Jump to content

Search the Community

Showing results for tags 'ransom'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Nebula
    • Malwarebytes Nebula Modules
    • Malwarebytes Endpoint Security
    • Other Malwarebytes Business Products
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 16 results

  1. Can anyone tell me what are challenges of Ransomware? Please help me i need challenges of ransomware
  2. After Using this Script https://github.com/DrEmpiricism/Optimize-Offline My Hard Drives All Media file Become DOCM File.Also There is Note as "Restore my file". I am installing Malwarebytes for remove that Virus.I am Still Dont know is there any way to recover those file's There been a lot of memory Images Encryped too. Can help!!! Thanks in Advance Restore-My-Files.txt
  3. Witajcie, prowadzimy firmę pomagającą w przypadkach zaszyfrowania komputera. Dwa dnia temu (04.04.2019), zgłosiła się do nas mała firma w której włamano się najpierw na pierwszy komputer, a następnie z niego dokonano ataku na drugi komputer. Ponieważ kopia danych na serwerze NAS została także zaszyfrowana poradziliśmy aby samodzielnie zdecydowali o tym czy zapłacą okup. Przesłaliśmy pytanie do infinity@firemail.cc z dwoma różnymi ID komputerów jaka będzie wartość okupu i otrzymaliśmy odpowiedź, że wartość okupu to 0.5 bitcoina (2000EUR) Po dokonaniu opłaty przesłano nam kody do odszyfrowania jednego komputera i zażądano dopłaty za kolejny. Przestrzegam Wam przed płaceniem tym ludziom okupu ponieważ jak poczują, że macie pieniądze to będą chcieli więcej, jest także wysoce prawdopodobne, że nie otrzymacie od nich kodów deszyfrujących wcale.
  4. Hello all! I am using Bandizip for some years without any problems. Updated now to the current v 6.07. Using Malwarebytes v. 3.06 (Premium) as well. Suddenly (now 2 times) Malwarebytes considers it as Malware.Ransom.Agent.Generic and quaranteed it immediately. have approached Bandisoft developer and confirmed that there is no malware! must be a f/p. and here follows the log file:----> Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 5/17/17 Protection Event Time: 3:09 AM Logfile: Administrator: Yes -Software Information- Version: 3.0.6.1469 Components Version: 1.0.103 Update Package Version: 1.0.1956 License: Premium -System Information- OS: Windows 8.1 CPU: x64 File System: NTFS User: System -Ransomware Details- File: 1 Malware.Ransom.Agent.Generic, C:\Program Files\Bandizip\Bandizip.exe, Quarantined, [0], [-1],0.0.0 (end) could you check it. thanks
  5. I have been hit with multiple viruses in the last week. Malwarebytes has stopped it for the most part, but still some damage. Would love some help to get rid of what is there. I have back-ups for the encrypted data so should be fine that way, just want this virus gone. I have attached the frst and addition files here. FRST.txt Addition.txt
  6. I run Malwarebytes premium and windows defender together. I have been hit with Ransomware and other viruses that are usually blocked before they destroy everything, but still makes it a huge PITA. These are hitting a computer that is never on the internet, except its used to remote into via remote desktop. I got frustrated and completely replace the computer and it's still happening (moved data over). Despite not being on the internet, Malwarebytes is constantly blocking websites according to the log. Just looking for help in where I can look and what I can do to prevent this! Any help would be great. Thanks!
