raiden92
Honorary Members-
Posts
29 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by raiden92
-
I cant remove the Trojan Downloader
raiden92 replied to raiden92's topic in Resolved Malware Removal Logs
Alright once again, thank you for everything dude. Topic can be closed. -
I cant remove the Trojan Downloader
raiden92 replied to raiden92's topic in Resolved Malware Removal Logs
This is how Local Disk C looks like now, I know before their were less folders. Cant I just delete the files I dont need? http://img814.imageshack.us/img814/8427/localdiskc.png -
I cant remove the Trojan Downloader
raiden92 replied to raiden92's topic in Resolved Malware Removal Logs
Alright man thanks for everything. For some reason the hidden files are still their. should I restart my pc? -
I cant remove the Trojan Downloader
raiden92 replied to raiden92's topic in Resolved Malware Removal Logs
I need to ask you a question, a file was created called Qoobox , now Can i delete that file? -
I cant remove the Trojan Downloader
raiden92 replied to raiden92's topic in Resolved Malware Removal Logs
The result was clean http://www.virustotal.com/file-scan/report.html?id=88cf562d5f8c803a4ff8db28c355073c58be6c02ce950149584749d2d72cc6de-1298241411 -
I cant remove the Trojan Downloader
raiden92 replied to raiden92's topic in Resolved Malware Removal Logs
this is the latest results with combo-fix omboFix 11-02-25.02 - PCgENIUS 02/26/2011 17:04:07.3.2 - x86 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1791.827 [GMT -7:00] Running from: c:\users\PCgENIUS\Desktop\Combo-Fix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\drivers\nfptefw.sys . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_xwvav ((((((((((((((((((((((((( Files Created from 2011-01-27 to 2011-02-27 ))))))))))))))))))))))))))))))) . 2011-02-27 00:09 . 2011-02-27 00:11 -------- d-----w- c:\users\PCgENIUS\AppData\Local\temp 2011-02-27 00:09 . 2011-02-27 00:09 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-02-26 21:05 . 2011-02-26 21:05 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{652218DD-A0E3-443D-B9D6-66AC19AE2B2E} 2011-02-26 08:54 . 2011-02-26 08:54 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{ECD6CE6E-2973-4263-B050-082ADA674572} 2011-02-26 05:15 . 2011-02-01 21:35 101592 ----a-w- c:\windows\system32\drivers\aswFW.sys 2011-02-26 05:15 . 2011-02-01 21:33 191704 ----a-w- c:\windows\system32\drivers\aswNdis2.sys 2011-02-26 04:58 . 2011-02-26 22:27 -------- d-----w- c:\programdata\AVAST Software 2011-02-26 04:58 . 2011-02-26 04:58 -------- d-----w- c:\program files\AVAST Software 2011-02-25 20:35 . 2011-02-25 20:49 -------- d-----w- C:\Combo-Fix 2011-02-25 20:20 . 2011-02-25 20:20 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{C12C4FB7-4EAC-4A08-A317-5C5DAC43A409} 2011-02-25 08:19 . 2011-02-25 08:19 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{3950EFC9-678F-4A21-AB7E-2F9906DFBEED} 2011-02-24 19:44 . 2011-02-24 19:44 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{F77D1B40-3ED7-47A3-92D5-D499287DE620} 2011-02-24 09:21 . 2011-02-24 09:37 -------- d-----w- c:\users\PCgENIUS\AppData\Local\Temporary Projects 2011-02-23 22:11 . 2011-02-23 22:12 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{96734489-7E5E-4EA8-B944-3C5C122D00D1} 2011-02-23 07:05 . 2011-02-23 07:05 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{06CE72B3-A6E0-472F-A0DA-3185C994D02F} 2011-02-22 19:05 . 2011-02-22 19:05 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{70B08D51-4266-427E-9178-07E787C2809C} 2011-02-22 06:44 . 2011-02-22 06:44 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{B4EBE905-91D5-48DF-8691-A1E3159E22D4} 2011-02-21 22:51 . 2011-02-21 22:51 -------- d-----w- c:\users\PCgENIUS\AppData\Local\AirMouse 2011-02-21 22:51 . 2011-02-21 22:51 -------- d-----w- c:\program files\Air Mouse 2011-02-21 22:50 . 2011-02-21 22:50 -------- d-----w- c:\users\PCgENIUS\AppData\Local\Downloaded Installations 2011-02-21 21:36 . 2011-02-21 21:36 -------- d-----w- c:\users\PCgENIUS\AppData\Local\Ahead 2011-02-21 21:35 . 2011-02-21 22:49 -------- d-----w- c:\users\PCgENIUS\AppData\Roaming\Ahead 2011-02-21 21:35 . 2011-02-21 21:35 -------- d-----w- c:\programdata\Ahead 2011-02-21 21:33 . 2011-02-21 21:34 -------- d-----w- c:\program files\Common Files\Ahead 2011-02-21 21:33 . 2011-02-21 21:33 -------- d-----w- c:\program files\Nero 2011-02-21 18:43 . 2011-02-21 18:43 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{2B0292AF-FF8A-459B-ABC0-E71338E38152} 2011-02-21 01:23 . 2011-02-21 01:23 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{D506F557-3876-4240-AC33-92EA7EB4F583} 2011-02-20 08:46 . 2011-02-20 08:46 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{10632FB3-6F94-49EB-86F3-EE6E41159B03} 2011-02-19 20:46 . 2011-02-19 20:46 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{D8E1CB64-F93C-4729-9790-ED1633223B49} 2011-02-19 08:46 . 2011-02-19 08:46 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{E2349F14-65AD-4534-89A6-BA5361CA2B03} 2011-02-18 20:46 . 2011-02-18 20:46 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{FA6BC863-E2E4-4ED6-9B8E-7BD3A54E38F2} 2011-02-18 18:41 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CD628540-C77D-4041-AA87-A4080392EB78}\mpengine.dll 2011-02-18 08:06 . 2011-02-18 08:06 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{8DED1E8E-6FDD-49CE-BDDD-F692128538F9} 2011-02-17 19:55 . 2011-02-17 19:55 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{21274126-14B0-4179-ACCC-22F10A2C9725} 2011-02-17 07:45 . 2011-02-17 07:45 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{069AB47A-3135-49AC-B360-C3ED9F7D6539} 2011-02-17 06:40 . 2011-02-17 06:40 -------- d-----w- c:\users\PCgENIUS\AppData\Roaming\Microsoft Corporation 2011-02-17 05:48 . 2011-02-17 05:48 -------- d-----w- c:\program files\Microsoft SQL Server 2011-02-17 05:47 . 2011-02-17 05:49 205984 ----a-w- c:\programdata\Microsoft\VBExpress\10.0\1033\ResourceCache.dll 2011-02-17 05:45 . 2011-02-17 05:45 -------- d-----w- c:\program files\Microsoft SDKs 2011-02-17 05:45 . 