heybabyzr0

Honorary Members

View Profile See their activity

Posts
63
Joined
November 24, 2010
Last visited
December 9, 2012

Content Type

All Activity

Events

Profiles

Forums

Topics
Posts

Everything posted by heybabyzr0

Can't cure infection

heybabyzr0 replied to heybabyzr0's topic in Resolved Malware Removal Logs

So far so good. Before I posted in this forum, I ran Malwarebytes twice in safe mode to remove some sort of malware. In between Malwarebytes scans, I ran my antivirus. Since the second Malwarebytes scan showed the same infection I felt I needed help to remove it. As of now, The computer runs smoothly. I have noticed that Outlook has changed the way it looks when I open that program. I rarely use outlook.
- March 22, 2011
- 12 replies
Can't cure infection

heybabyzr0 replied to heybabyzr0's topic in Resolved Malware Removal Logs

DDS will still not run. It freezes up my computer.
- March 22, 2011
- 12 replies
Can't cure infection

heybabyzr0 replied to heybabyzr0's topic in Resolved Malware Removal Logs

I was able to run Malwarebytes in normal mode without any problems this time. This is the log. Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6107 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 3/22/2011 3:44:06 AM mbam-log-2011-03-22 (03-44-06).txt Scan type: Full scan (C:\|) Objects scanned: 305395 Time elapsed: 2 hour(s), 11 minute(s), 16 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
- March 22, 2011
- 12 replies
Can't cure infection

heybabyzr0 replied to heybabyzr0's topic in Resolved Malware Removal Logs

Here is a copy of the TDSSKiller log. At the moment, the computer is behaving normally. 2011/03/21 14:35:29.0593 1904 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28 2011/03/21 14:35:29.0875 1904 ================================================================================ 2011/03/21 14:35:29.0875 1904 SystemInfo: 2011/03/21 14:35:29.0875 1904 2011/03/21 14:35:29.0875 1904 OS Version: 5.1.2600 ServicePack: 3.0 2011/03/21 14:35:29.0875 1904 Product type: Workstation 2011/03/21 14:35:29.0875 1904 ComputerName: TOSHIBA-USER 2011/03/21 14:35:29.0875 1904 UserName: Just 2011/03/21 14:35:29.0875 1904 Windows directory: C:\WINDOWS 2011/03/21 14:35:29.0875 1904 System windows directory: C:\WINDOWS 2011/03/21 14:35:29.0875 1904 Processor architecture: Intel x86 2011/03/21 14:35:29.0875 1904 Number of processors: 2 2011/03/21 14:35:29.0875 1904 Page size: 0x1000 2011/03/21 14:35:29.0875 1904 Boot type: Normal boot 2011/03/21 14:35:29.0875 1904 ================================================================================ 2011/03/21 14:35:30.0609 1904 Initialize success 2011/03/21 14:35:33.0796 2476 ================================================================================ 2011/03/21 14:35:33.0796 2476 Scan started 2011/03/21 14:35:33.0796 2476 Mode: Manual; 2011/03/21 14:35:33.0796 2476 ================================================================================ 2011/03/21 14:35:35.0109 2476 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/03/21 14:35:35.0171 2476 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys 2011/03/21 14:35:35.0265 2476 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\WINDOWS\system32\drivers\adfs.sys 2011/03/21 14:35:35.0468 2476 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2011/03/21 14:35:35.0546 2476 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys 2011/03/21 14:35:35.0687 2476 AgereSoftModem (052343cd49c8da20c48958cfe73c7d44) C:\WINDOWS\system32\DRIVERS\AGRSM.sys 2011/03/21 14:35:35.0953 2476 ALCXSENS (fbbcb95f677cbaa924140b6ea2d9a97b) C:\WINDOWS\system32\drivers\ALCXSENS.SYS 2011/03/21 14:35:36.0281 2476 ALCXWDM (dd8520280304b6145a6be31008748c7c) C:\WINDOWS\system32\drivers\ALCXWDM.SYS 2011/03/21 14:35:36.0578 2476 ApfiltrService (3ed81e8b4709d13e5a38db2d8e792b28) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys 2011/03/21 14:35:36.0671 2476 AR5211 (b38fbcd95b8e4c130cf78a1df7f04523) C:\WINDOWS\system32\DRIVERS\ar5211.sys 2011/03/21 14:35:36.0750 2476 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 2011/03/21 14:35:36.0968 2476 Aspi32 (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\Aspi32.sys 2011/03/21 14:35:37.0015 2476 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/03/21 14:35:37.0078 2476 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2011/03/21 14:35:37.0218 2476 ati2mtag (4938ad74de9088f70922fabf86912eee) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 2011/03/21 14:35:37.0546 2476 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/03/21 14:35:37.0828 2476 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/03/21 14:35:38.0015 2476 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/03/21 14:35:38.0093 2476 caboagp (10d5fb74ee18ea49c30daaa203c0e0ec) C:\WINDOWS\system32\DRIVERS\atisgkaf.sys 2011/03/21 14:35:38.0250 2476 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/03/21 14:35:38.0328 2476 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 2011/03/21 14:35:38.0437 2476 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/03/21 14:35:38.0484 2476 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/03/21 14:35:38.0640 2476 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/03/21 14:35:38.0750 2476 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys 2011/03/21 14:35:38.0843 2476 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys 2011/03/21 14:35:39.0015 2476 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/03/21 14:35:39.0109 2476 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 2011/03/21 14:35:39.0218 2476 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 2011/03/21 14:35:39.0296 2476 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/03/21 14:35:39.0390 2476 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2011/03/21 14:35:39.0484 2476 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/03/21 14:35:39.0546 2476 drvmcdb (19f07389ade563b46e99626fd675070d) C:\WINDOWS\system32\drivers\drvmcdb.sys 2011/03/21 14:35:39.0593 2476 drvnddm (0ffe2f06e9103a4fbd5e6418ca044d1c) C:\WINDOWS\system32\drivers\drvnddm.sys 2011/03/21 14:35:39.0687 2476 ECioctl (5dd48ec0d82b708857eedd5a59be5bc5) C:\WINDOWS\system32\Drivers\ECioctl.sys 2011/03/21 14:35:39.0859 2476 EMSCR (a1ccdcb2e1eb8a6c3af879463ba2be89) C:\WINDOWS\system32\DRIVERS\EMS7SK.sys 2011/03/21 14:35:39.0953 2476 EPOWER (0b07768ae046f9ed6a75e5bc75660828) C:\WINDOWS\system32\Drivers\hkdrv.sys 2011/03/21 14:35:40.0125 2476 ESDCR (ec2a61fabd6f311d2a8596c280efba6f) C:\WINDOWS\system32\DRIVERS\ESD7SK.sys 2011/03/21 14:35:40.0187 2476 ESMCR (328c7b07f4be4826d33b826396305686) C:\WINDOWS\system32\DRIVERS\ESM7SK.sys 2011/03/21 14:35:40.0328 2476 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/03/21 14:35:40.0406 2476 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys 2011/03/21 14:35:40.0437 2476 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 2011/03/21 14:35:40.0484 2476 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 2011/03/21 14:35:40.0562 2476 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 2011/03/21 14:35:40.0671 2476 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/03/21 14:35:40.0734 2476 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/03/21 14:35:40.0781 2476 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/03/21 14:35:40.0843 2476 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2011/03/21 14:35:40.0968 2476 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys 2011/03/21 14:35:41.0031 2476 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 2011/03/21 14:35:41.0156 2476 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys 2011/03/21 14:35:41.0265 2476 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/03/21 14:35:41.0406 2476 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/03/21 14:35:41.0453 2476 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/03/21 14:35:41.0593 2476 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2011/03/21 14:35:41.0640 2476 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 2011/03/21 14:35:41.0828 2476 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/03/21 14:35:41.0890 2476 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/03/21 14:35:41.0984 2476 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/03/21 14:35:42.0031 2476 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/03/21 14:35:42.0078 2476 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys 2011/03/21 14:35:42.0125 2476 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/03/21 14:35:42.0218 2476 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/03/21 14:35:42.0281 2476 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/03/21 14:35:42.0343 2476 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2011/03/21 14:35:42.0468 2476 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/03/21 14:35:42.0593 2476 MDC8021X (d7010580bf4e45d5e793a1fe75758c69) C:\WINDOWS\system32\DRIVERS\mdc8021x.sys 2011/03/21 14:35:42.0718 2476 meiudf (766a1d242f4390ddf1243084898a20c9) C:\WINDOWS\system32\Drivers\meiudf.sys 2011/03/21 14:35:42.0781 2476 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/03/21 14:35:42.0875 2476 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 2011/03/21 14:35:42.0921 2476 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/03/21 14:35:42.0968 2476 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2011/03/21 14:35:43.0000 2476 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/03/21 14:35:43.0078 2476 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\WINDOWS\system32\DRIVERS\MpFilter.sys 2011/03/21 14:35:43.0406 2476 MpKsl7e449913 (5f53edfead46fa7adb78eee9ecce8fdf) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2079AB41-124B-4FB9-85F3-A8F9BD6B9951}\MpKsl7e449913.sys 2011/03/21 14:35:43.0500 2476 MpKsl98f67897 (5f53edfead46fa7adb78eee9ecce8fdf) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2079AB41-124B-4FB9-85F3-A8F9BD6B9951}\MpKsl98f67897.sys 2011/03/21 14:35:43.0796 2476 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS 2011/03/21 14:35:43.0875 2476 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS 2011/03/21 14:35:43.0968 2476 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/03/21 14:35:44.0046 2476 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/03/21 14:35:44.0125 2476 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2011/03/21 14:35:44.0187 2476 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/03/21 14:35:44.0250 2476 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/03/21 14:35:44.0296 2476 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/03/21 14:35:44.0359 2476 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/03/21 14:35:44.0437 2476 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 2011/03/21 14:35:44.0484 2476 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 2011/03/21 14:35:44.0546 2476 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 2011/03/21 14:35:44.0625 2476 NCHSSVAD (e78ce4b8e70ccc1a6e63008c3660867c) C:\WINDOWS\system32\drivers\nchssvad.sys 2011/03/21 14:35:44.0750 2476 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2011/03/21 14:35:44.0812 2476 ndiscm (b797ee2ef919c95561dee78b72b33e5b) C:\WINDOWS\system32\DRIVERS\NetMotCM.sys 2011/03/21 14:35:44.0921 2476 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 2011/03/21 14:35:44.0984 2476 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/03/21 14:35:45.0015 2476 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/03/21 14:35:45.0078 2476 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/03/21 14:35:45.0140 2476 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/03/21 14:35:45.0187 2476 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/03/21 14:35:45.0234 2476 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/03/21 14:35:45.0328 2476 Netdevio (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys 2011/03/21 14:35:45.0421 2476 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 2011/03/21 14:35:45.0578 2476 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2011/03/21 14:35:45.0656 2476 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/03/21 14:35:45.0750 2476 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys 2011/03/21 14:35:45.0796 2476 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/03/21 14:35:45.0859 2476 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/03/21 14:35:45.0921 2476 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/03/21 14:35:46.0000 2476 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 2011/03/21 14:35:46.0062 2476 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 2011/03/21 14:35:46.0093 2476 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/03/21 14:35:46.0171 2476 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/03/21 14:35:46.0203 2476 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/03/21 14:35:46.0296 2476 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 2011/03/21 14:35:46.0437 2476 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys 2011/03/21 14:35:46.0843 2476 pfc (ed2e7f396b4098608c95bc3806bdf6fc) C:\WINDOWS\system32\drivers\pfc.sys 2011/03/21 14:35:46.0984 2476 Point32 (dcdf0421a1c14f2923e298a30fd7636d) C:\WINDOWS\system32\DRIVERS\point32.sys 2011/03/21 14:35:47.0078 2476 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/03/21 14:35:47.0109 2476 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys 2011/03/21 14:35:47.0156 2476 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2011/03/21 14:35:47.0218 2476 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/03/21 14:35:47.0421 2476 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/03/21 14:35:47.0500 2476 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys 2011/03/21 14:35:47.0562 2476 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/03/21 14:35:47.0593 2476 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/03/21 14:35:47.0671 2476 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/03/21 14:35:47.0781 2476 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/03/21 14:35:47.0859 2476 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/03/21 14:35:47.0937 2476 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/03/21 14:35:47.0968 2476 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/03/21 14:35:48.0093 2476 RsFx0102 (fedd2710b75be3ecf078adace790c423) C:\WINDOWS\system32\DRIVERS\RsFx0102.sys 2011/03/21 14:35:48.0156 2476 RTL8023 (29f9879a1fd386f7251ae9fdadb2cbf1) C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys 2011/03/21 14:35:48.0234 2476 RTL8023xp (cf84b1f0e8b14d4120aaf9cf35cbb265) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys 2011/03/21 14:35:48.0312 2476 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS 2011/03/21 14:35:48.0562 2476 SASDIFSV (bfbc4be8d6ac6d33ad93f3f5f2e11499) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 2011/03/21 14:35:48.0718 2476 SASENUM (e9c2d75c748c3f0a4c34d6cf2ae1d754) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS 2011/03/21 14:35:48.0765 2476 SASKUTIL (4731a1b8a79b19cad8e2cfdc7b7d82d4) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys 2011/03/21 14:35:49.0000 2476 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/03/21 14:35:49.0140 2476 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys 2011/03/21 14:35:49.0234 2476 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys 2011/03/21 14:35:49.0375 2476 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 2011/03/21 14:35:49.0468 2476 SMCIRDA (707647a1aa0edb6cbef61b0c75c28ed3) C:\WINDOWS\system32\DRIVERS\smcirda.sys 2011/03/21 14:35:49.0562 2476 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2011/03/21 14:35:49.0640 2476 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/03/21 14:35:49.0703 2476 SRS_SSCFilter (53ff9a8b3748399f143d7572b7888dd7) C:\WINDOWS\system32\drivers\srs_sscfilter_i386.sys 2011/03/21 14:35:49.0812 2476 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/03/21 14:35:49.0890 2476 SrvcEKIOMngr (2024a857cc3351662655ee32b60254a1) C:\WINDOWS\system32\Drivers\EKIoMngr.sys 2011/03/21 14:35:50.0015 2476 SrvcEPIOMngr (ddac6148d760d3854cae2409d4046d07) C:\WINDOWS\system32\Drivers\EPIoMngr.sys 2011/03/21 14:35:50.0078 2476 SrvcSSIOMngr (bb30a993e1cd2c74b9160b82f95aa3ea) C:\WINDOWS\system32\Drivers\SSIoMngr.sys 2011/03/21 14:35:50.0156 2476 SrvcTPIOMngr (0c2fe008042012cd24fcdcedc7ec8832) C:\WINDOWS\system32\Drivers\TPIoMngr.sys 2011/03/21 14:35:50.0234 2476 sscdbhk5 (7c0c9bdca2d351ff3b4f9b69f99aa995) C:\WINDOWS\system32\drivers\sscdbhk5.sys 2011/03/21 14:35:50.0312 2476 SSKBFD (a2be8fbfa987e95d70cfed0e2dacda6d) C:\WINDOWS\system32\Drivers\sskbfd.sys 2011/03/21 14:35:50.0375 2476 ssrtln (31726706d54894d5059f7471111a87bb) C:\WINDOWS\system32\drivers\ssrtln.sys 2011/03/21 14:35:50.0453 2476 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 2011/03/21 14:35:50.0515 2476 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/03/21 14:35:50.0562 2476 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2011/03/21 14:35:50.0718 2476 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\system32\drivers\symlcbrd.sys 2011/03/21 14:35:50.0828 2476 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/03/21 14:35:50.0921 2476 TBiosDrv (eeca2b57545e7b7be949b5e70e31444f) C:\WINDOWS\System32\drivers\TBiosDrv.sys 2011/03/21 14:35:51.0015 2476 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/03/21 14:35:51.0140 2476 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/03/21 14:35:51.0171 2476 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/03/21 14:35:51.0203 2476 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/03/21 14:35:51.0312 2476 tfsnboio (e269d9fedfc0f56a247cad1a63796520) C:\WINDOWS\system32\dla\tfsnboio.sys 2011/03/21 14:35:51.0437 2476 tfsncofs (3c1e664efe8a77a39bd6c75d5a528f71) C:\WINDOWS\system32\dla\tfsncofs.sys 2011/03/21 14:35:51.0484 2476 tfsndrct (d31218ff783e87796ff6fc08947b7b1a) C:\WINDOWS\system32\dla\tfsndrct.sys 2011/03/21 14:35:51.0546 2476 tfsndres (2c6bb69577142532ca2d500eb9f13d33) C:\WINDOWS\system32\dla\tfsndres.sys 2011/03/21 14:35:51.0609 2476 tfsnifs (e426978f51af4a6a35570eced8d1e1f3) C:\WINDOWS\system32\dla\tfsnifs.sys 2011/03/21 14:35:51.0671 2476 tfsnopio (38c8e56fa7e82c977507c1fdcbf3a294) C:\WINDOWS\system32\dla\tfsnopio.sys 2011/03/21 14:35:51.0718 2476 tfsnpool (ae9e9bf9bde115d1b343a2e520450b4e) C:\WINDOWS\system32\dla\tfsnpool.sys 2011/03/21 14:35:51.0765 2476 tfsnudf (1cd2d88dd844d77e7b3da0cef4108ea1) C:\WINDOWS\system32\dla\tfsnudf.sys 2011/03/21 14:35:51.0843 2476 tfsnudfa (d992c38ec8e99729c02179932d16a700) C:\WINDOWS\system32\dla\tfsnudfa.sys 2011/03/21 14:35:52.0000 2476 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2011/03/21 14:35:52.0109 2476 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2011/03/21 14:35:52.0234 2476 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2011/03/21 14:35:52.0281 2476 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/03/21 14:35:52.0343 2476 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/03/21 14:35:52.0375 2476 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys 2011/03/21 14:35:52.0406 2476 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2011/03/21 14:35:52.0515 2476 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2011/03/21 14:35:52.0578 2476 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/03/21 14:35:52.0640 2476 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2011/03/21 14:35:52.0703 2476 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2011/03/21 14:35:52.0843 2476 viamraid (00046aa2e396edc2238556e740a8e5af) C:\WINDOWS\system32\DRIVERS\viamraid.sys 2011/03/21 14:35:52.0906 2476 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/03/21 14:35:52.0968 2476 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/03/21 14:35:53.0109 2476 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 2011/03/21 14:35:53.0250 2476 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/03/21 14:35:53.0468 2476 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 2011/03/21 14:35:53.0562 2476 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 2011/03/21 14:35:53.0640 2476 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 2011/03/21 14:35:53.0906 2476 ================================================================================ 2011/03/21 14:35:53.0906 2476 Scan finished 2011/03/21 14:35:53.0906 2476 ================================================================================ 2011/03/21 14:36:07.0000 2940 Deinitialize success
- March 21, 2011
- 12 replies
Can't cure infection