  7. Wondering if this Ransom.Cerber result is a false positive, like some of the other recent ones. The detected file is xutil.dll, which has a creation and modified date of 1/2/2003. This DLL is part of the Solid Edge V14 3D CAD program, and the dll itself is listed as being from Spatial Corp. Thanks. Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 6/27/16 Scan Time: 12:56 PM Logfile: Administrator: Yes Version: 2.2.1.1043 Malware Database: v2016.06.27.05 Rootkit Database: v2016.05.27.01 License: Premium Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: ----- Scan Type: Threat Scan Result: Completed Objects Scanned: 300177 Time Elapsed: 5 min, 6 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 1 Ransom.Cerber, C:\Program Files (x86)\Solid Edge V14\Program\xutil.dll, , [05ec48b91a80c5719ee6717a4db4fd03], Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 1 Ransom.Cerber, C:\Program Files (x86)\Solid Edge V14\Program\xutil.dll, , [05ec48b91a80c5719ee6717a4db4fd03], Physical Sectors: 0 (No malicious items detected) (end)
  8. Hi MWB, I work for ANZ Bank in Australia, and our customers have started reporting MWB says our Trading Platform E*TRADE Pro has Ransom.Filelocker Our website is etrade.com.au or invest.etrade.com.au, and the active trader software MSI is downloadable from here: https://invest.etrade.com.au/pro/msi/proclient6.3.61.msi Please scan for the false detection and update in your next cycle. I have attached a pic of my scan result. Thank you. David R Techinical Support E*TRADE Australia
  9. I put new game cd in and bang. The message ( which I can't get rid of) does not look like images I've seen (attached CL Message) The fox (?) site with the portal key does not recognise the files I attached. Also attached here 2 more files. My ESET antivirus said it cleaned it. Online ESET also. Malwarebytes also. Task Manager no longer shows processes. Attached file called Crypto.rar Crypto.rar
  10. So I was using internet explorer 11 when I had a malware whatever pop up and say I had 72 hrs to send them 300 to a bit coin account. I immediately ran Malwarebytes. So my comp froze so I had to restart. Did that in safe mode. Rand malware again it found the things and deleted them then restarted. I then ran it again. Got to this page https://forums.malwarebytes.org/index.php?/topic/164032-cryptowall-30-removal/ Did what it said for me to do. So far can't find anything now its coming up clean. So my question is am I in the clear now? Or do I need to do something else or what. Never incountered anything like this before. Any advise would be helpful thanks. PS. Am running Avira and Malwarebytes. Also have run Amigo360 and cleaned out things with that. Also deleted IE 11.
  11. Hello, I'm running Windows 64 bit and have recently gotten what looks to be a bad version of the ICE Ransomware virus. I am unable to login to my account normally due to the ransom screen popping up immediately and going to the BSOD after several moments. None of the safe-mode options work. Even safe-mode with command prompt which is what I usually do in this kind of situation. I've always been able to use the rstrui.exe to solve this type of issue but not this time. When I enter my password and try to login in safe-mode it says "shutting down" and then "restarting" which it proceeds to do. When I put in my Windows installation disc and boot from it I know it's supposed to go to a screen where you can either repair, format and reinstall or restore previous state. When I boot from CD/DVD it just goes to a BIOS screen where it says at the top "Windows failed to load" or something like that. It then lists the same options that I have already tried. -Safe-mode -Safe-mode with networking -Safe mode with command prompt I've also tried Hitman.Pro Kickstart and got the message MBR Failed to load. The only thing that worked with Kickstart was the boot normally option which ended up getting the ransomware screen again. The only thing I haven't tried yet is Kaspersky 10 Repair disc which I will try tonight, but I'm not holding my breath. Every forum I've seen on this issue seems to say if safe-mode doesnt work use your installation disc, repair disc or Kickstart. Otherwise if you don't have a disc or it's not working to use safe-mode with command promt. But nowhere could I find a forum about what to do if neither of these things are working. If anyone could help me with this I would be extremely grateful. I am fully prepared to format and reinstall but i'm not even able to do THAT at his point. I haven't tried putting the drive in a different computer and trying to format but I don't see how that would really make a difference. Can a virus spread beyond the hard drive? I may just buy a new hard drive but i'm still holding out some hope that this can be fixed somehow. Iv'e never had a virus this bad before to where none of the common methods are not wotking. Thank you for you help!
  12. I have got a computer that has been infected with ransomware. I have even tried to book to safe mode but as soon as I boot to safe it auto restarts! I have downloaded FRST64.exe as recommended from previous posts on here but now I need help in how to remove the virus, I can post the 2 logs here...