2011-02-17 05:45 -------- d-----w- c:\program files\Microsoft Help Viewer 2011-02-17 05:45 . 2011-02-17 05:49 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0 2011-02-16 19:45 . 2011-02-16 19:45 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{36735583-AA80-4932-A2E3-66DB1336B638} 2011-02-16 05:36 . 2011-02-16 05:36 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{7DF41BE3-2296-4006-B383-331AD0B6D5B6} 2011-02-15 16:28 . 2011-02-15 16:28 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{E8BD0041-8CF5-47BC-BBD4-5ADB599C4650} 2011-02-14 22:48 . 2011-02-14 22:48 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{B8F9E147-FDBD-4DDE-BDC4-AE0841BBF87D} 2011-02-14 09:40 . 2011-02-14 09:40 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{E9144B00-998E-47D8-82E0-AFAF0C400F50} 2011-02-14 04:12 . 2011-02-14 04:14 -------- d-----w- c:\users\PCgENIUS\AppData\Local\Cyberlink 2011-02-14 04:11 . 2011-02-14 04:11 -------- d-----w- c:\program files\Common Files\CyberLink 2011-02-14 04:10 . 2011-02-14 04:21 29480 ------w- c:\windows\system32\msxml3a.dll 2011-02-13 19:24 . 2011-02-13 19:24 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{30E09C5C-1EB0-4BF1-B4CB-62C550E45D69} 2011-02-13 09:37 . 2011-02-13 09:37 -------- d-----w- c:\users\PCgENIUS\AppData\Roaming\Anthropics 2011-02-13 08:37 . 2011-02-13 08:37 181608 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10137.bin 2011-02-13 08:15 . 2011-02-13 08:15 -------- d-----w- c:\users\PCgENIUS\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 2011-02-13 07:24 . 2011-02-13 07:24 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{EE38BE9C-5EBC-4BB7-9EEB-00CE963A5530} 2011-02-13 02:44 . 2011-02-14 04:31 -------- d-----w- c:\users\Public\CyberLink 2011-02-13 02:43 . 2011-02-14 04:12 -------- d-----w- c:\users\PCgENIUS\AppData\Roaming\CyberLink 2011-02-13 02:43 . 2011-02-14 04:14 -------- d-----w- c:\programdata\CyberLink 2011-02-12 19:37 . 2011-02-12 19:37 -------- d-----w- c:\program files\BinarySense 2011-02-12 19:24 . 2011-02-12 19:24 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{3C3EF3D6-3D46-4CB1-BAC5-43743A921772} 2011-02-12 08:55 . 2011-02-12 08:55 -------- d-----w- c:\windows\Repair 2011-02-12 08:55 . 2011-02-12 08:55 -------- d-----w- c:\programdata\MyDefrag 2011-02-12 05:04 . 2011-02-12 05:04 -------- d-----w- c:\users\PCgENIUS\AppData\Roaming\BinarySense 2011-02-12 03:59 . 2011-02-12 04:00 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{D24E53F1-71B1-4EF9-879B-8FEE8FFBD9B9} 2011-02-11 10:04 . 2011-02-11 10:04 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{4C0C1514-BACE-4919-B462-D9BF3D24EFBE} 2011-02-10 22:04 . 2011-02-10 22:04 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{036D3918-7AB9-46DE-B6FE-CD42A37F46A0} 2011-02-10 10:04 . 2011-02-10 10:04 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{1A931670-E2CF-40B5-A329-D459EAB0BA52} 2011-02-10 09:21 . 2011-02-11 20:03 -------- d-----w- c:\users\PCgENIUS\AppData\Roaming\IDM 2011-02-10 09:21 . 2011-02-11 09:50 -------- d-----w- c:\users\PCgENIUS\AppData\Roaming\DMCache 2011-02-09 22:04 . 2011-02-09 22:04 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{BFB1F6D0-93A2-4AC6-970C-71334F628AA4} 2011-02-09 10:03 . 2011-02-09 10:03 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{04C77D58-4B54-4A5F-862C-AA9AB84D898E} 2011-02-09 08:01 . 2011-02-09 08:01 -------- d-----w- c:\programdata\Blumentals 2011-02-08 22:05 . 2010-05-22 20:24 14208 ------w- c:\windows\system32\drivers\disksec.sys 2011-02-08 22:05 . 2011-02-08 22:17 -------- d-----w- c:\users\PCgENIUS\AppData\Roaming\MAGIX 2011-02-08 22:04 . 2011-02-08 22:17 -------- d-----w- c:\programdata\MAGIX 2011-02-08 22:04 . 2011-02-08 22:04 -------- d-----w- c:\program files\MAGIX 2011-02-08 22:03 . 2011-02-08 22:03 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{35320901-4BB2-4398-9DEB-F7700B4B3BFF} 2011-02-08 10:03 . 2011-02-08 10:03 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{3F325C3A-8858-41DC-8317-2230F4D707B2} 2011-02-07 21:05 . 2011-02-07 21:05 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{1F916FA5-4CE2-4E0B-815C-1115F432366E} 2011-02-07 09:05 . 2011-02-07 09:05 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{EB00599A-29EB-40DF-826F-220523E87948} 2011-02-06 20:36 . 2011-02-06 20:36 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{05A32EEE-B845-482A-A9F8-B1D326193B9B} 2011-02-06 08:50 . 2011-02-06 08:50 -------- d-----w- c:\programdata\InstallShield 2011-02-06 08:50 . 2011-02-06 08:50 -------- d-----w- c:\users\PCgENIUS\AppData\Local\Programs 2011-02-06 08:47 . 2011-02-06 08:47 -------- d-----w- c:\windows\system32\URTTEMP 2011-02-06 08:36 . 2011-02-06 08:36 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{E399DC40-FCF9-4D5C-A08D-A56343853A20} 2011-02-06 01:48 . 2004-12-07 17:11 258352 ------w- c:\windows\system32\Unicows.dll 2011-02-06 01:48 . 2004-03-09 07:00 224016 ------w- c:\windows\system32\TABCTL32.OCX 2011-02-05 20:35 . 2011-02-05 20:35 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{EDCA7D0F-6437-42FE-8652-982636372813} 2011-02-05 08:08 . 2011-02-05 08:08 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{48D7D392-35D0-4327-B6BB-0781F572C2FA} 2011-02-04 20:18 . 2011-02-04 20:18 -------- d-----w- c:\users\PCgENIUS\AppData\Roaming\SystemRequirementsLab 2011-02-04 20:18 . 2011-02-04 20:18 -------- d-----w- c:\program files\Common Files\Java 2011-02-04 20:17 . 2011-02-04 20:17 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll 2011-02-04 20:17 . 2011-02-04 20:17 472808 ------w- c:\windows\system32\deployJava1.dll 2011-02-04 20:17 . 2011-02-04 20:17 -------- d-----w- c:\program files\Java 2011-02-04 20:08 . 2011-02-04 20:08 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{BF86A94D-4F25-4474-96A8-C605D5B0E347} 2011-02-03 23:03 . 2011-02-03 23:03 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{99679732-DA3D-48FC-A8EA-36E8C8BC13FE} 2011-02-03 09:43 . 2011-02-03 09:43 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{85C040C9-9F0B-488D-A217-C2023130078C} 2011-02-02 21:43 . 2011-02-02 21:43 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{82F6411A-DAA4-43BC-B951-DD1F4E61550B} 2011-02-02 09:15 . 