /auditservice [31125880 2011-06-12] (Microsoft Corporation) 2 nmservice; "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe" [648504 2008-04-08] (Pure Networks, Inc.) 3 osppsvc; "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE" [4640000 2010-01-09] (Microsoft Corporation) 2 RSELSVC; C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe /Service [57344 2009-02-19] (TOSHIBA Corporation) 2 TosCoSrv; "C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe" [464224 2009-03-06] (TOSHIBA Corporation) 2 TOSHIBA eco Utility Service; "C:\Program Files\TOSHIBA\TECO\TecoService.exe" [176128 2009-04-14] (TOSHIBA Corporation) 2 TOSHIBA HDD SSD Alert Service; "C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe" [73728 2009-03-17] (TOSHIBA Corporation) 2 TPCHSrv; "C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe" [656752 2009-04-09] (TOSHIBA Corporation) 2 LinksysUpdater; "C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe" -s "C:\Program Files\Linksys\Linksys Updater\conf\wrapper.conf" [x] 2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [x] 3 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [x] ========================== Drivers (Whitelisted) ============= 0 AtiPcie; C:\Windows\System32\DRIVERS\AtiPcie.sys [14352 2008-04-28] (ATI Technologies Inc.) 3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25752 2009-10-06] () 0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation) 3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [2687512 2009-04-30] (Logitech Inc.) 2 pnarp; C:\Windows\System32\DRIVERS\pnarp.sys [24888 2008-04-08] (Pure Networks, Inc.) 2 purendis; C:\Windows\System32\DRIVERS\purendis.sys [26424 2008-04-08] (Pure Networks, Inc.) 3 RTL8187Se; C:\Windows\System32\DRIVERS\RTL8187Se.sys [333824 2008-08-22] (Realtek Semiconductor Corporation ) 1 RtlProt; C:\Windows\System32\DRIVERS\rtlprot.sys [25896 2007-04-23] (Windows ® Codename Longhorn DDK provider) 3 sscdbus; C:\Windows\System32\DRIVERS\sscdbus.sys [58352 2005-08-17] (MCCI) 2 TVALZFL; C:\Windows\System32\DRIVERS\TVALZFL.sys [12920 2009-03-20] (TOSHIBA Corporation) 3 HTCAND32; C:\Windows\System32\Drivers\ANDROIDUSB.sys [x] 3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x] 3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x] 3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x] ========================== NetSvcs (Whitelisted) =========== ============ One Month Created Files and Folders ============== 2012-06-23 08:59 - 2012-06-23 08:59 - 00000000 ____D C:\FRST 2012-06-19 17:47 - 2012-06-19 17:48 - 00000000 ____D C:\Users\chillaxn\Desktop\New Folder (2) 2012-06-19 16:58 - 2012-06-19 16:58 - 00000000 ____D C:\Program Files\Microsoft Security Client 2012-06-18 20:27 - 2012-06-18 20:27 - 00000000 __SHD C:\Windows\System32\%APPDATA% 2012-06-15 12:36 - 2012-06-15 12:36 - 00001635 ____A C:\Users\Public\Desktop\iTunes.lnk 2012-06-15 12:34 - 2012-06-15 12:36 - 00000000 ____D C:\Program Files\iTunes 2012-06-15 12:34 - 2012-06-15 12:34 - 00000000 ____D C:\Program Files\iPod 2012-06-15 08:36 - 2012-06-18 20:36 - 00063247 ____A C:\Users\chillaxn\Desktop\2012BUDGETSUMMARYxlsx.xlsx 2012-06-15 08:36 - 2012-06-15 08:36 - 00060944 ____A C:\Users\chillaxn\Desktop\may2012BUDGETSUMMARYxlsx.xlsx 2012-06-13 20:14 - 2012-05-17 14:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-06-13 20:14 - 2012-05-17 14:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-06-13 20:14 - 2012-05-17 14:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-06-13 20:14 - 2012-05-17 14:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-06-13 20:14 - 2012-05-17 14:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-06-13 20:14 - 2012-05-17 14:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-06-13 20:14 - 2012-05-17 14:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-06-13 20:14 - 2012-05-17 14:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-06-13 20:14 - 2012-05-17 14:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-06-13 20:14 - 2012-05-17 14:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-06-13 20:14 - 2012-05-17 14:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-06-13 20:14 - 2012-05-17 14:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-06-13 20:13 - 2012-05-17 15:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-06-13 20:13 - 2012-05-17 14:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-06-13 20:11 - 2012-05-15 11:51 - 02045440 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-06-13 20:11 - 2012-05-01 06:03 - 00180736 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys 2012-06-13 20:11 - 2012-04-23 08:00 - 00984064 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2012-06-13 20:11 - 2012-04-23 08:00 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2012-06-13 20:11 - 2012-04-23 08:00 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2012-06-11 17:32 - 2012-06-11 17:32 - 00138784 ____A C:\Windows\Minidump\Mini061112-01.dmp ============ 3 Months Modified Files and Folders =============== 2012-06-23 08:59 - 2012-06-23 08:59 - 00000000 ____D C:\FRST 2012-06-23 04:46 - 2010-07-07 18:41 - 00279552 ____A (Microsoft Corporation) C:\Windows\System32\services.exe 2012-06-23 04:45 - 2008-01-20 18:47 - 00720236 ____A C:\Windows\PFRO.log 2012-06-23 04:45 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-06-23 04:45 - 2006-11-02 04:47 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2012-06-23 04:45 - 2006-11-02 04:47 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2012-06-20 18:28 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\spool 2012-06-20 18:28 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\Msdtc 2012-06-20 18:28 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\registration 2012-06-20 18:28 - 2006-11-02 02:22 - 54263808 ____A C:\Windows\System32\config\software_previous 2012-06-20 18:28 - 2006-11-02 02:22 - 20185088 ____A C:\Windows\System32\config\system_previous 2012-06-20 18:23 - 2006-11-02 02:22 - 40370176 ____A C:\Windows\System32\config\components_previous 2012-06-20 18:23 - 2006-11-02 02:22 - 00262144 ____A C:\Windows\System32\config\sam_previous 2012-06-20 14:40 - 2012-05-20 12:25 - 00000000 ____D C:\Users\chillaxn\Documents\Outlook Files 2012-06-20 14:40 - 2010-07-06 20:58 - 01217494 ____A C:\Windows\WindowsUpdate.log 2012-06-20 14:29 - 2010-07-06 19:12 - 00000000 ____D C:\users\chillaxn 2012-06-20 09:04 - 2006-11-02 02:22 - 00262144 ____A C:\Windows\System32\config\security_previous 2012-06-20 09:04 - 2006-11-02 02:22 - 00262144 ____A C:\Windows\System32\config\default_previous 2012-06-19 17:48 - 2012-06-19 17:47 - 00000000 ____D C:\Users\chillaxn\Desktop\New Folder (2) 2012-06-19 16:58 - 2012-06-19 16:58 - 00000000 ____D C:\Program Files\Microsoft Security Client 2012-06-19 16:58 - 2012-01-08 06:14 - 00001945 ____A C:\Windows\epplauncher.mif 2012-06-19 16:58 - 2006-11-02 02:33 - 00721940 ____A C:\Windows\System32\PerfStringBackup.INI 2012-06-18 20:37 - 2006-11-02 05:01 - 00032542 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2012-06-18 20:36 - 2012-06-15 08:36 - 00063247 ____A C:\Users\chillaxn\Desktop\2012BUDGETSUMMARYxlsx.xlsx 2012-06-18 20:27 - 2012-06-18 20:27 - 00000000 __SHD C:\Windows\System32\%APPDATA% 2012-06-18 20:15 - 2010-11-03 19:11 - 00000000 ____D C:\Users\chillaxn\AppData\Local\CrashDumps 2012-06-15 14:16 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\Microsoft.NET 2012-06-15 12:36 - 2012-06-15 12:36 - 00001635 ____A C:\Users\Public\Desktop\iTunes.lnk 2012-06-15 12:36 - 2012-06-15 12:34 - 00000000 ____D C:\Program Files\iTunes 2012-06-15 12:34 - 2012-06-15 12:34 - 00000000 ____D C:\Program Files\iPod 2012-06-15 12:34 - 2010-07-07 17:28 - 00000000 ____D C:\Program Files\Common Files\Apple 2012-06-15 08:36 - 2012-06-15 08:36 - 00060944 ____A C:\Users\chillaxn\Desktop\may2012BUDGETSUMMARYxlsx.xlsx 2012-06-14 18:59 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\rescache 2012-06-13 20:47 - 2006-11-02 04:47 - 00406360 ____A C:\Windows\System32\FNTCACHE.DAT 2012-06-13 20:32 - 2010-07-06 21:06 - 00000000 ____D C:\Users\All Users\Microsoft Help 2012-06-13 20:22 - 2006-11-02 02:24 - 56731752 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe 2012-06-11 17:32 - 2012-06-11 17:32 - 00138784 ____A C:\Windows\Minidump\Mini061112-01.dmp 2012-06-11 17:32 - 2010-08-14 03:41 - 00000000 ____D C:\Windows\Minidump 2012-06-11 17:31 - 2010-08-02 19:29 - 234835607 ____A C:\Windows\MEMORY.DMP 2012-06-02 18:16 - 2010-07-10 09:43 - 00000680 ____A C:\Users\chillaxn\AppData\Local\d3d9caps.dat 2012-05-21 15:24 - 2011-12-16 13:14 - 00000000 ____D C:\Users\All Users\Yahoo! 