  13. I seem to have a particularly difficult version of the Moneypak trojan that locks up the PC with a white overlay screen claiming to be from the FBI or DOJ and demanding payment to unlock the computer. I am also unable to run Windows in Safe mode. I get a brief blue screen of death, followed by a reboot, followed by the ransom screen again. Logging into Windows as a different user delays the ransom screen by a few minutes, but it quickly returns. I have tried USB boots and scans using Windows Defender and Anvisoft. Both identified and deleted various malware, but the ransom lockup screen still returns upon normal boot. The infected machine is a desktop PC running Windows XP SP3. This data is being sent from a separate "clean" notebook. I downloaded OTLPE and burned a boot CD. Results are below. Any help or advice would be much appreciated. OTL logfile created on: 4/28/2013 8:48:13 PM - Run OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free 3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free Paging file location(s): J:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 931.50 Gb Total Space | 869.77 Gb Free Space | 93.37% Space Free | Partition Type: NTFS Drive D: | 931.51 Gb Total Space | 726.01 Gb Free Space | 77.94% Space Free | Partition Type: NTFS Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet002 ========== Win32 Services (SafeList) ========== SRV - File not found [Auto] -- -- (LiveUpdate Notice Ex) SRV - [2012/09/20 14:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2012/08/23 12:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4) SRV - [2012/07/13 14:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/06/15 22:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Norton 360\Engine\6.4.1.14\ccSvcHst.exe -- (N360) SRV - [2012/05/24 22:29:20 | 002,152,720 | ---- | M] (Lavasoft Limited) [Auto] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2011/05/25 15:14:34 | 000,053,248 | ---- | M] (NOS Microsystems Ltd.) [On_Demand] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus® SRV - [2011/05/21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService) SRV - [2010/07/28 14:39:22 | 001,156,440 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service) SRV - [2009/03/03 14:53:08 | 000,033,176 | ---- | M] (NOS Microsystems Ltd.) [On_Demand] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper) getPlus® SRV - [2008/12/12 19:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) [Auto] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice) SRV - [2008/12/11 15:14:26 | 004,318,560 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe -- (Norton Ghost) SRV - [2008/11/13 15:43:49 | 000,204,800 | ---- | M] () [Auto] -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater) SRV - [2008/08/07 17:31:32 | 001,558,000 | ---- | M] (Symantec) [On_Demand] -- C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe -- (SymSnapService) SRV - [2008/05/07 14:14:36 | 000,212,992 | ---- | M] (IDT, Inc.) [Auto] -- C:\Program Files\IDT\IntelXPV_v83\WDM\stacsv.exe -- (STacSV) SRV - [2008/01/29 18:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service) SRV - [2007/09/12 19:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate) SRV - [2007/09/12 19:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler) SRV - [2006/03/09 16:30:34 | 000,630,905 | ---- | M] (Diskeeper® Corporation) [Auto] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper) SRV - [2004/03/18 16:55:48 | 000,065,536 | ---- | M] (HP) [On_Demand] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12) SRV - [2004/03/01 03:40:52 | 000,077,824 | R--- | M] (Hewlett-Packard Company) [On_Demand] -- C:\WINDOWS\system32\hpbpro.exe -- (HP Port Resolver) SRV - [2004/03/01 03:40:52 | 000,073,728 | R--- | M] (Hewlett-Packard Company) [On_Demand] -- C:\WINDOWS\system32\hpboid.exe -- (HP Status Server) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand] -- -- (WDICA) DRV - File not found [Kernel | On_Demand] -- -- (swmsflt) DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP) DRV - File not found [Kernel | On_Demand] -- -- (PCTINDIS5) DRV - File not found [Kernel | System] -- -- (PCIDump) DRV - File not found [Kernel | System] -- -- (NCPro) DRV - File not found [Kernel | On_Demand] -- -- (MagicTune) DRV - File not found [Kernel | System] -- -- (lbrtfdc) DRV - File not found [Kernel | System] -- -- (i2omgmt) DRV - File not found [Kernel | System] -- -- (Changer) DRV - [2013/04/23 04:42:57 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2013/04/12 19:53:06 | 001,000,024 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20130412.001\BHDrvx86.sys -- (BHDrvx86) DRV - [2013/03/04 02:47:00 | 001,603,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20130421.007\NAVEX15.SYS -- (NAVEX15) DRV - [2013/03/04 02:47:00 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2013/03/04 02:47:00 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2013/03/04 02:47:00 | 000,093,296 