2011-02-02 09:15 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{CC8C5C35-119E-4A60-9CE6-DC16D5D44D60} 2011-02-01 21:15 . 2011-02-01 21:15 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{0253F66B-96A7-4F6D-9F3A-E245FB54B8CD} 2011-02-01 09:15 . 2011-02-01 09:15 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{0B05B36C-9CEB-406A-A5EB-FD5FFCBF310C} 2011-02-01 07:19 . 2011-02-01 07:20 -------- d-----w- c:\users\PCgENIUS\AppData\Roaming\Apple Computer 2011-02-01 07:19 . 2011-02-01 07:19 -------- d-----w- c:\users\PCgENIUS\AppData\Local\Apple Computer 2011-02-01 07:19 . 2009-05-18 20:17 26600 ------w- c:\windows\system32\drivers\GEARAspiWDM.sys 2011-02-01 07:19 . 2008-04-17 19:12 107368 ------w- c:\windows\system32\GEARAspi.dll 2011-02-01 07:17 . 2011-02-01 07:17 -------- d-----w- c:\users\PCgENIUS\AppData\Local\Apple 2011-02-01 07:17 . 2011-02-01 07:17 -------- d-----w- c:\program files\Apple Software Update 2011-02-01 07:15 . 2011-02-01 07:18 -------- d-----w- c:\program files\Common Files\Apple 2011-02-01 07:15 . 2011-02-01 07:17 -------- d-----w- c:\programdata\Apple 2011-02-01 06:37 . 2011-02-01 07:09 -------- d-----w- c:\users\PCgENIUS\AppData\Roaming\DVD Catalyst 4 2011-01-31 22:44 . 2011-01-31 22:44 -------- d-----w- c:\users\PCgENIUS\AppData\Roaming\4Front 2011-01-31 22:42 . 2011-01-31 22:42 -------- d-----w- c:\programdata\4Front 2011-01-31 21:11 . 2011-01-31 21:11 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{0D497E54-91CB-4101-A6E9-FC2EC1F04F76} 2011-01-31 09:39 . 2011-01-31 09:39 -------- d-----w- c:\users\PCgENIUS\AppData\Roaming\Malwarebytes 2011-01-31 09:38 . 2010-12-21 01:09 38224 ------w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-01-31 09:38 . 2011-01-31 09:38 -------- d-----w- c:\programdata\Malwarebytes 2011-01-31 09:38 . 2011-02-01 03:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-01-31 09:38 . 2010-12-21 01:08 20952 ------w- c:\windows\system32\drivers\mbam.sys 2011-01-31 09:11 . 2011-01-31 09:11 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{B879E530-43F0-4A22-9BFE-0FA7C4FB60C4} 2011-01-31 01:47 . 2011-01-31 01:47 -------- d-----w- c:\users\PCgENIUS\AppData\Roaming\Adobe Mini Bridge CS5 2011-01-31 01:47 . 2011-01-31 01:47 -------- d-----w- c:\users\PCgENIUS\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 2011-01-31 00:40 . 2011-02-26 05:29 -------- d-----w- c:\programdata\regid.1986-12.com.adobe 2011-01-31 00:35 . 2011-01-31 00:35 -------- d-----w- c:\program files\Adobe Media Player 2011-01-31 00:34 . 2011-01-31 00:34 -------- d-----w- c:\program files\Common Files\Adobe AIR 2011-01-31 00:32 . 2011-02-16 21:33 -------- d-----w- c:\program files\Common Files\Adobe 2011-01-30 21:10 . 2011-01-30 21:11 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{90813790-0F2D-4EA2-A76C-48CA678CF293} . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-02-14 04:21 . 2003-03-19 03:14 505128 ------w- c:\windows\system32\msvcp71.dll 2011-02-14 04:21 . 2003-02-21 11:42 353576 ------w- c:\windows\system32\msvcr71.dll 2011-01-27 10:38 . 2011-01-27 10:38 47360 ----a-w- c:\users\PCgENIUS\AppData\Roaming\pcouffin.sys 2011-01-25 20:48 . 2011-01-25 20:48 218688 ------w- c:\windows\system32\drivers\dtsoftbus01.sys 2011-01-24 02:49 . 2011-01-24 02:49 23456 ------w- c:\windows\system32\drivers\DrvAgent32.sys 2011-01-19 00:43 . 2011-01-19 00:43 109328 ------w- c:\windows\system32\drivers\VBoxNetAdp.sys 2011-01-19 00:43 . 2011-01-18 20:55 42960 ------w- c:\windows\system32\drivers\VBoxUSBMon.sys 2011-01-19 00:43 . 2011-01-19 00:43 133648 ------w- c:\windows\system32\VBoxNetFltNotify.dll 2011-01-19 00:43 . 2011-01-19 00:43 120208 ------w- c:\windows\system32\drivers\VBoxNetFlt.sys 2011-01-19 00:43 . 2011-01-18 20:55 158736 ------w- c:\windows\system32\drivers\VBoxDrv.sys 2011-01-14 23:14 . 2009-07-13 23:40 409088 ------w- c:\windows\system32\systemcpl.dll 2011-01-14 23:02 . 2009-07-13 23:24 811520 ------w- c:\windows\system32\user32.dll 2010-12-30 18:59 . 2011-01-14 23:45 3351208 ------w- c:\windows\system32\drivers\RTKVHDA.sys 2010-12-29 21:30 . 2011-01-14 23:45 3794536 ------w- c:\windows\system32\RtkAPO.dll 2010-12-28 22:51 . 2011-01-14 23:45 608768 ------w- c:\windows\system32\RCoRes.dat 2010-12-22 18:28 . 2011-01-14 23:45 2106984 ------w- c:\windows\system32\RtkPgExt.dll 2010-12-15 01:51 . 2010-12-15 01:51 41984 ------w- c:\windows\system32\drivers\usbaapl.sys 2010-12-15 01:51 . 2010-12-15 01:51 4184352 ------w- c:\windows\system32\usbaaplrc.dll 2010-11-30 01:48 . 2011-01-14 23:45 1723536 ------w- c:\windows\system32\WavesGUILib.dll 2010-11-30 01:48 . 2011-01-14 23:45 1439064 ------w- c:\windows\system32\MaxxAudioRealtek.dll 2010-11-30 00:38 . 2010-11-30 00:38 94208 ------w- c:\windows\system32\QuickTimeVR.qtx 2010-11-30 00:38 . 2010-11-30 00:38 69632 ------w- c:\windows\system32\QuickTime.qts . ------- Sigcheck ------- [-] 2011-01-14 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll [7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2010-09-29 05:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "vmware-tray"="c:\program files\VMware\VMware Workstation\vmware-tray.exe" [2010-11-11 129648] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-11 61440] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-12-23 9972328] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-22 91520] "CPMonitor"="c:\program files\Roxio\CinePlayer\5.0\CPMonitor.exe" [2010-08-25 84464] "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992] "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-21 963976] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-21 443728] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664] c:\users\PCgENIUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ HDDlife.lnk - c:\program files\BinarySense\HDDlife 3\HDDlifePro.exe [N/A] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Air Mouse.lnk - c:\program files\Air Mouse\Air Mouse\Air Mouse.exe [2010-12-27 1044648] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-01-30 717296] R2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [x] R3 