2012-05-21 15:24 - 2011-12-16 13:13 - 00000000 ____D C:\Program Files\Yahoo! 2012-05-21 15:22 - 2011-10-14 10:16 - 00000000 ____D C:\Program Files\Bonjour 2012-05-21 07:49 - 2006-11-02 02:23 - 00000219 ____A C:\Windows\win.ini 2012-05-20 12:36 - 2012-05-20 12:36 - 00000000 ____D C:\Users\chillaxn\Documents\OneNote Notebooks 2012-05-20 12:18 - 2010-07-06 19:14 - 00115752 ____A C:\Users\chillaxn\AppData\Local\GDIPFONTCACHEV1.DAT 2012-05-20 10:24 - 2006-11-02 03:18 - 00000000 ____D C:\Program Files\Common Files\microsoft shared 2012-05-20 10:23 - 2006-11-02 04:37 - 00000000 ____D C:\Windows\ShellNew 2012-05-20 10:11 - 2006-11-02 04:37 - 00000000 ____D C:\Program Files\MSBuild 2012-05-20 10:10 - 2012-05-20 10:10 - 00000000 ____D C:\Program Files\Microsoft Synchronization Services 2012-05-20 10:10 - 2012-05-20 10:10 - 00000000 ____D C:\Program Files\Common Files\DESIGNER 2012-05-20 10:09 - 2012-05-20 10:09 - 00000000 ____D C:\Windows\PCHEALTH 2012-05-20 10:09 - 2012-05-20 10:09 - 00000000 ____D C:\Program Files\Microsoft Sync Framework 2012-05-20 10:09 - 2012-05-20 10:09 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition 2012-05-20 10:09 - 2010-07-06 21:07 - 00000000 ____D C:\Program Files\Microsoft.NET 2012-05-20 10:09 - 2010-07-06 21:05 - 00000000 ____D C:\Program Files\Microsoft Office 2012-05-20 09:56 - 2012-05-20 09:56 - 00000000 ____D C:\Program Files\Microsoft Analysis Services 2012-05-18 17:49 - 2012-05-18 15:07 - 00000000 ____D C:\Users\chillaxn\Documents\office2010 2012-05-17 15:11 - 2012-06-13 20:13 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-05-17 14:48 - 2012-06-13 20:13 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-05-17 14:45 - 2012-06-13 20:14 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-05-17 14:36 - 2012-06-13 20:14 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-05-17 14:35 - 2012-06-13 20:14 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-05-17 14:35 - 2012-06-13 20:14 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-05-17 14:33 - 2012-06-13 20:14 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-05-17 14:31 - 2012-06-13 20:14 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-05-17 14:29 - 2012-06-13 20:14 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-05-17 14:29 - 2012-06-13 20:14 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-05-17 14:27 - 2012-06-13 20:14 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-05-17 14:25 - 2012-06-13 20:14 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-05-17 14:24 - 2012-06-13 20:14 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-05-17 14:20 - 2012-06-13 20:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-05-15 11:51 - 2012-06-13 20:11 - 02045440 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-05-13 18:44 - 2010-09-13 15:43 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2012-05-13 06:14 - 2006-11-02 04:37 - 00000000 ____D C:\Windows\System32\XPSViewer 2012-05-13 06:14 - 2006-11-02 04:37 - 00000000 ____D C:\Program Files\Windows Journal 2012-05-01 06:03 - 2012-06-13 20:11 - 00180736 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys 2012-04-23 08:00 - 2012-06-13 20:11 - 00984064 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2012-04-23 08:00 - 2012-06-13 20:11 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2012-04-23 08:00 - 2012-06-13 20:11 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2012-04-10 19:47 - 2012-01-17 19:04 - 00001858 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk 2012-04-10 09:32 - 2012-04-10 09:32 - 00012814 ____A C:\Users\chillaxn\Desktop\hs_err_pid3656.log 2012-04-07 17:51 - 2006-11-02 04:52 - 00044334 ____A C:\Windows\setupact.log 2012-04-03 00:16 - 2012-05-12 15:16 - 03602816 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe 2012-04-03 00:16 - 2012-05-12 15:16 - 03550080 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2012-04-01 12:00 - 2012-04-01 12:00 - 00000000 ____D C:\Users\chillaxn\AppData\Local\DDMSettings 2012-04-01 11:49 - 2011-11-20 18:16 - 00000000 ____D C:\Users\All Users\DivX 2012-04-01 11:48 - 2011-11-20 18:18 - 00000000 ____D C:\Program Files\DivX 2012-04-01 11:44 - 2012-04-01 11:43 - 00000000 ____D C:\Users\All Users\IBUpdaterService 2012-03-30 04:39 - 2012-05-12 15:16 - 00914304 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2012-03-29 05:39 - 2012-05-12 15:16 - 00031232 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys ZeroAccess: C:\Windows\Installer\{16cfd029-9738-d8a0-c61d-e3f2578ebd71} C:\Windows\Installer\{16cfd029-9738-d8a0-c61d-e3f2578ebd71}\@ C:\Windows\Installer\{16cfd029-9738-d8a0-c61d-e3f2578ebd71}\L C:\Windows\Installer\{16cfd029-9738-d8a0-c61d-e3f2578ebd71}\n C:\Windows\Installer\{16cfd029-9738-d8a0-c61d-e3f2578ebd71}\U C:\Windows\Installer\{16cfd029-9738-d8a0-c61d-e3f2578ebd71}\L\00000004.