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20130421.007\NAVENG.SYS -- (NAVENG) DRV - [2013/03/01 19:27:26 | 000,373,728 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20130419.001\IDSXpx86.sys -- (IDSxpx86) DRV - [2012/07/05 22:17:57 | 000,574,112 | ---- | M] (Symantec Corporation) [File_System | On_Demand] -- C:\WINDOWS\System32\Drivers\N360\0604010.00E\SRTSP.SYS -- (SRTSP) DRV - [2012/07/05 22:17:57 | 000,032,928 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL) DRV - [2012/06/07 00:43:43 | 000,132,768 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\ccSetx86.sys -- (ccSet_N360) DRV - [2012/05/21 21:37:12 | 000,924,320 | ---- | M] (Symantec Corporation) [File_System | Boot] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\symefa.sys -- (SymEFA) DRV - [2012/04/20 18:20:10 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2011/11/16 23:38:00 | 000,388,216 | R--- | M] (Symantec Corporation) [Kernel | System] -- C:\WINDOWS\System32\Drivers\N360\0604010.00E\SYMTDI.SYS -- (SYMTDI) DRV - [2011/11/16 23:17:48 | 000,149,624 | R--- | M] (Symantec Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\Ironx86.SYS -- (SymIRON) DRV - [2011/11/03 13:06:56 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot] -- C:\WINDOWS\system32\drivers\Lbd.sys -- (Lbd) DRV - [2011/11/03 13:06:56 | 000,015,232 | ---- | M] () [Kernel | On_Demand] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer) DRV - [2011/08/16 02:51:40 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\symds.sys -- (SymDS) DRV - [2010/09/07 14:26:52 | 000,028,160 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\PcaSp50.sys -- (PcaSp50) DRV - [2009/08/23 21:00:00 | 000,274,624 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\V0610Vid.sys -- (V0610Vid) DRV - [2009/08/21 11:33:14 | 000,143,936 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CtClsFlt.sys -- (CtClsFlt) DRV - [2009/03/24 05:53:50 | 000,160,256 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\V0610Afx.sys -- (V0610Afx) DRV - [2008/12/12 19:05:20 | 000,025,264 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis) DRV - [2008/12/12 19:05:18 | 000,023,984 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp) DRV - [2008/08/13 17:07:20 | 000,038,112 | ---- | M] (Symantec Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\v2imount.sys -- (v2imount) DRV - [2008/08/07 17:31:38 | 000,138,080 | ---- | M] (StorageCraft) [File_System | Boot] -- C:\WINDOWS\system32\drivers\symsnap.sys -- (symsnap) DRV - [2008/05/07 14:16:22 | 001,271,032 | ---- | M] (IDT, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) DRV - [2008/04/14 08:00:00 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbintel.sys -- (DCamUSBIntel) DRV - [2008/01/19 20:12:42 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\WimFltr.sys -- (WimFltr) DRV - [2008/01/19 19:40:16 | 000,015,088 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\vproeventmonitor.sys -- (VProEventMonitor) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Bob_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKU\Bob_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\Bob_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKU\Bob_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Bob_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local> IE - HKU\Kristen_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/ IE - HKU\Kristen_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKU\Kristen_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E8 8E 6F 57 11 43 CB 01 [binary data] IE - HKU\Kristen_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Michael_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Michelle_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\Michelle_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/ IE - HKU\Michelle_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKU\Michelle_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 29 D7 40 91 BF 2B CC 01 [binary data] IE - HKU\Michelle_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\UpdatusUser_ON_C\..\URLSearchHook: Disable Script Debug - Reg Error: Key error. File not found IE - HKU\UpdatusUser_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@ei.MapsGalaxy_39.com/Plugin: C:\Program Files\MapsGalaxy_39EI\Installr\1.bin\NP39EISb.dll (MapsGalaxy) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: J:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\IPSFFPlgn\ [2012/04/20 18:23:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: J:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\coFFPlgn\ [2013/04/23 22:23:25 | 000,000,000 | ---D | M] O1 HOSTS File: ([2011/02/06 19:05:01 | 000,429,788 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: O1 - Hosts: 192.168.1.2 HP000E7FD4E88F O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 14797 more