DrvAgent32;DrvAgent32;c:\windows\system32\Drivers\DrvAgent32.sys [2011-01-24 23456] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-22 30963576] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000] R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-01-19 109328] R3 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-14 1343400] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040] S0 aswNdis2;avast! Firewall Core Firewall Service; [x] S1 aswFW;avast! TDI Firewall driver; [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-01-25 218688] S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2011-01-19 158736] S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2011-01-19 42960] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-21 363344] S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-07 2228008] S2 vmci;VMware vmci;c:\windows\system32\Drivers\vmci.sys [2010-11-11 70768] S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-11-11 539248] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-12-21 20952] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-30 197224] S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2011-01-19 120208] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2010-09-23 316192] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . . ------- Supplementary Scan ------- . uStart Page = my.daemon-search.com IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105 LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL FF - ProfilePath - c:\users\PCgENIUS\AppData\Roaming\Mozilla\Firefox\Profiles\gxjvztv2.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/ FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Add N Edit Cookies+: {bb6bc1bb-f824-4702-90cd-35e2fb24f25d} - %profile%\extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d} . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai] "ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_dbc0250.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai] "ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_dbc0250.dll" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-3017894523-454932838-510679052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" [HKEY_USERS\S-1-5-21-3017894523-454932838-510679052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'Explorer.exe'(360) c:\program files\Common Files\Ahead\Lib\MediaLibraryNSE.dll c:\program files\Common Files\Ahead\Lib\MFC71U.DLL . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\AUDIODG.EXE c:\windows\system32\Ati2evxx.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\windows\system32\IoctlSvc.exe c:\windows\system32\vmnat.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\VMware\VMware Workstation\vmware-authd.exe c:\windows\system32\vmnetdhcp.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\system32\taskhost.exe c:\windows\system32\WUDFHost.exe c:\windows\system32\conhost.exe c:\windows\system32\DllHost.exe c:\program files\Windows Media Player\wmpnetwk.exe . ************************************************************************** . Completion time: 2011-02-26 17:14:42 - machine was rebooted ComboFix-quarantined-files.txt 2011-02-27 00:14 ComboFix2.txt 2011-02-26 03:36 ComboFix3.txt 2011-02-25 20:49 Pre-Run: 448,280,571,904 bytes free Post-Run: 447,577,853,952 bytes free - - End Of File - - 99B3AEFE25F1FA2C513D209746ADD21C -
I cant remove the Trojan Downloader
raiden92 replied to raiden92's topic in Resolved Malware Removal Logs
I am scanning once more , if their is no infected file I will try combo-fix again. -
I cant remove the Trojan Downloader
raiden92 replied to raiden92's topic in Resolved Malware Removal Logs
but the threat is gone, alright whatever you want I will run it. -
I cant remove the Trojan Downloader
raiden92 replied to raiden92's topic in Resolved Malware Removal Logs
I think the virus got removed, avast 5 detected it and said I need to reboot, so that's what I did and it was gone. Thanks for all the help and support man -
I cant remove the Trojan Downloader
raiden92 replied to raiden92's topic in Resolved Malware Removal Logs
hmm very strange, It came back :/ -
I cant remove the Trojan Downloader
raiden92 replied to raiden92's topic in Resolved Malware Removal Logs
ComboFix 11-02-24.05 - PCgENIUS 02/25/2011 13:37:55.1.2 - x86 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1791.766 [GMT -7:00] Running from: c:\users\PCgENIUS\Desktop\Combo-Fix.exe AV: avast! Internet Security *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308} FW: avast! Internet Security *Disabled* {FB460EB6-4C6D-E564-6BF5-EEEF2B44B473} SP: avast! Internet Security *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\users\PCgENIUS\AppData\Roaming\chrtmp c:\users\PCgENIUS\AppData\Roaming\inst.exe c:\users\PCgENIUS\AppData\Roaming\sharecash.exe . ((((((((((((((((((((((((( Files Created from 2011-01-25 to 2011-02-25 ))))))))))))))))))))))))))))))) . 2011-02-25 20:45 . 2011-02-25 20:46 -------- d-----w- c:\users\PCgENIUS\AppData\Local\temp 2011-02-25 20:45 . 2011-02-25 20:45 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-02-25 20:34 . 2011-02-25 20:35 -------- d-----w- C:\32788R22FWJFW 2011-02-25 20:20 . 2011-02-25 20:20 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{C12C4FB7-4EAC-4A08-A317-5C5DAC43A409} 2011-02-25 08:19 . 2011-02-25 08:19 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{3950EFC9-678F-4A21-AB7E-2F9906DFBEED} 2011-02-24 19:44 . 2011-02-24 19:44 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{F77D1B40-3ED7-47A3-92D5-D499287DE620} 2011-02-24 09:21 . 2011-02-24 09:37 -------- d-----w- c:\users\PCgENIUS\AppData\Local\Temporary Projects 2011-02-23 22:11 . 2011-02-23 22:12 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{96734489-7E5E-4EA8-B944-3C5C122D00D1} 2011-02-23 07:05 . 2011-02-23 07:05 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{06CE72B3-A6E0-472F-A0DA-3185C994D02F} 2011-02-22 19:05 . 2011-02-22 19:05 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{70B08D51-4266-427E-9178-07E787C2809C} 2011-02-22 06:44 . 