heybabyzr0 posted a topic in Resolved Malware Removal Logs

I can not cure this infection. I have used an AV program. Malwarebytes will only run in safe mode. I get occasional popups saying that Google installer must close. The computer is running slower. I have run Malwarebytes in safe mode and generated a log. I have run GMER in normal mode and generated a log. DDS freezes up in both safe and normal modes. I have attached the Malwarebytes and GMER log. Any help is greatly welcome. mbam-log-2011-03-21 (00-23-02).zip
- March 21, 2011
- 12 replies
rootkit virus returned

heybabyzr0 replied to heybabyzr0's topic in Resolved Malware Removal Logs

When I tried again I got a message saying that the update failed. This occurred while downloading a virus definitions update.
- December 17, 2010
- 26 replies
rootkit virus returned

heybabyzr0 replied to heybabyzr0's topic in Resolved Malware Removal Logs

I am having a problem getting Kaspersky Web Scanner to run. After downloading updates for quite a while I get a message saying Kaspersky requires an uninterpreted internet connection to run. It then says to reload the page. After trying again I got the same message. As far as I know, the internet connection is working just fine. Unless you advise me otherwise, I will try again in my morning time about 10 hours from the time I post this.
- December 16, 2010
- 26 replies
rootkit virus returned

heybabyzr0 replied to heybabyzr0's topic in Resolved Malware Removal Logs

This is the EST log: ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6415 # api_version=3.0.2 # EOSSerial=7a822584464f0d48b718d61b8b22062c # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2010-12-15 02:52:49 # local_time=2010-12-14 08:52:49 (-0600, Central Standard Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 0 0 0 0 # compatibility_mode=4864 16777215 100 0 0 0 0 0 # compatibility_mode=6143 16777215 0 0 0 0 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=81670 # found=1 # cleaned=1 # scan_time=4943 C:\MGtools\Process.exe Win32/PrcView application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
- December 15, 2010
- 26 replies
rootkit virus returned

heybabyzr0 replied to heybabyzr0's topic in Resolved Malware Removal Logs

This is the log from MBAM: Malwarebytes' Anti-Malware 1.50 www.malwarebytes.org Database version: 5310 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 12/14/2010 3:30:15 AM mbam-log-2010-12-14 (03-30-15).txt Scan type: Quick scan Objects scanned: 171720 Time elapsed: 8 minute(s), 34 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
- December 14, 2010
- 26 replies
rootkit virus returned

heybabyzr0 replied to heybabyzr0's topic in Resolved Malware Removal Logs

I ran combo-fix in normal windows and in safe mode with networking. The program froze with out scanning in both settings. No scan, no report.
- December 14, 2010
- 26 replies
rootkit virus returned

heybabyzr0 replied to heybabyzr0's topic in Resolved Malware Removal Logs

I ran OTL according to your instructions. Here is the log: All processes killed ========== OTL ========== ADS C:\Documents and Settings\All Users\Application Data\TEMP:0AC32449 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:1AE68282 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:FB669950 deleted successfully. ========== FILES ========== C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job moved successfully. C:\WINDOWS\tasks\At1.job moved successfully. C:\WINDOWS\tasks\At10.job moved successfully. C:\WINDOWS\tasks\At11.job moved successfully. C:\WINDOWS\tasks\At12.job moved successfully. C:\WINDOWS\tasks\At13.job moved successfully. C:\WINDOWS\tasks\At14.job moved successfully. C:\WINDOWS\tasks\At15.job moved successfully. C:\WINDOWS\tasks\At16.job moved successfully. C:\WINDOWS\tasks\At17.job moved successfully. C:\WINDOWS\tasks\At18.job moved successfully. C:\WINDOWS\tasks\At19.job moved successfully. C:\WINDOWS\tasks\At2.job moved successfully. C:\WINDOWS\tasks\At20.job moved successfully. C:\WINDOWS\tasks\At21.job moved successfully. C:\WINDOWS\tasks\At22.job moved successfully. C:\WINDOWS\tasks\At23.job moved successfully. C:\WINDOWS\tasks\At24.job moved successfully. C:\WINDOWS\tasks\At3.job moved successfully. C:\WINDOWS\tasks\At4.job moved successfully. C:\WINDOWS\tasks\At5.job moved successfully. C:\WINDOWS\tasks\At6.job moved successfully. C:\WINDOWS\tasks\At7.job moved successfully. C:\WINDOWS\tasks\At8.job moved successfully. C:\WINDOWS\tasks\At9.job moved successfully. C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cab7301604fabe.job moved successfully. C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA1cab73016a97d00.job moved successfully. C:\WINDOWS\tasks\MP Scheduled Scan.job moved successfully. C:\WINDOWS\tasks\User_Feed_Synchronization-{53C00C9D-9D70-4766-8777-95028C0755FB}.job moved successfully. C:\WINDOWS\tasks\zuluSevenDaysInit.job moved successfully. C:\WINDOWS\tasks\zuluShakeIcon.job moved successfully. C:\WINDOWS\System32\12543.js moved successfully. C:\Program Files\1002201019432145.bat moved successfully. C:\Documents and Settings\All Users\Application Data\Viewpoint folder moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 56502 bytes User: Just ->Temp folder emptied: 32875901 bytes ->Temporary Internet Files folder emptied: 65402981 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 101319444 bytes ->Flash cache emptied: 110189 bytes User: Justin ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: LocalService ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 68105528 bytes ->Flash cache emptied: 5334 bytes User: NetworkService ->Temp folder emptied: 144268 bytes ->Temporary Internet Files folder emptied: 65122386 bytes ->Flash cache emptied: 21756 bytes User: Owner User: spooky %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 728733 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 318.00 mb OTL by OldTimer - Version 3.2.17.3 log created on 12142010_010056 Files\Folders moved on Reboot... Registry entries deleted on Reboot...
- December 14, 2010
- 26 replies
rootkit virus returned