@ C:\Windows\Installer\{16cfd029-9738-d8a0-c61d-e3f2578ebd71}\L\1afb2d56 C:\Windows\Installer\{16cfd029-9738-d8a0-c61d-e3f2578ebd71}\L\201d3dde C:\Windows\Installer\{16cfd029-9738-d8a0-c61d-e3f2578ebd71}\U\00000004.@ ========================= Known DLLs (Whitelisted) ============ ========================= Bamital & volsnap Check ============ C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe 8737764F4FD36D6808EE80578409C843 ZeroAccess <==== ATTENTION!. C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ========================= Memory info ====================== Percentage of memory in use: 14% Total physical RAM: 2813.07 MB Available physical RAM: 2412.41 MB Total Pagefile: 2612.91 MB Available Pagefile: 2473.79 MB Total Virtual: 2047.88 MB Available Virtual: 1974.31 MB ======================= Partitions ========================= 1 Drive c: (TI100760V0G) (Fixed) (Total:222.67 GB) (Free:100.29 GB) NTFS ==>[Drive with boot components (obtained from BCD)] 3 Drive e: (TOSHIBA SYSTEM VOLUME) (Fixed) (Total:1.46 GB) (Free:1.32 GB) NTFS 4 Drive f: (FreeAgent Drive) (Fixed) (Total:465.76 GB) (Free:456.64 GB) NTFS 5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ---------- ------- ------- --- --- Disk 0 Online 233 GB 0 B Disk 1 Online 466 GB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 OEM 1500 MB 1024 KB Partition 2 Primary 223 GB 1501 MB Partition 3 Primary 9 GB 224 GB ====================================================================================================== Disk: 0 Partition 1 Type : 27 Hidden: Yes Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 E TOSHIBA SYS NTFS Partition 1500 MB Healthy Hidden ====================================================================================================== Disk: 0 Partition 2 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 C TI100760V0G NTFS Partition 223 GB Healthy ====================================================================================================== Disk: 0 Partition 3 Type : 17 (Suspicious Type) Hidden: Yes Active: No There is no volume associated with this partition. ====================================================================================================== Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 466 GB 32 KB ====================================================================================================== Disk: 1 Partition 1 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 F FreeAgent D NTFS Partition 466 GB Healthy ====================================================================================================== ========================================================== Last Boot: 2012-06-20 14:36 ======================= End Of Log ==========================
- June 23, 2012
- 5 replies
Chillaxn{split}

chillaxn posted a topic in Resolved Malware Removal Logs

Hello, I have the same exact problem but I will say that I have no intensions of saving this laptop as is, I want to do a complete reformat however there are some important documents I need off this computer as well as college work, and family photos, is there a way to back up those specific files without booting into windows. Seems there is no way possible to save anything to external after it boots because of the 60 second opportunity before it shuts down again. Can you please provide me with guidance considering this. Thank You so much in advance.
- June 23, 2012
- 5 replies

Sign In

chillaxn

Posts

Joined

Last visited

Content Type

Events

Profiles

Forums

Everything posted by chillaxn

Chillaxn{split}

Chillaxn{split}

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information