2011-02-22 06:44 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{B4EBE905-91D5-48DF-8691-A1E3159E22D4} 2011-02-21 22:51 . 2011-02-21 22:51 -------- d-----w- c:\users\PCgENIUS\AppData\Local\AirMouse 2011-02-21 22:51 . 2011-02-21 22:51 -------- d-----w- c:\program files\Air Mouse 2011-02-21 22:50 . 2011-02-21 22:50 -------- d-----w- c:\users\PCgENIUS\AppData\Local\Downloaded Installations 2011-02-21 21:36 . 2011-02-21 21:36 -------- d-----w- c:\users\PCgENIUS\AppData\Local\Ahead 2011-02-21 21:35 . 2011-02-21 22:49 -------- d-----w- c:\users\PCgENIUS\AppData\Roaming\Ahead 2011-02-21 21:35 . 2011-02-21 21:35 -------- d-----w- c:\programdata\Ahead 2011-02-21 21:33 . 2011-02-21 21:34 -------- d-----w- c:\program files\Common Files\Ahead 2011-02-21 21:33 . 2011-02-21 21:33 -------- d-----w- c:\program files\Nero 2011-02-21 18:43 . 2011-02-21 18:43 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{2B0292AF-FF8A-459B-ABC0-E71338E38152} 2011-02-21 01:23 . 2011-02-21 01:23 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{D506F557-3876-4240-AC33-92EA7EB4F583} 2011-02-20 08:46 . 2011-02-20 08:46 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{10632FB3-6F94-49EB-86F3-EE6E41159B03} 2011-02-19 20:46 . 2011-02-19 20:46 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{D8E1CB64-F93C-4729-9790-ED1633223B49} 2011-02-19 08:46 . 2011-02-19 08:46 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{E2349F14-65AD-4534-89A6-BA5361CA2B03} 2011-02-18 20:46 . 2011-02-18 20:46 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{FA6BC863-E2E4-4ED6-9B8E-7BD3A54E38F2} 2011-02-18 18:41 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CD628540-C77D-4041-AA87-A4080392EB78}\mpengine.dll 2011-02-18 08:06 . 2011-02-18 08:06 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{8DED1E8E-6FDD-49CE-BDDD-F692128538F9} 2011-02-17 19:55 . 2011-02-17 19:55 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{21274126-14B0-4179-ACCC-22F10A2C9725} 2011-02-17 07:45 . 2011-02-17 07:45 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{069AB47A-3135-49AC-B360-C3ED9F7D6539} 2011-02-17 06:40 . 2011-02-17 06:40 -------- d-----w- c:\users\PCgENIUS\AppData\Roaming\Microsoft Corporation 2011-02-17 05:48 . 2011-02-17 05:48 -------- d-----w- c:\program files\Microsoft SQL Server 2011-02-17 05:47 . 2011-02-17 05:49 205984 ----a-w- c:\programdata\Microsoft\VBExpress\10.0\1033\ResourceCache.dll 2011-02-17 05:45 . 2011-02-17 05:45 -------- d-----w- c:\program files\Microsoft SDKs 2011-02-17 05:45 . 2011-02-17 05:45 -------- d-----w- c:\program files\Microsoft Help Viewer 2011-02-17 05:45 . 2011-02-17 05:49 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0 2011-02-16 19:45 . 2011-02-16 19:45 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{36735583-AA80-4932-A2E3-66DB1336B638} 2011-02-16 05:36 . 2011-02-16 05:36 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{7DF41BE3-2296-4006-B383-331AD0B6D5B6} 2011-02-15 16:28 . 2011-02-15 16:28 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{E8BD0041-8CF5-47BC-BBD4-5ADB599C4650} 2011-02-14 22:48 . 2011-02-14 22:48 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{B8F9E147-FDBD-4DDE-BDC4-AE0841BBF87D} 2011-02-14 09:40 . 2011-02-14 09:40 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{E9144B00-998E-47D8-82E0-AFAF0C400F50} 2011-02-14 04:12 . 2011-02-14 04:14 -------- d-----w- c:\users\PCgENIUS\AppData\Local\Cyberlink 2011-02-14 04:11 . 2011-02-14 04:11 -------- d-----w- c:\program files\Common Files\CyberLink 2011-02-14 04:10 . 2011-02-14 04:21 29480 ------w- c:\windows\system32\msxml3a.dll 2011-02-13 19:24 . 2011-02-13 19:24 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{30E09C5C-1EB0-4BF1-B4CB-62C550E45D69} 2011-02-13 09:37 . 2011-02-13 09:37 -------- d-----w- c:\users\PCgENIUS\AppData\Roaming\Anthropics 2011-02-13 08:37 . 2011-02-13 08:37 181608 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10137.bin 2011-02-13 08:15 . 2011-02-13 08:15 -------- d-----w- c:\users\PCgENIUS\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 2011-02-13 07:24 . 2011-02-13 07:24 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{EE38BE9C-5EBC-4BB7-9EEB-00CE963A5530} 2011-02-13 02:44 . 2011-02-14 04:31 -------- d-----w- c:\users\Public\CyberLink 2011-02-13 02:43 . 2011-02-14 04:12 -------- d-----w- c:\users\PCgENIUS\AppData\Roaming\CyberLink 2011-02-13 02:43 . 2011-02-14 04:14 -------- d-----w- c:\programdata\CyberLink 2011-02-12 20:54 . 2011-01-31 23:29 1536000 ----a-w- c:\users\PCgENIUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sharesach1.exe 2011-02-12 19:37 . 2011-02-12 19:37 -------- d-----w- c:\program files\BinarySense 2011-02-12 19:24 . 2011-02-12 19:24 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{3C3EF3D6-3D46-4CB1-BAC5-43743A921772} 2011-02-12 08:55 . 2011-02-12 08:55 -------- d-----w- c:\windows\Repair 2011-02-12 08:55 . 2011-02-12 08:55 -------- d-----w- c:\programdata\MyDefrag 2011-02-12 05:04 . 2011-02-12 05:04 -------- d-----w- c:\users\PCgENIUS\AppData\Roaming\BinarySense 2011-02-12 03:59 . 2011-02-12 04:00 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{D24E53F1-71B1-4EF9-879B-8FEE8FFBD9B9} 2011-02-11 10:04 . 2011-02-11 10:04 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{4C0C1514-BACE-4919-B462-D9BF3D24EFBE} 2011-02-10 22:04 . 2011-02-10 22:04 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{036D3918-7AB9-46DE-B6FE-CD42A37F46A0} 2011-02-10 10:04 . 2011-02-10 10:04 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{1A931670-E2CF-40B5-A329-D459EAB0BA52} 2011-02-10 09:21 . 2011-02-11 20:03 -------- d-----w- c:\users\PCgENIUS\AppData\Roaming\IDM 2011-02-10 09:21 . 2011-02-11 09:50 -------- d-----w- c:\users\PCgENIUS\AppData\Roaming\DMCache 2011-02-09 22:04 . 2011-02-09 22:04 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{BFB1F6D0-93A2-4AC6-970C-71334F628AA4} 2011-02-09 10:03 . 2011-02-09 10:03 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{04C77D58-4B54-4A5F-862C-AA9AB84D898E} 2011-02-09 08:01 . 2011-02-09 08:01 -------- d-----w- c:\programdata\Blumentals 2011-02-08 22:05 . 2010-05-22 20:24 14208 ------w- c:\windows\system32\drivers\disksec.sys 2011-02-08 22:05 . 