heybabyzr0 replied to heybabyzr0's topic in Resolved Malware Removal Logs

These are the results from VirusTotal: File name: ECioctl.dll Submission date: 2010-12-14 00:29:45 (UTC) Current status: queued (#5) queued analysing finished Result: 0/ 43 (0.0%) VT Community not reviewed Safety score: - Compact Print results Antivirus Version Last Update Result AhnLab-V3 2010.12.13.01 2010.12.12 - AntiVir 7.10.15.15 2010.12.13 - Antiy-AVL 2.0.3.7 2010.12.13 - Avast 4.8.1351.0 2010.12.13 - Avast5 5.0.677.0 2010.12.13 - AVG 9.0.0.851 2010.12.13 - BitDefender 7.2 2010.12.14 - CAT-QuickHeal 11.00 2010.12.13 - ClamAV 0.96.4.0 2010.12.14 - Command 5.2.11.5 2010.12.13 - Comodo 7052 2010.12.13 - DrWeb 5.0.2.03300 2010.12.14 - Emsisoft 5.1.0.1 2010.12.13 - eSafe 7.0.17.0 2010.12.13 - eTrust-Vet 36.1.8038 2010.12.13 - F-Prot 4.6.2.117 2010.12.13 - F-Secure 9.0.16160.0 2010.12.13 - Fortinet 4.2.254.0 2010.12.13 - GData 21 2010.12.14 - Ikarus T3.1.1.90.0 2010.12.13 - Jiangmin 13.0.900 2010.12.13 - K7AntiVirus 9.72.3235 2010.12.13 - Kaspersky 7.0.0.125 2010.12.13 - McAfee 5.400.0.1158 2010.12.14 - McAfee-GW-Edition 2010.1C 2010.12.13 - Microsoft 1.6402 2010.12.13 - NOD32 5700 2010.12.13 - Norman 6.06.12 2010.12.13 - nProtect 2010-12-13.01 2010.12.13 - Panda 10.0.2.7 2010.12.13 - PCTools 7.0.3.5 2010.12.13 - Prevx 3.0 2010.12.14 - Rising 22.77.06.03 2010.12.13 - Sophos 4.60.0 2010.12.14 - SUPERAntiSpyware 4.40.0.1006 2010.12.14 - Symantec 20101.3.0.103 2010.12.13 - TheHacker 6.7.0.1.099 2010.12.13 - TrendMicro 9.120.0.1004 2010.12.13 - TrendMicro-HouseCall 9.120.0.1004 2010.12.14 - VBA32 3.12.14.2 2010.12.13 - VIPRE 7640 2010.12.14 - ViRobot 2010.12.13.4198 2010.12.13 - VirusBuster 13.6.92.0 2010.12.13 - Additional information Show all MD5 : a0b6beb833befa8433219d23220518e3 SHA1 : 43a0eb51441d4abb20902121656894eb38cd9dd0 SHA256: 6d29739e8c94c1334ce435cd03aec30090b87e233a16d4dc9df6914f5cb69cab
- December 14, 2010
- 26 replies
rootkit virus returned

heybabyzr0 replied to heybabyzr0's topic in Resolved Malware Removal Logs

This is the Extras log: OTL Extras logfile created on: 12/12/2010 5:53:23 PM - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Just\Desktop\yep Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 55.00% Memory free 2.00 Gb Paging File | 1.00 Gb Available in Paging File | 70.00% Paging File free Paging file location(s): C:\pagefile.sys 672 1344 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 55.89 Gb Total Space | 5.72 Gb Free Space | 10.24% Space Free | Partition Type: NTFS Computer Name: TOSHIBA-USER | User Name: Just | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusOverride" = 0 "FirewallOverride" = 0 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\Documents and Settings\Just\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe" = C:\Documents and Settings\Just\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player -- File not found "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- File not found "C:\Program Files\Moony\moony.exe" = C:\Program Files\Moony\moony.exe:*:Enabled:Moony -- File not found ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{007C0BB9-C5E2-4C73-B96B-2BBD5CEA9BF9}" = 2350 "{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0 "{0390854C-42B9-4BC2-B0CF-87DDA0F62EC8}" = 2350_Help "{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32 "{05832D65-6EDB-4D32-BA78-BCD0E2B91C02}" = Atheros Wireless LAN MiniPCI card Driver "{07E4A34E-4A4B-411C-B31C-D6FBD3EA9959}" = Absolute Beginner's Series VB Lesson 1 "{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}" = Symantec KB-DocID:2003093015493306 "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel "{0C19D563-5F25-4621-BF10-01F741BD283F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools English "{0E4BC542-9CFD-4E97-B586-9F1E5516E7B9}" = Microsoft IntelliPoint 6.1 "{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool "{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp "{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA "{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in "{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch "{14BEB6DF-A499-4A38-8E06-E173BCD5C087}" = ScannerCopy "{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools "{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy "{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2 "{181821B7-82AA-44DA-9DAF-EF254CCB670A}" = Fax "{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files "{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare "{1B680FBA-E317-4E93-AF43-3B59798A4BE0}" = Copy "{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform "{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine "{272EC8BA-5A08-4ea1-A189-684466A06B02}" = cp_dwShrek2Albums1 "{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2 "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg "{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types "{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload "{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0 "{342C7C88-D335-4bc2-8CF1-281857629CE2}" = HP PSC & OfficeJet 4.7 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}" = CueTour "{391E18CE-7D3B-45E9-A8F0-34E77F14F47A}" = ProductContext "{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU "{3BEF9769-BA52-18F7-1D02-2362F6A27E38}" = Adobe Media Player "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{3CF0858D-1AC5-4308-9DE7-AD15288A8BDC}" = TOSHIBA Console "{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0 "{442BE28B-782B-4DC0-B490-E70A403B1C69}" = Readme "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials "{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0 "{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared "{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files "{4B35F00C-E63D-40DC-9839-DF15A33EAC46}" = Grand Theft Auto Vice City "{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects "{50E5BAEB-0313-7657-91C9-A793102EF6C4}" = Mysteryville "{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport "{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services "{59996900-0E6C-45B7-8C39-C64CB98462E4}" = Microsoft Web Platform Installer 2.0 "{5BDFAB82-060E-438B-AB4F-A2331B2294C0}" = Microsoft ASP.NET MVC 2 - VWD Express 2010 Tools "{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu "{5D96E2B1-D9AC-46E0-9073-425C5F63E338}" = Touch and Launch "{5E8D588F-307C-4250-B622-26969027319A}" = PanoStandAlone "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects "{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery "{64FC0C98-B035-4530-B15D-3D30610B6DF1}" = HP Software Update "{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{6A136B9A-1895-436F-83F8-30D9C68BB6EA}" = Rhapsody Player Engine "{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319 "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder "{6F6FF691-A9FA-46D3-B1B0-3F971E1B65DD}" = TOSHIBA Power Management Utility "{70C592EC-AE9B-4734-928B-676E824FB41E}" = MFC RunTime files "{71D658CF-4E0D-4DA8-AA67-8C0B6F1C01FE}" = Atheros Client Utility "{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}" = cp_dwShrek2Cards1 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics "{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01 "{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1 "{85076DFF-7A17-3566-9CC0-488E6E6D4494}" = Microsoft Visual Web Developer 2010 Express - ENU "{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware "{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12 "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for Toshiba "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow! "{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}" = Realtek Fast Ethernet Adapter Driver "{9860A9CF-7E71-43AC-888F-0B4D3EA212D1}" = Roxio Burn Engine "{9AC200C3-A4C8-401C-A5A8-202BE888B165}" = TOSHIBA Fax Extension "{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}" = DVD-RAM Driver "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver "{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer "{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime "{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A3BC5D37-30F9-4CF7-BD5C-0DFF063E4B6D}" = 2Wire Wireless Client "{A5181519-9F3D-4372-ABC6-C333C2F3A816}_is1" = RunAlyzer "{A5B9D22C-755A-4AC6-9904-875E80838BB6}" = CP_AtenaShokunin1Config "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}" = HP Update "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1 "{ACA85783-8EEA-4f0a-B2A3-A8173F30209F}" = C4200_doccd "{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4 "{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant "{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan "{B09BCBF6-87EE-4403-A336-3A9510856535}" = HP Photosmart All-In-One Software 9.0 "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger "{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 "{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter "{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree "{BFDE4176-5DFE-4db9-AA00-8F30CB001BDA}" = c4200_Help "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C0E7118C-CF3D-46EC-B431-F744C035A571}" = 2350Trb "{C39E671D-0528-4c5e-A034-8470C5BC393A}" = C4200 "{C878CD69-85DB-426B-81A3-E71175AAEB91}" = Dealio Toolbar v4.0.2 "{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program "{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb" = Microsoft Automated Troubleshooting Services Shim "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition "{CE0C8CC5-E396-442B-A50E-D1D374A9E820}" = DocumentViewer "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack "{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component "{D69F6DA9-46CF-3EFD-DC4B-9E38F75F5B10}" = Super Collapse 3 "{D8B7A682-20DA-4797-8415-B1FB14D4D32B}" = PS_AIO_Software "{E1E502E2-C006-49DB-9C0C-F2196E51826F}_is1" = Rootkit Unhooker LE 3.8 SR 2 "{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm "{E28750A2-45F2-4b63-99F7-9F81A94B1E2D}" = PS_AIO_Software_min "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call "{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware "{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox "{ED784556-66AA-3F17-9B58-7246ACB5C7E4}" = Microsoft Visual Basic 2010 Express - ENU "{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications "{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery "{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F1DC7648-8623-442F-92B7-E118DF61872E}" = Microsoft SQL Server 2008 RsFx Driver "{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared "{F48D45F4-8728-41D5-8F60-C22B48009736}" = TouchPad On/Off Utility "{F69B66A8-61C9-424C-AFA1-7EC6093AC5AD}" = TOSHIBA Software Upgrades "{F6C405D2-C50D-4D10-B89E-73A233A14D74}" = Toshiba Registration "{f719d8a6-46fc-4d71-94c6-ffd17a8c9f35}" = Python 3.1.3 "{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE "{F821C9EC-BC2E-4FC4-993D-88B8B30C3AD6}" = TOSHIBA Hotkey Utility "{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio "{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates "{FD7F242B-9AA0-40c3-941E-3A9821D19C09}" = PS_AIO_ProductContext "{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status "2Wire SetupWiz" = SBC Yahoo! DSL Home Networking Installer "Adobe Acrobat 5.0" = Adobe Acrobat 5.0 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "All ATI Software" = ATI - Software Uninstall Utility "All Video to VCD SVCD DVD Creator & Burner_is1" = All Video to VCD SVCD DVD Creator & Burner 4.5.5 "AT&T Connection Services Software" = AT&T Connection Services Manager "ATI Display Driver" = ATI Display Driver "ATT-PRT22" = ATT-PRT22 "AviSynth" = AviSynth 2.5 "Blender" = Blender (remove only) "com.adobe.amp.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Media Player "DivX Setup.divx.com" = DivX Setup "FileZilla Client" = FileZilla Client 3.3.5.1 "Free FLV Converter_is1" = Free FLV Converter V 6.93.0 "FXCM Micro Trading Station II" = FXCM Micro Trading Station II "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "HP Imaging Device Functions" = HP Imaging Device Functions 9.0 "HP Photo & Imaging" = HP Image Zone 4.7 "HP Photosmart Essential" = HP Photosmart Essential 2.01 "HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0 "HPExtendedCapabilities" = HP Customer Participation Program 9.0 "HPOCR" = HP OCR Software 9.0 "ie8" = Windows Internet Explorer 8 "IL Download Manager" = IL Download Manager "InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager "InstallShield_{6F6FF691-A9FA-46D3-B1B0-3F971E1B65DD}" = TOSHIBA Power Management Utility "InstallShield_{F48D45F4-8728-41D5-8F60-C22B48009736}" = TouchPad On/Off Utility "InstallShield_{F821C9EC-BC2E-4FC4-993D-88B8B30C3AD6}" = TOSHIBA Hotkey Utility "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Media Player Classic" = Media Player Classic "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0 "Microsoft Security Essentials" = Microsoft Security Essentials "Microsoft Visual Basic 2010 Express - ENU" = Microsoft Visual Basic 2010 Express - ENU "Microsoft Visual Web Developer 2010 Express - ENU" = Microsoft Visual Web Developer 2010 Express - ENU "Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "Mysteryville" = Mysteryville (remove only) "Notebook_Maximizer" = Notebook Maximizer "PC Diagnostic Tool" = TOSHIBA PC Diagnostic Tool "RarZilla Free Unrar" = RarZilla Free Unrar "RealPlayer 12.0" = RealPlayer "Super Collapse 3" = Super Collapse 3 (remove only) "TomTom HOME" = TomTom HOME 2.7.6.2056 "TOSHIBA Access" = TOSHIBA Access "TOSHIBA Software Modem" = TOSHIBA Software Modem "Toshiba Tbiosdrv Driver" = Toshiba Tbiosdrv Driver "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 "WIC" = Windows Imaging Component "Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinLiveSuite_Wave3" = Windows Live Essentials "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "Yahoo! Software Update" = Yahoo! Software Update "YInstHelper" = Yahoo! Install Manager ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 12/10/2010 4:55:45 PM | Computer Name = TOSHIBA-USER | Source = Application Error | ID = 1000 Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting module ntdll.dll, version 5.1.2600.5755, fault address 0x00023845. Error - 12/10/2010 6:21:27 PM | Computer Name = TOSHIBA-USER | Source = crypt32 | ID = 131077 Description = Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/2796BAE63F1801E277261BA0D77770028F20EEE4.crt> with error: The connection with the server was terminated abnormally Error - 12/10/2010 6:21:27 PM | Computer Name = TOSHIBA-USER | Source = crypt32 | ID = 131077 Description = Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/2796BAE63F1801E277261BA0D77770028F20EEE4.crt> with error: This network connection does not exist. Error - 12/10/2010 6:22:00 PM | Computer Name = TOSHIBA-USER | Source = crypt32 | ID = 131077 Description = Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/2796BAE63F1801E277261BA0D77770028F20EEE4.crt> with error: The connection with the server was terminated abnormally Error - 12/10/2010 6:22:00 PM | Computer Name = TOSHIBA-USER | Source = crypt32 | ID = 131077 Description = Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/2796BAE63F1801E277261BA0D77770028F20EEE4.crt> with error: This network connection does not exist. Error - 12/10/2010 6:45:32 PM | Computer Name = TOSHIBA-USER | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The connection with the server was terminated abnormally Error - 12/10/2010 6:45:32 PM | Computer Name = TOSHIBA-USER | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist. Error - 12/10/2010 8:24:49 PM | Computer Name = TOSHIBA-USER | Source = Application Error | ID = 1000 Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting module ntdll.dll, version 5.1.2600.5755, fault address 0x00023845. Error - 12/10/2010 9:39:00 PM | Computer Name = TOSHIBA-USER | Source = Application Error | ID = 1000 Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting module ntdll.dll, version 5.1.2600.5755, fault address 0x00011689. Error - 12/10/2010 9:39:16 PM | Computer Name = TOSHIBA-USER | Source = Application Error | ID = 1000 Description = Faulting application padexe.exe, version 1.2.4.0, faulting module padhook.dll, version 1.2.2.0, fault address 0x00001652. [ System Events ] Error - 12/11/2010 7:13:45 PM | Computer Name = TOSHIBA-USER | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 12/11/2010 7:14:30 PM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: Aspi32 ECioctl Fips intelppm MpFilter SASDIFSV SASKUTIL SrvcEKIOMngr SrvcEPIOMngr SrvcSSIOMngr SrvcTPIOMngr Error - 12/11/2010 7:15:41 PM | Computer Name = TOSHIBA-USER | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} Error - 12/11/2010 7:18:08 PM | Computer Name = TOSHIBA-USER | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 12/11/2010 8:53:41 PM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7034 Description = The Atheros Configuration Service service terminated unexpectedly. It has done this 1 time(s). Error - 12/11/2010 8:53:41 PM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7034 Description = The Swupdtmr service terminated unexpectedly. It has done this 1 time(s). Error - 12/11/2010 8:53:41 PM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7034 Description = The VRAID Log Service service terminated unexpectedly. It has done this 1 time(s). Error - 12/11/2010 8:53:41 PM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7034 Description = The Window Washer Engine service terminated unexpectedly. It has done this 1 time(s). Error - 12/11/2010 9:17:17 PM | Computer Name = TOSHIBA-USER | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 12/11/2010 9:17:53 PM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: Aspi32 ECioctl Fips intelppm MpFilter SASDIFSV SASKUTIL SrvcEKIOMngr SrvcEPIOMngr SrvcSSIOMngr SrvcTPIOMngr < End of report >
- December 13, 2010
- 26 replies
rootkit virus returned