2011-02-08 22:17 -------- d-----w- c:\users\PCgENIUS\AppData\Roaming\MAGIX 2011-02-08 22:04 . 2011-02-08 22:17 -------- d-----w- c:\programdata\MAGIX 2011-02-08 22:04 . 2011-02-08 22:04 -------- d-----w- c:\program files\MAGIX 2011-02-08 22:03 . 2011-02-08 22:03 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{35320901-4BB2-4398-9DEB-F7700B4B3BFF} 2011-02-08 10:03 . 2011-02-08 10:03 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{3F325C3A-8858-41DC-8317-2230F4D707B2} 2011-02-07 21:05 . 2011-02-07 21:05 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{1F916FA5-4CE2-4E0B-815C-1115F432366E} 2011-02-07 09:05 . 2011-02-07 09:05 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{EB00599A-29EB-40DF-826F-220523E87948} 2011-02-06 20:36 . 2011-02-06 20:36 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{05A32EEE-B845-482A-A9F8-B1D326193B9B} 2011-02-06 08:50 . 2011-02-06 08:50 -------- d-----w- c:\programdata\InstallShield 2011-02-06 08:50 . 2011-02-06 08:50 -------- d-----w- c:\users\PCgENIUS\AppData\Local\Programs 2011-02-06 08:47 . 2011-02-06 08:47 -------- d-----w- c:\windows\system32\URTTEMP 2011-02-06 08:36 . 2011-02-06 08:36 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{E399DC40-FCF9-4D5C-A08D-A56343853A20} 2011-02-06 01:48 . 2004-12-07 17:11 258352 ------w- c:\windows\system32\Unicows.dll 2011-02-06 01:48 . 2004-03-09 07:00 224016 ------w- c:\windows\system32\TABCTL32.OCX 2011-02-05 20:35 . 2011-02-05 20:35 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{EDCA7D0F-6437-42FE-8652-982636372813} 2011-02-05 08:08 . 2011-02-05 08:08 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{48D7D392-35D0-4327-B6BB-0781F572C2FA} 2011-02-04 20:18 . 2011-02-04 20:18 -------- d-----w- c:\users\PCgENIUS\AppData\Roaming\SystemRequirementsLab 2011-02-04 20:18 . 2011-02-04 20:18 -------- d-----w- c:\program files\Common Files\Java 2011-02-04 20:17 . 2011-02-04 20:17 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll 2011-02-04 20:17 . 2011-02-04 20:17 472808 ------w- c:\windows\system32\deployJava1.dll 2011-02-04 20:17 . 2011-02-04 20:17 -------- d-----w- c:\program files\Java 2011-02-04 20:08 . 2011-02-04 20:08 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{BF86A94D-4F25-4474-96A8-C605D5B0E347} 2011-02-03 23:03 . 2011-02-03 23:03 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{99679732-DA3D-48FC-A8EA-36E8C8BC13FE} 2011-02-03 09:43 . 2011-02-03 09:43 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{85C040C9-9F0B-488D-A217-C2023130078C} 2011-02-02 21:43 . 2011-02-02 21:43 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{82F6411A-DAA4-43BC-B951-DD1F4E61550B} 2011-02-02 09:15 . 2011-02-02 09:15 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{CC8C5C35-119E-4A60-9CE6-DC16D5D44D60} 2011-02-01 21:15 . 2011-02-01 21:15 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{0253F66B-96A7-4F6D-9F3A-E245FB54B8CD} 2011-02-01 09:15 . 2011-02-01 09:15 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{0B05B36C-9CEB-406A-A5EB-FD5FFCBF310C} 2011-02-01 07:19 . 2011-02-01 07:20 -------- d-----w- c:\users\PCgENIUS\AppData\Roaming\Apple Computer 2011-02-01 07:19 . 2011-02-01 07:19 -------- d-----w- c:\users\PCgENIUS\AppData\Local\Apple Computer 2011-02-01 07:19 . 2009-05-18 20:17 26600 ------w- c:\windows\system32\drivers\GEARAspiWDM.sys 2011-02-01 07:19 . 2008-04-17 19:12 107368 ------w- c:\windows\system32\GEARAspi.dll 2011-02-01 07:17 . 2011-02-01 07:17 -------- d-----w- c:\users\PCgENIUS\AppData\Local\Apple 2011-02-01 07:17 . 2011-02-01 07:17 -------- d-----w- c:\program files\Apple Software Update 2011-02-01 07:16 . 2011-02-01 07:16 -------- d-----w- c:\program files\Bonjour 2011-02-01 07:15 . 2011-02-01 07:18 -------- d-----w- c:\program files\Common Files\Apple 2011-02-01 07:15 . 2011-02-01 07:17 -------- d-----w- c:\programdata\Apple 2011-02-01 06:37 . 2011-02-01 07:09 -------- d-----w- c:\users\PCgENIUS\AppData\Roaming\DVD Catalyst 4 2011-01-31 22:44 . 2011-01-31 22:44 -------- d-----w- c:\users\PCgENIUS\AppData\Roaming\4Front 2011-01-31 22:42 . 2011-01-31 22:42 -------- d-----w- c:\programdata\4Front 2011-01-31 21:11 . 2011-01-31 21:11 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{0D497E54-91CB-4101-A6E9-FC2EC1F04F76} 2011-01-31 09:39 . 2011-01-31 09:39 -------- d-----w- c:\users\PCgENIUS\AppData\Roaming\Malwarebytes 2011-01-31 09:38 . 2010-12-21 01:09 38224 ------w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-01-31 09:38 . 2011-01-31 09:38 -------- d-----w- c:\programdata\Malwarebytes 2011-01-31 09:38 . 2011-02-01 03:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-01-31 09:38 . 2010-12-21 01:08 20952 ------w- c:\windows\system32\drivers\mbam.sys 2011-01-31 09:11 . 2011-01-31 09:11 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{B879E530-43F0-4A22-9BFE-0FA7C4FB60C4} 2011-01-31 01:47 . 2011-01-31 01:47 -------- d-----w- c:\users\PCgENIUS\AppData\Roaming\Adobe Mini Bridge CS5 2011-01-31 01:47 . 2011-01-31 01:47 -------- d-----w- c:\users\PCgENIUS\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 2011-01-31 00:40 . 2011-02-16 21:35 -------- d-----w- c:\programdata\regid.1986-12.com.adobe 2011-01-31 00:35 . 2011-01-31 00:35 -------- d-----w- c:\program files\Adobe Media Player 2011-01-31 00:34 . 2011-01-31 00:34 -------- d-----w- c:\program files\Common Files\Adobe AIR 2011-01-31 00:32 . 2011-02-16 21:33 -------- d-----w- c:\program files\Common Files\Adobe 2011-01-30 21:10 . 2011-01-30 21:11 -------- d-----w- c:\users\PCgENIUS\AppData\Local\{90813790-0F2D-4EA2-A76C-48CA678CF293} 2011-01-30 20:59 . 2011-02-16 21:35 -------- d-----w- c:\users\PCgENIUS\AppData\Local\Adobe 2011-01-30 10:29 . 2011-01-30 10:29 717296 ------w- c:\windows\system32\drivers\sptd.sys 2011-01-30 10:08 . 2011-01-30 10:08 81920 ------w- c:\windows\system32\v3shrtkgn.dll 2011-01-30 10:02 . 2011-01-30 10:02 -------- d-----w- c:\users\PCgENIUS\AppData\Roaming\URSoft . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-02-14 04:21 . 2003-03-19 03:14 505128 ------w- c:\windows\system32\msvcp71.dll 2011-02-14 04:21 . 