heybabyzr0 replied to heybabyzr0's topic in Resolved Malware Removal Logs

This is the OLT log: OTL logfile created on: 12/12/2010 5:53:23 PM - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Just\Desktop\yep Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 55.00% Memory free 2.00 Gb Paging File | 1.00 Gb Available in Paging File | 70.00% Paging File free Paging file location(s): C:\pagefile.sys 672 1344 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 55.89 Gb Total Space | 5.72 Gb Free Space | 10.24% Space Free | Partition Type: NTFS Computer Name: TOSHIBA-USER | User Name: Just | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Just\Desktop\yep\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation) PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom) PRC - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation) PRC - c:\Program Files\Microsoft Security Essentials\MpCmdRun.exe (Microsoft Corporation) PRC - C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.) PRC - C:\Program Files\VIA\RAID\vialogsv.exe () PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Webroot\Washer\WasherSvc.exe () PRC - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation) PRC - C:\Program Files\Toshiba\Power Management\CePMTray.exe (COMPAL ELECTRONIC INC.) PRC - c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe () PRC - C:\Program Files\Toshiba\E-KEY\CeEKey.exe (COMPAL ELECTRONIC INC.) PRC - C:\WINDOWS\system32\acs.exe () PRC - C:\Program Files\Toshiba\TouchPad\TPTray.exe (COMPAL ELECTRONIC INC.) PRC - C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) PRC - C:\Program Files\Toshiba\Touch and Launch\PadExe.exe (TOSHIBA) PRC - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe (COMPAL ELECTRONIC INC.) PRC - C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA) PRC - C:\WINDOWS\system32\DVDRAMSV.exe (Matsushita Electric Industrial Co., Ltd.) PRC - C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\Just\Desktop\yep\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (PEVSystemStart) -- C:\Combo-Fix.com\PEV.cfx File not found SRV - (NMSAccess) -- C:\Program Files\Blaze Media Pro\NMSAccess32.exe File not found SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom) SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation) SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe (Microsoft Corporation) SRV - (WPFFontCache_v0400) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (NetTcpPortSharing) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) SRV - (Application Updater) -- C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.) SRV - (VRAID Log Service) -- C:\Program Files\VIA\RAID\vialogsv.exe () SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) SRV - (wwEngineSvc) -- C:\Program Files\Webroot\Washer\WasherSvc.exe () SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation) SRV - (Swupdtmr) -- c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe () SRV - (ACS) -- C:\WINDOWS\system32\acs.exe () SRV - (CFSvcs) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) SRV - (CeEPwrSvc) -- C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe (COMPAL ELECTRONIC INC.) SRV - (DVD-RAM_Service) -- C:\WINDOWS\system32\DVDRAMSV.exe (Matsushita Electric Industrial Co., Ltd.) ========== Driver Services (SafeList) ========== DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys File not found DRV - (MRESP50a64) -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS File not found DRV - (MREMP50a64) -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS File not found DRV - (MR97310_USB_DUAL_CAMERA) -- C:\WINDOWS\System32\DRIVERS\mr97310c.sys File not found DRV - (jdml) -- C:\WINDOWS\System32\drivers\bfwqms.sys File not found DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys File not found DRV - (NCHSSVAD) SoundTap Recorder (32 Bit) -- C:\WINDOWS\system32\drivers\nchssvad.sys (NCH Swift Sound) DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation ) DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.) DRV - (RsFx0102) -- C:\WINDOWS\system32\drivers\RsFx0102.sys (Microsoft Corporation) DRV - (SSKBFD) -- C:\WINDOWS\system32\drivers\sskbfd.sys (Webroot Software Inc (www.webroot.com)) DRV - (SRS_SSCFilter) SRS Labs Audio Sandbox (WDM) -- C:\WINDOWS\system32\drivers\SRS_SSCFilter_i386.sys () DRV - (symlcbrd) -- C:\WINDOWS\system32\drivers\symlcbrd.sys (Symantec Corporation) DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\rtl8139.sys (Realtek Semiconductor Corporation) DRV - (EPOWER) -- C:\WINDOWS\system32\drivers\hkdrv.sys (Compal Electronic Inc.) DRV - (ESDCR) -- C:\WINDOWS\system32\drivers\ESD7SK.sys (ENE Technology Inc.) DRV - (EMSCR) -- C:\WINDOWS\system32\drivers\EMS7SK.sys (ENE Technology Inc.) DRV - (ESMCR) -- C:\WINDOWS\system32\drivers\ESM7SK.sys (ENE Technology Inc.) DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (ECioctl) -- C:\WINDOWS\system32\drivers\ECioctl.sys (TOSHIBA ) DRV - (SrvcSSIOMngr) -- C:\WINDOWS\system32\drivers\SSIOMngr.sys (COMPAL ELECTRONIC INC.) DRV - (SrvcTPIOMngr) -- C:\WINDOWS\system32\drivers\TPIOMngr.sys (COMPAL ELECTRONIC INC.) DRV - (SrvcEKIOMngr) -- C:\WINDOWS\system32\drivers\EKIOMngr.sys (COMPAL ELECTRONIC INC.) DRV - (SrvcEPIOMngr) -- C:\WINDOWS\system32\drivers\EPIOMngr.sys (COMPAL ELECTRONIC INC.) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (tfsnudfa) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions) DRV - (tfsnudf) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions) DRV - (tfsnifs) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions) DRV - (tfsncofs) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions) DRV - (tfsnboio) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions) DRV - (tfsnopio) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions) DRV - (tfsnpool) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions) DRV - (tfsndrct) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions) DRV - (tfsndres) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions) DRV - (AR5211) -- C:\WINDOWS\system32\drivers\ar5211.sys (Atheros Communications, Inc.) DRV - (MDC8021X) AEGIS Protocol (IEEE 802.1x) -- C:\WINDOWS\system32\drivers\mdc8021x.sys (Meetinghouse Data Communications) DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems) DRV - (ndiscm) -- C:\WINDOWS\system32\drivers\NetMotCM.sys (Motorola Inc.) DRV - (sscdbhk5) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys (Sonic Solutions) DRV - (ssrtln) -- C:\WINDOWS\system32\drivers\ssrtln.sys (Sonic Solutions) DRV - (drvmcdb) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions) DRV - (drvnddm) -- C:\WINDOWS\system32\drivers\drvnddm.sys (Sonic Solutions) DRV - (ALCXSENS) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS (Sensaura Ltd) DRV - (meiudf) -- C:\WINDOWS\system32\drivers\meiudf.sys (Matsushita Electric Industrial Co.,Ltd.) DRV - (RTL8023) -- C:\WINDOWS\system32\drivers\Rtlnic51.sys (Realtek Semiconductor Corporation ) DRV - (TBiosDrv) -- C:\WINDOWS\system32\drivers\tbiosdrv.sys () DRV - (caboagp) -- C:\WINDOWS\System32\DRIVERS\atisgkaf.sys (ATI Technologies Inc.) DRV - (Netdevio) -- C:\WINDOWS\system32\drivers\Netdevio.sys (TOSHIBA Corporation.) DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.) DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\SMCIRDA.SYS (SMC) DRV - (Aspi32) -- C:\WINDOWS\System32\drivers\ASPI32.SYS (Adaptec) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.msn.iplay.com/?o=shp IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "bing" FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=IEFM1&q=" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.yahoo.com" FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1 FF - prefs.js..extensions.enabledItems: killjasmin@pierros14.com:2.1 FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.13 FF - prefs.js..network.proxy.ftp: "72.149.226.121" FF - prefs.js..network.proxy.ftp_port: 8080 FF - prefs.js..network.proxy.gopher: "72.149.226.121" FF - prefs.js..network.proxy.gopher_port: 8080 FF - prefs.js..network.proxy.http: "72.149.226.121" FF - prefs.js..network.proxy.http_port: 8080 FF - prefs.js..network.proxy.socks: "72.149.226.121" FF - prefs.js..network.proxy.socks_port: 8080 FF - prefs.js..network.proxy.ssl: "72.149.226.121" FF - prefs.js..network.proxy.ssl_port: 8080 FF - prefs.js..network.proxy.type: 0 FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/16 22:39:47 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/10 15:06:16 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/09 21:44:40 | 000,000,000 | ---D | M] [2010/05/31 15:50:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Just\Application Data\Mozilla\Extensions [2010/01/24 18:00:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Just\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2010/05/31 15:50:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Just\Application Data\Mozilla\Extensions\home2@tomtom.com [2010/02/22 23:09:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Just\Application Data\Mozilla\Extensions\mozswing@mozswing.org [2010/12/11 19:36:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions [2010/05/13 04:55:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/11/28 15:29:14 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2010/10/15 08:32:20 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010/09/20 01:03:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\killjasmin@pierros14.com [2010/06/20 22:25:45 | 000,001,819 | ---- | M] () -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\searchplugins\bing.xml [2010/10/24 19:32:03 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010/12/09 21:44:39 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2010/12/09 21:43:55 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll [2010/12/09 21:43:55 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll [2004/11/12 21:36:20 | 000,005,120 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Mozilla Firefox\plugins\NPAdbESD.dll [2009/10/11 04:17:27 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll [2008/06/27 16:03:12 | 001,446,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll [2006/07/08 17:02:10 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll [2010/12/09 21:44:20 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll [2006/10/26 19:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL [2007/03/22 18:23:30 | 000,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL [2010/11/06 11:37:34 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll [2009/08/27 04:37:03 | 000,140,864 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll [2009/10/17 14:48:32 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll [2009/10/17 14:48:33 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll [2009/10/17 14:48:33 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll [2009/10/17 14:48:33 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll [2009/10/17 14:48:33 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll [2009/10/17 14:48:33 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll [2009/10/17 14:48:33 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll [2005/04/27 14:10:49 | 000,102,400 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npracplug.dll [2009/08/27 04:37:38 | 000,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll [2009/08/27 04:36:55 | 000,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll [2009/09/27 03:31:00 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll [2010/10/20 21:33:44 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml [2010/10/20 21:33:44 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml [2010/10/02 00:10:16 | 000,002,064 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bingober35794156.xml [2010/10/20 21:33:44 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml [2010/10/20 21:33:44 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml [2010/10/20 21:33:44 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml [2010/10/20 21:33:44 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml [2010/10/20 21:33:44 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml O1 HOSTS File: ([2010/11/26 09:36:39 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions) O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.) O4 - HKLM..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe (COMPAL ELECTRONIC INC.) O4 - HKLM..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe (COMPAL ELECTRONIC INC.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [intelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe (TOSHIBA) O4 - HKLM..\Run: [PRISMSVR.EXE] C:\WINDOWS\System32\PRISMSVR.EXE File not found O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.) O4 - HKLM..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe (COMPAL ELECTRONIC INC.) O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.) O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://activation.rr.com/install/downloads/tgctlcm.cab (Support.com Configuration Class) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\common\yinsthelper.dll (YInstStarter Class) O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2...78f/wvc1dmo.cab (Reg Error: Key error.) O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} https://www.microsoft.com/resources/virtual...iveXClient1.cab (Microsoft Virtual Server VMRC Advanced Control) O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase6796.cab (Windows Live Safety Center Base Module) O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} http://support.microsoft.com/mats/DiagWebControl.cab (Diagnostics ActiveX WebControl) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com) O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation) O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation) O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation) O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation) O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O24 - Desktop Components:0 (My Current Home Page) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Toshiba.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Toshiba.bmp O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation) O30 - LSA: Security Packages - (hell\v1.0\ecurity Packages sett) - File not found O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{183bc195-6d12-11df-b8e0-009096b74758}\Shell\AutoRun\command - "" = G:\InstallTomTomHOME.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/12/12 17:16:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Just\Desktop\yep [2010/12/12 15:11:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Just\Desktop\New Folder (4) [2010/12/11 19:51:47 | 000,140,288 | ---- | C] (Viscom Software www.viscomsoft.com) -- C:\WINDOWS\System32\viscomqtde.dll [2010/12/11 19:51:47 | 000,060,416 | ---- | C] (Viscom Software www.viscomsoft.com) -- C:\WINDOWS\System32\viscomtran.dll [2010/12/11 19:51:47 | 000,052,736 | ---- | C] (Viscom Software) -- C:\WINDOWS\System32\viscomwave.dll [2010/12/11 19:51:46 | 000,713,728 | ---- | C] (Viscom Software www.viscomsoft.com) -- C:\WINDOWS\System32\viscommpgenc.dll [2010/12/11 19:51:46 | 000,387,584 | ---- | C] (Viscom Software www.viscomsoft.com) -- C:\WINDOWS\System32\viscomflvdec.dll [2010/12/11 19:51:46 | 000,117,760 | ---- | C] (Viscom Software www.viscomsoft.com) -- C:\WINDOWS\System32\viscommpgdec.dll [2010/12/11 19:51:46 | 000,059,904 | ---- | C] (Viscom Software) -- C:\WINDOWS\System32\viscomaudioencoder.dll [2010/12/11 19:51:46 | 000,059,904 | ---- | C] (Viscom Software) -- C:\WINDOWS\System32\viscomaudiodata.dll [2010/12/11 19:51:46 | 000,054,272 | ---- | C] (Viscom Software www.viscomsoft.com) -- C:\WINDOWS\System32\viscomframe.dll [2010/12/11 19:51:43 | 000,136,192 | ---- | C] (Viscom Software www.viscomsoft.com) -- C:\WINDOWS\System32\VideoEdit.ocx [2010/12/11 19:51:42 | 000,655,360 | ---- | C] (AuthoringWare Co.) -- C:\WINDOWS\System32\dvdlib.dll [2010/12/11 19:51:42 | 000,245,760 | ---- | C] (AuthoringWare Co.) -- C:\WINDOWS\System32\writelib.dll [2010/12/11 19:51:39 | 000,299,008 | ---- | C] (Gabest) -- C:\WINDOWS\System32\RealMediaSplitter.ax [2010/12/11 19:51:39 | 000,262,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mpg4ds32.axu [2010/12/11 19:51:39 | 000,139,264 | ---- | C] (Ligos Corporation) -- C:\WINDOWS\System32\Mpeg2Decoder.ax [2010/12/11 19:51:39 | 000,094,208 | ---- | C] (Ligos Corporation) -- C:\WINDOWS\System32\Mpeg2Parser.ax [2010/12/11 19:51:38 | 000,236,544 | ---- | C] (DivXNetworks, Inc.) -- C:\WINDOWS\System32\divxdec.ax [2010/12/11 19:51:37 | 000,000,000 | ---D | C] -- C:\Program Files\Zealot Software [2010/12/11 19:18:39 | 000,000,000 | --SD | C] -- C:\Combo-Fix.com [2010/12/11 14:35:39 | 009,155,258 | ---- | C] (Zealotsoft,Inc. ) -- C:\Documents and Settings\Just\Desktop\videotodvd.exe [2010/12/10 15:04:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Just\Desktop\Hannah+Emo+Amateur+in+Hotel+With+2+Teen+Friends [2010/12/09 15:23:01 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2010/12/09 15:23:01 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2010/12/09 15:23:01 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2010/12/09 15:23:01 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2010/12/09 15:22:38 | 000,000,000 | ---D | C] -- C:\Qoobox [2010/12/09 15:15:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Just\Desktop\tdsskiller [2010/12/08 18:08:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Just\Desktop\New Folder (2) [2010/12/06 22:53:18 | 000,000,000 | ---D | C] -- C:\tmp [2010/12/02 23:24:17 | 000,000,000 | ---D | C] -- C:\Python31 [2010/12/02 23:19:22 | 000,000,000 | ---D | C] -- C:\Program Files\Blender Foundation [2010/12/02 21:57:03 | 000,000,000 | ---D | C] -- C:\Program Files\DatawareGames [2010/12/02 15:55:39 | 000,000,000 | ---D | C] -- C:\trying [2010/12/01 10:45:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Just\Desktop\Utility Bills [2010/11/29 19:59:12 | 000,000,000 | ---D | C] -- C:\BegASPNET [2010/11/29 19:39:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Just\WebSite9 [2010/11/29 19:12:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Just\WebSite8 [2010/11/27 18:31:20 | 002,146,304 | ---- | C] (Python Software Foundation) -- C:\WINDOWS\System32\python31.dll [2010/11/27 08:07:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real [2010/11/26 04:13:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Just\Desktop\Icons [2010/11/25 01:56:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe [2010/11/24 10:36:48 | 000,000,000 | RHSD | C] -- C:\cmdcons [2010/11/23 12:07:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia [2010/11/23 11:38:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe [2010/11/23 11:20:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Just\Local Settings\Application Data\Help [2010/11/23 11:20:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Just\Application Data\Help [2010/11/23 07:39:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy [2010/11/23 07:39:26 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2010/11/23 01:21:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials [2010/11/23 01:00:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia [2010/11/23 01:00:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe [2010/11/22 04:54:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Just\Local Settings\Application Data\Cooliris [2010/11/20 23:11:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\license [2010/11/18 22:11:00 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/11/18 22:10:58 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010/11/18 22:10:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010/11/18 19:39:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Just\Application Data\SUPERAntiSpyware.com [2010/11/16 16:29:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\EmTec [2010/11/16 16:29:01 | 000,000,000 | ---D | C] -- C:\Program Files\Moony [2010/11/15 23:30:57 | 000,225,280 | ---- | C] (Propellerhead Software AB) -- C:\WINDOWS\System32\rewire.dll [2010/11/15 23:30:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Just\My Documents\Image-Line [2010/11/15 23:30:29 | 001,554,944 | ---- | C] (HMS http://hp.vector.co.jp/authors/VA012897/) -- C:\WINDOWS\System32\vorbis.acm [2010/11/15 23:29:57 | 000,000,000 | ---D | C] -- C:\Program Files\VstPlugins [2010/11/15 23:29:52 | 000,000,000 | ---D | C] -- C:\Program Files\Outsim [2010/11/15 23:26:36 | 000,000,000 | ---D | C] -- C:\Program Files\Image-Line [2008/03/18 05:07:50 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll [2004/05/06 17:03:26 | 000,036,864 | ---- | C] ( ) -- C:\WINDOWS\System32\ECioctl.dll ========== Files - Modified Within 30 Days ========== [2010/12/12 17:56:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA1cab73016a97d00.job [2010/12/12 17:54:00 | 000,000,440 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{53C00C9D-9D70-4766-8777-95028C0755FB}.job [2010/12/12 17:41:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At19.job [2010/12/12 17:30:47 | 157,286,400 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\MAN-051.part5.rar [2010/12/12 16:41:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At16.job [2010/12/12 15:47:14 | 056,561,700 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\aunt_nep_www.best.sensualwriter.com.wmv [2010/12/12 15:43:48 | 157,286,400 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\MAN-051.part4.rar [2010/12/12 15:41:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At17.job [2010/12/12 14:53:03 | 157,286,400 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\MAN-051.part3.rar [2010/12/12 14:41:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At15.job [2010/12/12 13:41:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At14.job [2010/12/12 12:41:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At13.job [2010/12/12 11:41:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At12.job [2010/12/12 10:41:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At11.job [2010/12/12 09:41:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At10.job [2010/12/12 08:41:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At9.job [2010/12/12 07:41:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At6.job [2010/12/12 06:41:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At5.job [2010/12/12 05:41:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At7.job [2010/12/12 04:41:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At8.job [2010/12/12 03:41:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At1.job [2010/12/12 03:08:25 | 157,286,400 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\MAN-051.part2.rar [2010/12/12 02:41:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At3.job [2010/12/12 02:06:19 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2010/12/12 01:56:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cab7301604fabe.job [2010/12/12 01:55:59 | 157,286,400 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\MAN-051.part1.rar [2010/12/12 01:41:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At4.job [2010/12/12 00:41:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At2.job [2010/12/11 23:41:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At24.job [2010/12/11 22:41:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At22.job [2010/12/11 21:41:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At23.job [2010/12/11 20:41:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At21.job [2010/12/11 20:28:59 | 184,683,972 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\Homemade - Guy With Ex-Girlfriend.rar.part [2010/12/11 19:55:09 | 000,005,120 | ---- | M] () -- C:\Documents and Settings\Just\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/12/11 19:51:50 | 000,000,936 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\All Video to VCD SVCD DVD Creator & Burner.lnk [2010/12/11 19:41:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At20.job [2010/12/11 19:24:02 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/12/11 19:23:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/12/11 19:23:09 | 1475,399,680 | -HS- | M] () -- C:\hiberfil.sys [2010/12/11 18:51:43 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At18.job [2010/12/11 18:51:11 | 123,112,500 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\katy.wmv [2010/12/11 17:10:23 | 003,988,425 | R--- | M] () -- C:\Documents and Settings\Just\Desktop\Combo-Fix.com.exe [2010/12/11 14:36:45 | 009,155,258 | ---- | M] (Zealotsoft,Inc. ) -- C:\Documents and Settings\Just\Desktop\videotodvd.exe [2010/12/10 17:41:06 | 000,014,739 | ---- | M] () -- C:\WINDOWS\System32\12543.js [2010/12/10 16:45:50 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/12/10 16:22:53 | 000,048,461 | ---- | M] () -- C:\Documents and Settings\Just\My Documents\Justin Hayes.docx [2010/12/09 20:40:26 | 000,037,271 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\hot.jpg [2010/12/09 20:40:20 | 000,068,260 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\blondie.jpg [2010/12/08 16:46:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2010/12/08 16:24:05 | 298,042,203 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\03.wmv [2010/12/08 13:34:22 | 750,282,931 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\Mommy-Needs-Money-2-Scene-1-HI.wmv [2010/12/08 12:45:04 | 365,296,585 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\Bang-a-Midget-4-Scene-5-HI.wmv [2010/12/07 23:15:10 | 000,039,831 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\1544053738_7262091669.jpg [2010/12/07 22:30:29 | 289,688,216 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\Sweet.avi [2010/12/05 22:50:41 | 002,346,016 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\FigureRef.jpg [2010/12/05 17:13:54 | 000,108,635 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\bodyref.jpg [2010/12/04 13:04:59 | 000,009,706 | ---- | M] () -- C:\Documents and Settings\Just\My Documents\Book1.xlsx [2010/12/02 23:23:06 | 014,300,160 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\python-3.1.3.msi [2010/12/02 23:19:54 | 000,001,745 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\Blender.lnk [2010/12/02 23:17:43 | 011,293,392 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\blender-2.49b-windows.exe [2010/12/02 11:37:39 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Just\My Documents\styles.css [2010/12/01 14:55:43 | 107,113,035 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\pa_ErotikPaar2229_anal.wmv [2010/11/30 08:35:42 | 1397,710,482 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\kmi025-AsiaMoviePass.avi [2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010/11/29 06:39:08 | 000,001,663 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FileZilla Client.lnk [2010/11/29 06:38:42 | 004,251,204 | ---- | M] () -- C:\Documents and Settings\Just\My Documents\FileZilla_3.3.5.1_win32-setup.exe [2010/11/28 15:21:42 | 000,379,240 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010/11/28 14:38:46 | 000,000,278 | -HS- | M] () -- C:\WINDOWS\setup_9.0.0.722_28.11.2010_18-17drv.spi [2010/11/27 18:31:20 | 002,146,304 | ---- | M] (Python Software Foundation) -- C:\WINDOWS\System32\python31.dll [2010/11/26 09:36:39 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts [2010/11/24 10:36:55 | 000,000,354 | RHS- | M] () -- C:\boot.ini [2010/11/24 08:35:33 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Just\defogger_reenable [2010/11/23 07:13:16 | 000,000,314 | ---- | M] () -- C:\Boot.bak [2010/11/23 01:21:47 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk [2010/11/18 21:41:43 | 000,000,006 | ---- | M] () -- C:\Documents and Settings\Just\Application Data\completescan [2010/11/18 19:37:53 | 000,000,006 | ---- | M] () -- C:\Documents and Settings\Just\Application Data\start [2010/11/18 19:32:19 | 000,000,010 | ---- | M] () -- C:\Documents and Settings\Just\Application Data\install ========== Files Created - No Company Name ========== [2010/12/12 17:12:03 | 157,286,400 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\MAN-051.part5.rar [2010/12/12 15:24:41 | 056,561,700 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\aunt_nep_www.best.sensualwriter.com.wmv [2010/12/12 15:24:19 | 157,286,400 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\MAN-051.part4.rar [2010/12/12 14:34:36 | 157,286,400 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\MAN-051.part3.rar [2010/12/12 02:51:26 | 157,286,400 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\MAN-051.part2.rar [2010/12/12 01:39:38 | 157,286,400 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\MAN-051.part1.rar [2010/12/12 01:30:52 | 232,576,608 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\049-nana3-1-sp.avi [2010/12/11 20:02:40 | 184,683,972 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\Homemade - Guy With Ex-Girlfriend.rar.part [2010/12/11 19:51:50 | 000,000,936 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\All Video to VCD SVCD DVD Creator & Burner.lnk [2010/12/11 19:51:44 | 002,392,064 | ---- | C] () -- C:\WINDOWS\System32\videotrans.dll [2010/12/11 19:51:44 | 000,215,040 | ---- | C] () -- C:\WINDOWS\System32\videoformat.dll [2010/12/11 19:51:44 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\videocore.dll [2010/12/11 19:51:43 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\imgscaler.dll [2010/12/11 19:51:43 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\img_utils.dll [2010/12/11 19:51:39 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2010/12/11 19:51:39 | 000,128,512 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll [2010/12/11 19:51:39 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\xvid.ax [2010/12/11 19:23:09 | 1475,399,680 | -HS- | C] () -- C:\hiberfil.sys [2010/12/11 18:38:34 | 123,112,500 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\katy.wmv [2010/12/09 20:40:25 | 000,037,271 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\hot.jpg [2010/12/09 20:40:19 | 000,068,260 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\blondie.jpg [2010/12/09 15:23:01 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe [2010/12/09 15:23:01 