2003-02-21 11:42 353576 ------w- c:\windows\system32\msvcr71.dll 2011-01-25 20:48 . 2011-01-25 20:48 218688 ------w- c:\windows\system32\drivers\dtsoftbus01.sys 2011-01-24 02:49 . 2011-01-24 02:49 23456 ------w- c:\windows\system32\drivers\DrvAgent32.sys 2011-01-19 00:43 . 2011-01-19 00:43 109328 ------w- c:\windows\system32\drivers\VBoxNetAdp.sys 2011-01-19 00:43 . 2011-01-18 20:55 42960 ------w- c:\windows\system32\drivers\VBoxUSBMon.sys 2011-01-19 00:43 . 2011-01-19 00:43 133648 ------w- c:\windows\system32\VBoxNetFltNotify.dll 2011-01-19 00:43 . 2011-01-19 00:43 120208 ------w- c:\windows\system32\drivers\VBoxNetFlt.sys 2011-01-19 00:43 . 2011-01-18 20:55 158736 ------w- c:\windows\system32\drivers\VBoxDrv.sys 2011-01-14 23:14 . 2009-07-13 23:40 409088 ------w- c:\windows\system32\systemcpl.dll 2011-01-14 23:02 . 2009-07-13 23:24 811520 ------w- c:\windows\system32\user32.dll 2011-01-13 08:47 . 2011-01-15 04:18 38848 ----a-w- c:\windows\avastSS.scr 2011-01-13 08:47 . 2011-01-15 04:18 188216 ------w- c:\windows\system32\aswBoot.exe 2011-01-13 08:42 . 2011-01-15 04:19 99792 ------w- c:\windows\system32\drivers\aswFW.sys 2011-01-13 08:41 . 2011-01-15 04:19 357968 ------w- c:\windows\system32\drivers\aswSnx.sys 2011-01-13 08:41 . 2011-01-15 04:19 294608 ------w- c:\windows\system32\drivers\aswSP.sys 2011-01-13 08:41 . 2011-01-15 04:19 189904 ------w- c:\windows\system32\drivers\aswNdis2.sys 2011-01-13 08:40 . 2011-01-15 04:19 47440 ------w- c:\windows\system32\drivers\aswTdi.sys 2011-01-13 08:37 . 2011-01-15 04:19 23632 ------w- c:\windows\system32\drivers\aswRdr.sys 2011-01-13 08:37 . 2011-01-15 04:19 51280 ------w- c:\windows\system32\drivers\aswMonFlt.sys 2011-01-13 08:37 . 2011-01-15 04:19 17744 ------w- c:\windows\system32\drivers\aswFsBlk.sys 2010-12-30 18:59 . 2011-01-14 23:45 3351208 ------w- c:\windows\system32\drivers\RTKVHDA.sys 2010-12-29 21:30 . 2011-01-14 23:45 3794536 ------w- c:\windows\system32\RtkAPO.dll 2010-12-28 22:51 . 2011-01-14 23:45 608768 ------w- c:\windows\system32\RCoRes.dat 2010-12-22 18:28 . 2011-01-14 23:45 2106984 ------w- c:\windows\system32\RtkPgExt.dll 2010-12-15 01:51 . 2010-12-15 01:51 41984 ------w- c:\windows\system32\drivers\usbaapl.sys 2010-12-15 01:51 . 2010-12-15 01:51 4184352 ------w- c:\windows\system32\usbaaplrc.dll 2010-11-30 01:48 . 2011-01-14 23:45 1723536 ------w- c:\windows\system32\WavesGUILib.dll 2010-11-30 01:48 . 2011-01-14 23:45 1439064 ------w- c:\windows\system32\MaxxAudioRealtek.dll 2010-11-30 00:38 . 2010-11-30 00:38 94208 ------w- c:\windows\system32\QuickTimeVR.qtx 2010-11-30 00:38 . 2010-11-30 00:38 69632 ------w- c:\windows\system32\QuickTime.qts . ------- Sigcheck ------- [-] 2011-01-14 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll [7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2010-09-29 05:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-01-13 08:47 120712 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624] "vmware-tray"="c:\program files\VMware\VMware Workstation\vmware-tray.exe" [2010-11-11 129648] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-11 61440] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-12-23 9972328] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-22 91520] "CPMonitor"="c:\program files\Roxio\CinePlayer\5.0\CPMonitor.exe" [2010-08-25 84464] "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992] "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-21 963976] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-21 443728] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664] c:\users\PCgENIUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ HDDlife.lnk - c:\program files\BinarySense\HDDlife 3\HDDlifePro.exe [N/A] sharesach1.exe [2011-1-31 1536000] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Air Mouse.lnk - c:\program files\Air Mouse\Air Mouse\Air Mouse.exe [2010-12-27 1044648] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-01-30 717296] R2 avast! Firewall;avast! Firewall;c:\program files\Alwil Software\Avast5\afwServ.exe [2011-01-13 119200] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [x] R3 DrvAgent32;DrvAgent32;c:\windows\system32\Drivers\DrvAgent32.sys [2011-01-24 23456] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-22 30963576] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000] R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-01-19 109328] R3 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-14 1343400] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040] S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2010-09-07 12112] S0 aswNdis2;avast! Firewall Core Firewall Service; [x] S1 aswFW;avast! TDI Firewall driver; [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-01-25 218688] S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2011-01-19 158736] S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2011-01-19 42960] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-21 363344] S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-07 2228008] S2 vmci;VMware vmci;c:\windows\system32\Drivers\vmci.sys [2010-11-11 70768] S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-11-11 539248] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-12-21 20952] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-30 197224] S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2011-01-19 120208] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2010-09-23 316192] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . . ------- Supplementary Scan ------- . uStart Page = my.daemon-search.com IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105 LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL FF - ProfilePath - c:\users\PCgENIUS\AppData\Roaming\Mozilla\Firefox\Profiles\gxjvztv2.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/ FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Add N Edit Cookies+: {bb6bc1bb-f824-4702-90cd-35e2fb24f25d} - %profile%\extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d} . - - - - ORPHANS REMOVED - - - - HKCU-Run-DriverFinder - c:\program files\DriverFinder\DriverFinder.exe HKCU-Run-AdobeBridge - (no file) AddRemove-Speccy - c:\program files\Speccy\uninst.exe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai] "ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_dbc0250.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai] "ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_dbc0250.dll" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-3017894523-454932838-510679052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" [HKEY_USERS\S-1-5-21-3017894523-454932838-510679052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2011-02-25 13:49:20 ComboFix-quarantined-files.txt 2011-02-25 20:49 Pre-Run: 440,512,184,320 bytes free Post-Run: 447,656,308,736 bytes free - - End Of File - - BD406A337F1308DD504E6AED6A2D716B (Thank you man, looks like the threat is gone , just going to restart my pc and see if it returns. -