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2010/12/09 15:23:01 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe [2010/12/09 15:23:01 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2010/12/09 15:23:01 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2010/12/09 15:13:26 | 003,988,425 | R--- | C] () -- C:\Documents and Settings\Just\Desktop\Combo-Fix.com.exe [2010/12/09 13:41:02 | 000,014,739 | ---- | C] () -- C:\WINDOWS\System32\12543.js [2010/12/08 15:14:58 | 298,042,203 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\03.wmv [2010/12/08 11:40:38 | 750,282,931 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\Mommy-Needs-Money-2-Scene-1-HI.wmv [2010/12/08 11:23:17 | 365,296,585 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\Bang-a-Midget-4-Scene-5-HI.wmv [2010/12/07 23:15:09 | 000,039,831 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\1544053738_7262091669.jpg [2010/12/07 22:03:54 | 289,688,216 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\Sweet.avi [2010/12/05 22:50:38 | 002,346,016 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\FigureRef.jpg [2010/12/05 17:13:53 | 000,108,635 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\bodyref.jpg [2010/12/02 23:21:37 | 014,300,160 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\python-3.1.3.msi [2010/12/02 23:19:54 | 000,001,745 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\Blender.lnk [2010/12/02 23:15:42 | 011,293,392 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\blender-2.49b-windows.exe [2010/12/02 11:37:39 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Just\My Documents\styles.css [2010/12/01 14:32:53 | 107,113,035 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\pa_ErotikPaar2229_anal.wmv [2010/12/01 09:11:33 | 015,577,091 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\Playboy's Hot Housewives - 2009 Sep.pdf [2010/11/30 05:46:33 | 1397,710,482 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\kmi025-AsiaMoviePass.avi [2010/11/29 06:39:07 | 000,001,663 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FileZilla Client.lnk [2010/11/29 06:37:47 | 004,251,204 | ---- | C] () -- C:\Documents and Settings\Just\My Documents\FileZilla_3.3.5.1_win32-setup.exe [2010/11/28 13:35:34 | 000,000,278 | -HS- | C] () -- C:\WINDOWS\setup_9.0.0.722_28.11.2010_18-17drv.spi [2010/11/25 07:53:12 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2010/11/24 10:36:55 | 000,000,314 | ---- | C] () -- C:\Boot.bak [2010/11/24 08:35:33 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Just\defogger_reenable [2010/11/23 01:21:47 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk [2010/11/18 19:37:53 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Just\Application Data\start [2010/11/18 19:37:19 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Just\Application Data\completescan [2010/11/18 19:32:19 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\Just\Application Data\install [2010/11/18 19:31:34 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At24.job [2010/11/18 19:31:34 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At23.job [2010/11/18 19:31:34 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At22.job [2010/11/18 19:31:34 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At21.job [2010/11/18 19:31:33 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At20.job [2010/11/18 19:31:33 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At19.job [2010/11/18 19:31:33 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At18.job [2010/11/18 19:31:33 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At17.job [2010/11/18 19:31:33 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At16.job [2010/11/18 19:31:33 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At15.job [2010/11/18 19:31:33 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At14.job [2010/11/18 19:31:33 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At13.job [2010/11/18 19:31:33 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At12.job [2010/11/18 19:31:33 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At11.job [2010/11/18 19:31:32 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At9.job [2010/11/18 19:31:32 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At8.job [2010/11/18 19:31:32 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At7.job [2010/11/18 19:31:32 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At6.job [2010/11/18 19:31:32 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At5.job [2010/11/18 19:31:32 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At4.job [2010/11/18 19:31:32 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At3.job [2010/11/18 19:31:32 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At2.job [2010/11/18 19:31:32 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At10.job [2010/11/18 19:31:32 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At1.job [2010/10/02 18:43:21 | 000,000,434 | ---- | C] () -- C:\Program Files\1002201019432145.bat [2010/09/18 12:00:24 | 001,187,330 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-342708476-2127193123-2648729015-1316-0.dat [2010/09/18 12:00:22 | 000,285,130 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat [2010/01/31 06:11:24 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\Just\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/01/06 01:08:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\AVERM.dll [2010/01/06 01:08:54 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\AVEQT.dll [2009/12/07 00:04:47 | 000,000,084 | ---- | C] () -- C:\WINDOWS\netdet.ini [2009/07/29 09:35:54 | 002,378,752 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll [2009/06/23 16:12:56 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll [2009/05/19 18:58:43 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI [2009/05/19 17:26:10 | 000,000,082 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\SUMQU0C1-FE20-APII-YE7M-BEDSDWMY5R6A.dat [2009/03/03 11:18:04 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll [2008/04/27 08:30:46 | 001,936,528 | ---- | C] () -- C:\WINDOWS\System32\ltmm15.dll [2008/03/18 03:09:19 | 000,000,163 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2007/12/17 02:01:50 | 000,000,046 | ---- | C] () -- C:\WINDOWS\mix-fx.ini [2007/12/13 22:40:04 | 000,047,360 | R--- | C] () -- C:\WINDOWS\System32\drivers\Surroundhp_kern_i386.sys [2007/12/13 22:40:04 | 000,047,104 | R--- | C] () -- C:\WINDOWS\System32\drivers\tshd4_kern_i386.sys [2007/12/13 22:40:04 | 000,042,112 | R--- | C] () -- C:\WINDOWS\System32\drivers\csiidecoder_kern_i386.sys [2007/12/13 22:40:03 | 000,039,808 | R--- | C] () -- C:\WINDOWS\System32\drivers\SRS_SSCFilter_i386.sys [2007/12/10 23:28:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Autorun.INI [2007/12/03 08:31:07 | 000,000,037 | ---- | C] () -- C:\WINDOWS\marscam.ini [2007/06/29 09:56:10 | 000,000,067 | ---- | C] () -- C:\WINDOWS\swupdate.INI [2006/11/06 13:30:38 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll [2006/10/10 13:37:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\TPTray.INI [2006/06/07 18:13:40 | 000,005,706 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log [2006/06/05 23:45:21 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini [2006/06/05 23:29:46 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2006/06/05 23:29:16 | 000,000,227 | ---- | C] () -- C:\WINDOWS\WININIT.INI [2004/04/23 19:33:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2004/04/22 00:58:26 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll [2003/12/02 17:33:28 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2003/12/02 17:33:28 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2003/12/02 17:33:28 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2003/12/02 17:33:28 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2003/12/02 17:33:28 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2003/12/02 17:33:28 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2003/12/02 17:32:25 | 000,356,352 | ---- | C] () -- C:\WINDOWS\System32\EMCRI.dll [2003/12/02 17:22:36 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll [2003/12/02 17:22:35 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll [2003/12/02 17:18:36 | 000,000,894 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI [2003/12/02 17:09:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CePMTray.INI [2003/12/02 17:06:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CeEKey.INI [2003/12/02 16:55:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI [2003/12/02 16:30:44 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini [2003/12/02 16:30:44 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll [2003/12/02 16:30:44 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini [2003/12/02 16:30:44 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini [2003/12/02 16:22:32 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2003/12/02 16:07:09 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2003/12/02 16:01:32 | 000,006,867 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys [2003/12/02 15:14:48 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2003/12/02 15:11:32 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini [2003/12/02 15:04:50 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2003/12/02 13:18:30 | 000,000,384 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2003/12/02 07:00:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [2002/06/06 01:01:58 | 000,029,696 | ---- | C] () -- C:\WINDOWS\System32\asutl8.dll ========== LOP Check ========== [2008/10/12 14:41:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avery [2009/10/17 01:11:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Awem [2010/09/16 08:46:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA [2009/07/03 08:50:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DFX [2010/11/16 16:29:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EmTec [2009/10/03 01:15:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Frozen Codebase LLC [2006/10/31 05:35:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse [2007/03/15 06:01:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Geek Squad [2010/11/20 23:11:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\license [2006/06/05 23:48:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster [2010/01/20 14:23:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound [2010/02/05 03:01:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeoEdge Networks [2006/07/15 18:24:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NETg [2010/10/02 18:43:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Media [2009/09/04 08:01:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters [2009/10/03 09:24:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games [2007/12/13 22:40:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SRS Labs [2010/10/02 01:14:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2010/05/31 18:11:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom [2009/04/17 17:41:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UploadingCom [2010/10/10 10:04:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VideoConverter [2010/07/16 20:21:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint [2009/04/15 14:10:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Virtual Mechanics [2009/03/25 16:50:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\~0 [2010/10/10 13:42:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Just\Application Data\Dealio [2010/12/11 13:52:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Just\Application Data\FileZilla [2010/10/10 10:21:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Just\Application Data\FreeFLVConverter [2010/09/16 17:08:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Just\Application Data\FXTS2 [2003/12/02 16:57:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Just\Application Data\InterTrust [2003/12/02 18:42:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Just\Application Data\InterVideo [2010/03/12 10:11:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Just\Application Data\Leadertech [2010/10/02 18:42:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Just\Application Data\Oberon Media [2010/10/10 13:42:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Just\Application Data\Search Settings [2010/05/31 15:50:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Just\Application Data\TomTom [2003/12/02 17:21:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Just\Application Data\toshiba [2010/12/08 16:46:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job [2010/12/12 03:41:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job [2010/12/12 09:41:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job [2010/12/12 10:41:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job [2010/12/12 11:41:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job [2010/12/12 12:41:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job [2010/12/12 13:41:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job [2010/12/12 14:41:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job [2010/12/12 16:41:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job [2010/12/12 15:41:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job [2010/12/11 18:51:43 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job [2010/12/12 17:41:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job [2010/12/12 00:41:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job [2010/12/11 19:41:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job [2010/12/11 20:41:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job [2010/12/11 22:41:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job [2010/12/11 21:41:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job [2010/12/11 23:41:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job [2010/12/12 02:41:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job [2010/12/12 01:41:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job [2010/12/12 06:41:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job [2010/12/12 07:41:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job [2010/12/12 05:41:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job [2010/12/12 04:41:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job [2010/12/12 08:41:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job [2010/12/12 02:06:19 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job [2010/12/12 17:54:00 | 000,000,440 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{53C00C9D-9D70-4766-8777-95028C0755FB}.job [2010/01/20 14:24:41 | 000,000,272 | ---- | M] () -- C:\WINDOWS\Tasks\zuluSevenDaysInit.job [2010/01/20 14:25:54 | 000,000,266 | ---- | M] () -- C:\WINDOWS\Tasks\zuluShakeIcon.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0AC32449 @Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1AE68282 @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FB669950 < End of report >
- December 13, 2010
- 26 replies
rootkit virus returned

heybabyzr0 replied to heybabyzr0's topic in Resolved Malware Removal Logs

Combo-Fix still will not run. I tried it in regular windows and in safe mode with networking.
- December 12, 2010
- 26 replies
rootkit virus returned

heybabyzr0 replied to heybabyzr0's topic in Resolved Malware Removal Logs

I renamed combo-fix to combo-fix.com. When I turned off Microsoft Security Essentials. When I ran combo-fix I got a warning that Norton Anti-Virus 2006 was running. I've not gotten that message before. I checked the add/remove programs and did not see Norton listed. This computer has been passed down in my family so, there is no telling what used to be there. I canceled the program due to the warning. How do I proceed?
- December 11, 2010
- 26 replies
rootkit virus returned

heybabyzr0 replied to heybabyzr0's topic in Resolved Malware Removal Logs

I ran combo-fix in safe mode with networking and it still froze up. This happened last time I was infected with this problem.
- December 11, 2010
- 26 replies
rootkit virus returned

heybabyzr0 replied to heybabyzr0's topic in Resolved Malware Removal Logs

I downloaded and ran combo fix according to the directions. All anti virus programs and windows were disabled or closed. However, Combo Fix froze and did not generate a report. This happened last time my computer was infected with this same problem.
- December 10, 2010
- 26 replies
rootkit virus returned

heybabyzr0 posted a topic in Resolved Malware Removal Logs

I had a rootkit virus infect my computer about 3 weeks ago. It was cleaned and the computer worked fine until today. I have returned. Search results are being redirected and I have an application popup that says "GetDriveLayOut: CreateFile fail ! The system cannot find the file specified." Any help is welcome. Justin Here is a copy of my Hijack This log and the TDSS Killer log. Hijack This Log: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 5:53:45 PM, on 12/9/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe c:\Program Files\Microsoft Security Essentials\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\ACS.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Application Updater\ApplicationUpdater.exe C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\System32\DVDRAMSV.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Motive\McciCMService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe C:\Program Files\TOSHIBA\TouchPad\TPTray.exe C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe C:\Program Files\TOSHIBA\Power Management\CePMTray.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\Program Files\Microsoft Security Essentials\msseces.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe C:\Program Files\VIA\RAID\vialogsv.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Webroot\Washer\WasherSvc.exe C:\Program Files\Apoint2K\Apntex.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\WINDOWS\system32\RAMASST.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Documents and Settings\Just\My Documents\Downloads\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.msn.iplay.com/?o=shp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O1 - Hosts:
- December 10, 2010
- 26 replies
rootkit.tdss infection