I cant remove the Trojan Downloader
raiden92 replied to raiden92's topic in Resolved Malware Removal Logs
DDS (Ver_10-12-12.02) Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume2 Install Date: 1/14/2011 4:31:33 PM System Uptime: 2/24/2011 1:27:18 PM (0 hours ago) Motherboard: Acer | | F690GVM Processor: AMD Athlon 64 X2 Dual Core Processor 5000+ | Socket AM2 | 2600/199mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 456 GiB total, 410.651 GiB free. D: is CDROM () E: is CDROM () J: is Removable ==== Disabled Device Manager Items ============= Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: VMware Virtual Ethernet Adapter for VMnet1 Device ID: ROOT\VMWARE\0000 Manufacturer: VMware, Inc. Name: VMware Virtual Ethernet Adapter for VMnet1 PNP Device ID: ROOT\VMWARE\0000 Service: VMnetAdapter Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: VMware Virtual Ethernet Adapter for VMnet8 Device ID: ROOT\VMWARE\0001 Manufacturer: VMware, Inc. Name: VMware Virtual Ethernet Adapter for VMnet8 PNP Device ID: ROOT\VMWARE\0001 Service: VMnetAdapter Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: VirtualBox Host-Only Ethernet Adapter Device ID: ROOT\NET\0000 Manufacturer: Oracle Corporation Name: VirtualBox Host-Only Ethernet Adapter PNP Device ID: ROOT\NET\0000 Service: VBoxNetAdp Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318} Description: PS/2 Compatible Mouse Device ID: ACPI\PNP0F13\3&18D45AA6&0 Manufacturer: Microsoft Name: PS/2 Compatible Mouse PNP Device ID: ACPI\PNP0F13\3&18D45AA6&0 Service: i8042prt ==== System Restore Points =================== RP115: 2/15/2011 9:43:57 AM - Windows Update RP116: 2/18/2011 3:00:14 AM - Windows Update RP117: 2/18/2011 11:41:20 AM - Windows Update RP118: 2/21/2011 2:31:27 PM - Installed Nero 7. Available with Windows Installer version 1.2 and later. RP119: 2/21/2011 3:51:13 PM - Installed Mobile Mouse Server. ==== Installed Programs ====================== -
I cant remove the Trojan Downloader
raiden92 replied to raiden92's topic in Resolved Malware Removal Logs
sorry for some reason I couldn't attach the other one but I will try right now. -
I cant remove the Trojan Downloader
raiden92 replied to raiden92's topic in Resolved Malware Removal Logs
below are the files you wanted. DDS.txt -
I cant remove the Trojan Downloader
raiden92 replied to raiden92's topic in Resolved Malware Removal Logs
This is the only log that I See,their is no extra one unless I have to download the DDS.txt. Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 5871 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 2/24/2011 1:16:32 PM mbam-log-2011-02-24 (13-16-32).txt Scan type: Quick scan Objects scanned: 157407 Time elapsed: 5 minute(s), 32 second(s) Memory Processes Infected: 1 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: c:\Users\PCgENIUS\AppData\Roaming\sharecash.exe (Trojan.Downloader) -> 3468 -> Unloaded process successfully. Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\Users\PCgENIUS\AppData\Roaming\sharecash.exe (Trojan.Downloader) -> Quarantined and deleted successfully. -
Alright guys so I got infected with a file called Trojan Downloader.I tried to remove it with Malwarebytes.It told me to restart and thats what I did. So when I restarted and logged back on the file was still their even though I removed it.Pictures maybe helpful so here, take a look.If you guys have an idea how to get rid of this I will be thankful. I dont want to reformat my computer for some stupid threat. http://img196.imageshack.us/img196/8192/threatk.png I removed it and right after I restarted my computer it returned.
-
I Have a feeling this is a threat infecting my computer. Even though Malwarebytes isn't detecting it I still think I have a threat. I try to access this website it redirects me to another browser . One browser it redirected me to was an antivirus, said something like scan your files now. Yeah right. Anyways some explanation will be great.
-
Trying to remove Trojan.FakeAlert & Hijack Zones
raiden92 replied to raiden92's topic in Resolved Malware Removal Logs
Nope It's all clean. Thanks again.Topic can be closed. -
Trying to remove Trojan.FakeAlert & Hijack Zones
raiden92 replied to raiden92's topic in Resolved Malware Removal Logs
So Malwarebytes just finished scanning and the results turned out differently . At least the other threats are gone. Am gonna get rid of these ones and restart my pc and start scanning again. http://img29.imageshack.us/img29/971/91113305.png -
Trying to remove Trojan.FakeAlert & Hijack Zones
raiden92 replied to raiden92's topic in Resolved Malware Removal Logs
3 infected files so far, hopefully their not the same ones. -
Trying to remove Trojan.FakeAlert & Hijack Zones
raiden92 replied to raiden92's topic in Resolved Malware Removal Logs
Well I did a quick Scan this time and nothing was detected, am gonna go do a full scan right now. Thank you for your help. -
Trying to remove Trojan.FakeAlert & Hijack Zones
raiden92 replied to raiden92's topic in Resolved Malware Removal Logs
Ok, so I download ATF Cleaner & TDSSKiller. I did exactly what you said now am scanning my computer with Malwarebytes to see if the files are still their. I will let you know what happens.