heybabyzr0 replied to heybabyzr0's topic in Resolved Malware Removal Logs

Hey Kenny, The infection has retruned. Here is a copy of my Hijack This log and the TDSS Killer log. Hijack This Log: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 5:53:45 PM, on 12/9/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe c:\Program Files\Microsoft Security Essentials\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\ACS.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Application Updater\ApplicationUpdater.exe C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\System32\DVDRAMSV.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Motive\McciCMService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe C:\Program Files\TOSHIBA\TouchPad\TPTray.exe C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe C:\Program Files\TOSHIBA\Power Management\CePMTray.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\Program Files\Microsoft Security Essentials\msseces.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe C:\Program Files\VIA\RAID\vialogsv.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Webroot\Washer\WasherSvc.exe C:\Program Files\Apoint2K\Apntex.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\WINDOWS\system32\RAMASST.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Documents and Settings\Just\My Documents\Downloads\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.msn.iplay.com/?o=shp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O1 - Hosts:
- December 9, 2010
- 35 replies
rootkit.tdss infection

heybabyzr0 replied to heybabyzr0's topic in Resolved Malware Removal Logs

Thanks Kenny for all your work and sticking with me! Justin
- November 28, 2010
- 35 replies
rootkit.tdss infection

heybabyzr0 replied to heybabyzr0's topic in Resolved Malware Removal Logs

I remove the odd combo fix icon. I downloaded and ran the scan as per your instruction. Currently the computer is running well. I am not getting that annoying application window saying CreatLayerFail... I am not getting odd tabs popping up in my web browser. Here is the log: Autoscan: completed 2 minutes ago (events: 7, objects: 275572, time: 03:16:58) 11/28/2010 11:32:27 AM Task started 11/28/2010 12:06:58 PM Detected: HEUR:Trojan.Win32.KillFiles C:\Program Files\2Wire\sst\VNC\MotVNC.exe/WISE0011.BIN 11/28/2010 1:35:33 PM Detected: Packed.Win32.Krap.hc C:\System Volume Information\_restore{1593D9F2-BEBE-480D-9CDC-68B6495175A6}\RP1074\A0369049.exe 11/28/2010 1:37:46 PM Deleted: Packed.Win32.Krap.hc C:\System Volume Information\_restore{1593D9F2-BEBE-480D-9CDC-68B6495175A6}\RP1074\A0369049.exe 11/28/2010 1:47:50 PM Detected: HEUR:Trojan.Win32.KillFiles C:\System Volume Information\_restore{1593D9F2-BEBE-480D-9CDC-68B6495175A6}\RP1084\A0406558.exe/WISE0011.BIN 11/28/2010 2:38:45 PM Detected: HEUR:Exploit.Script.Generic C:\WINDOWS\system32\123.js 11/28/2010 2:49:25 PM Task completed
- November 28, 2010
- 35 replies
rootkit.tdss infection

heybabyzr0 replied to heybabyzr0's topic in Resolved Malware Removal Logs

I put combofix in the recycle bin and then downloaded combofix to my desktop. I disabled antivirals/spy ware programs and ran combo fix. It did not prompt to install a recovery console. However, in an earlier install it did and the console was installed. The program ran for about an hour. After one minute, the clock on the computer froze. There was no flashing from the HDD light on the computer. No report was generated. I had to restart the computer. Upon restart, I did not get the annoying winding saying something to the effect of "Create drive layout fail" I looked in C:/ and did not find a report however I did find a program icon called ComboFix. The icon is different that the one on my desktop. Any idea what it is?
- November 28, 2010
- 35 replies
rootkit.tdss infection

heybabyzr0 replied to heybabyzr0's topic in Resolved Malware Removal Logs

Here is the HiJack this uninstall list: 2007 Microsoft Office Suite Service Pack 2 (SP2) 2007 Microsoft Office Suite Service Pack 2 (SP2) 2007 Microsoft Office Suite Service Pack 2 (SP2) 2007 Microsoft Office Suite Service Pack 2 (SP2) 2007 Microsoft Office Suite Service Pack 2 (SP2) 2007 Microsoft Office Suite Service Pack 2 (SP2) 2007 Microsoft Office Suite Service Pack 2 (SP2) 2007 Microsoft Office Suite Service Pack 2 (SP2) 2007 Microsoft Office Suite Service Pack 2 (SP2) 2007 Microsoft Office Suite Service Pack 2 (SP2) 2Wire Wireless Client 32 Bit HP CIO Components Installer Absolute Beginner's Series VB Lesson 1 Acrobat.com Adobe Acrobat 5.0 Adobe AIR Adobe AIR Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Media Player Adobe Media Player Adobe Reader 9.4.0 Adobe Shockwave Player 11.5 ALPS Touch Pad Driver AT&T Connection Services Manager Atheros Client Utility Atheros Wireless LAN MiniPCI card Driver ATI - Software Uninstall Utility ATI Control Panel ATI Display Driver ATT-PRT22 AviSynth 2.5 CD/DVD Drive Acoustic Silencer ConvertHelper 2.2 Critical Update for Windows Media Player 11 (KB959772) Dealio Toolbar v4.0.2 DivX Setup Drumaxx DVD-RAM Driver FileZilla Client 3.3.4.1 FL Studio 9 Free FLV Converter V 6.93.0 FXCM Micro Trading Station II Google Update Helper Grand Theft Auto Vice City Hardcore Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB2158563) Hotfix for Windows XP (KB915800-v4) Hotfix for Windows XP (KB942288-v3) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954708) Hotfix for Windows XP (KB958655-v2) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) HP Customer Participation Program 9.0 HP Image Zone 4.7 HP Imaging Device Functions 9.0 HP OCR Software 9.0 HP Photosmart All-In-One Software 9.0 HP Photosmart Essential 2.01 HP PSC & OfficeJet 4.7 HP Software Update HP Solution Center 9.0 HP Update IL Download Manager InterVideo WinDVD for Toshiba Malwarebytes' Anti-Malware Media Player Classic Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2416447) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft .NET Framework 4 Extended Microsoft .NET Framework 4 Multi-Targeting Pack Microsoft Antimalware Microsoft ASP.NET MVC 2 Microsoft ASP.NET MVC 2 - VWD Express 2010 Tools Microsoft Automated Troubleshooting Services Shim Microsoft Base Smart Card Cryptographic Service Provider Package Microsoft Choice Guard Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Help Viewer 1.0 Microsoft Help Viewer 1.0 Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 Microsoft Office Excel MUI (English) 2007 Microsoft Office Home and Student 2007 Microsoft Office Home and Student 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Professional Edition 2003 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Security Essentials Microsoft Security Essentials Microsoft Silverlight Microsoft Silverlight 3 SDK Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft SQL Server 2008 Common Files Microsoft SQL Server 2008 Common Files Microsoft SQL Server 2008 Database Engine Services Microsoft SQL Server 2008 Database Engine Services Microsoft SQL Server 2008 Database Engine Shared Microsoft SQL Server 2008 Database Engine Shared Microsoft SQL Server 2008 R2 Management Objects Microsoft SQL Server 2008 RsFx Driver Microsoft SQL Server Compact 3.5 SP1 Design Tools English Microsoft SQL Server Compact 3.5 SP2 ENU Microsoft SQL Server Database Publishing Wizard 1.4 Microsoft SQL Server System CLR Types Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual Basic 2010 Express - ENU Microsoft Visual Basic 2010 Express - ENU Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319 Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools Microsoft Visual Web Developer 2010 Express - ENU Microsoft Visual Web Developer 2010 Express - ENU Microsoft Web Platform Installer 2.0 Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32 Mozilla Firefox (3.6.12) MSVCRT MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 and SOAP Toolkit 3.0 MSXML 6 Service Pack 2 (KB954459) Mysteryville Mysteryville (remove only) Notebook Maximizer PoiZone QuickTime RarZilla Free Unrar RealPlayer Realtek AC'97 Audio Realtek Fast Ethernet Adapter Driver Rhapsody Player Engine Rhapsody Player Engine Rootkit Unhooker LE 3.8 SR 2 Roxio Burn Engine RunAlyzer Sakura Sawer SBC Yahoo! DSL Home Networking Installer Security Update for 2007 Microsoft Office System (KB2288621) Security Update for 2007 Microsoft Office System (KB2289158) Security Update for 2007 Microsoft Office System (KB2344875) Security Update for 2007 Microsoft Office System (KB2345043) Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB976321) Security Update for CAPICOM (KB931906) Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Microsoft Office Excel 2007 (KB2345035) Security Update for Microsoft Office InfoPath 2007 (KB979441) Security Update for Microsoft Office PowerPoint 2007 (KB982158) Security Update for Microsoft Office PowerPoint Viewer (KB2413381) Security Update for Microsoft Office system 2007 (972581) Security Update for Microsoft Office system 2007 (KB974234) Security Update for Microsoft Office Visio Viewer 2007 (KB973709) Security Update for Microsoft Office Word 2007 (KB2344993) Security Update for Step By Step Interactive Training (KB898458) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Internet Explorer 8 (KB2183461) Security Update for Windows Internet Explorer 8 (KB2360131) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player 10 (KB911565) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 10 (KB936782) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows Search 4 - KB963093 Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2160329) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB938464-v2) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950759) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953838) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956390) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958215) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960714) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB963027) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969897) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977165) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981957) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Security Update for Windows XP (KB982802) Segoe UI Sonic DLA Sonic RecordNow! Spybot - Search & Destroy Sql Server Customer Experience Improvement Program Super Collapse 3 Super Collapse 3 (remove only) SUPERAntiSpyware Free Edition Symantec KB-DocID:2003093015493306 TBS WMP Plug-in TomTom HOME 2.7.5.2014 TomTom HOME Visual Studio Merge Modules TOSHIBA Access TOSHIBA ConfigFree TOSHIBA Console TOSHIBA Fax Extension TOSHIBA Hotkey Utility TOSHIBA PC Diagnostic Tool TOSHIBA Power Management Utility Toshiba Registration TOSHIBA Software Modem TOSHIBA Software Upgrades TOSHIBA Speech System Applications TOSHIBA Speech System SR Engine(U.S.) Version1.0 TOSHIBA Speech System TTS Engine(U.S.) Version1.0 Toshiba Tbiosdrv Driver Touch and Launch TouchPad On/Off Utility Toxic Biohazard Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft Office OneNote 2007 (KB980729) Update for Microsoft Windows (KB971513) Update for Windows Internet Explorer 8 (KB976662) Update for Windows Internet Explorer 8 (KB982664) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB961503) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) VC 9.0 Runtime VC80CRTRedist - 8.0.50727.4053 VIA Platform Device Manager Visual C++ 2008 x86 Runtime - (v9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU Web Deployment Tool Windows Defender Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray Windows Imaging Component Windows Internet Explorer 8 Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Essentials Windows Live Messenger Windows Live OneCare safety scanner Windows Live Photo Gallery Windows Live Sign-in Assistant Windows Live Sync Windows Media Format 11 runtime Windows Media Format 11 runtime Windows Media Format SDK Hotfix - KB891122 Windows Media Player 11 Windows Media Player 11 Windows PowerShell 1.0 Windows XP Service Pack 3 Yahoo! Install Manager Yahoo! Software Update
- November 28, 2010
- 35 replies
rootkit.tdss infection

heybabyzr0 replied to heybabyzr0's topic in Resolved Malware Removal Logs

This is the GoodRedFix log: GooredFix by jpshortstuff (03.07.10.1) Log created at 13:54 on 27/11/2010 (Just) Firefox version 3.6.12 (en-US) ========== GooredScan ========== ========== GooredLog ========== C:\Program Files\Mozilla Firefox\extensions\ {972ce4c6-7e08-4474-a285-3208198ce6fd} [04:11 06/06/2006] C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\ killjasmin@pierros14.com [07:03 20/09/2010] {20a82645-c095-46ed-80e3-08825760534b} [10:55 13/05/2010] {b9db16a4-6edc-47ec-a1f4-b86292ed211d} [14:32 15/10/2010] [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [04:03 05/12/2008] -=E.O.F=-
- November 27, 2010
- 35 replies

Events

Profiles

Forums

Everything posted by heybabyzr0

Important Information