lines... O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\6.4.1.14\coieplg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\6.4.1.14\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\6.4.1.14\coieplg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\Bob_ON_C\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\6.4.1.14\coieplg.dll (Symantec Corporation) O3 - HKU\Kristen_ON_C\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\6.4.1.14\coieplg.dll (Symantec Corporation) O3 - HKU\Michael_ON_C\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\6.4.1.14\coieplg.dll (Symantec Corporation) O3 - HKU\Michelle_ON_C\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\6.4.1.14\coieplg.dll (Symantec Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [bCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper® Corporation) O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe (HP) O4 - HKLM..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe (Hewlett-Packard) O4 - HKLM..\Run: [isrml] C:\Documents and Settings\Bob\Application Data\isrml.dll (Axacalto) O4 - HKLM..\Run: [Live! Central 2] C:\Program Files\Creative\Creative Live! Cam\Live! Central 2\CTLVCentral2.exe (Creative Technology Ltd) O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.) O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.) O4 - HKLM..\Run: [Norton Ghost 14.0] C:\Program Files\Norton Ghost\Agent\VProTray.exe (Symantec Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe () O4 - HKLM..\Run: [rkbcob] C:\Documents and Settings\Bob\Application Data\rkbcob.dll (Interactive, Inc.) O4 - HKLM..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard) O4 - HKLM..\Run: [soundDrivers] C:\Documents and Settings\All Users\Application Data\f34rfcdsfwe.exe (Hilgraeve, Inc.) O4 - HKLM..\Run: [symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation) O4 - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.) O4 - HKLM..\Run: [V0610Mon.exe] C:\WINDOWS\V0610Mon.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [zzzHPSETUP] File not found O4 - HKU\Bob_ON_C..\Run: [Akamai NetSession Interface] C:\Documents and Settings\Bob\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKU\Bob_ON_C..\Run: [gStart] C:\Garmin\gStart.exe (GARMIN Corp.) O4 - HKU\Bob_ON_C..\Run: [NortonUtilities] C:\Program Files\Norton Utilities 14\nu.exe (Symantec Corporation) O4 - HKU\Bob_ON_C..\Run: [sansaDispatch] C:\Documents and Settings\Bob\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe (Hewlett-Packard Co.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NCProTray.lnk = C:\Program Files\SEC\Natural Color Pro\NCProTray.exe (Samsung) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\ present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = [binary data] O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = [binary data] O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskBar = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = [binary data] O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = [binary data] O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogOff = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MaxRecentDocs = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MaxRecentDocs = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MaxRecentDocs = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = [binary data] O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWinKey = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = -1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = -1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanle = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\P present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: 몭몭몭몭몭 = Reg Error: Value error. File not found O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: 몭몭몭몭몭 = Reg Error: Value error. File not found O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: 몭몭몭몭몭 = Reg Error: Value error. File not found O7 - HKU\Bob_ON_C\Software\Policies\Microsoft\Internet Explorer\ present O7 - HKU\Bob_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\Kristen_ON_C\Software\Policies\Microsoft\Internet Explorer\\ present O7 - HKU\Kristen_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\\ present O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\Michael_ON_C\Software\Policies\Microsoft\Internet Explorer\H present O7 - HKU\Michael_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\Michelle_ON_C\Software\Policies\Microsoft\Internet Explorer\\ present O7 - HKU\Michelle_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\\ present O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\H present O7 - HKU\UpdatusUser_ON_C\Software\Policies\Microsoft\Internet Explorer\H present O7 - HKU\UpdatusUser_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1362367763146 (MUWebControl Class) O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} http://212.42.54.136...activex/AMC.cab (AxisMediaControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnime...veX_Control.cab (Photo Upload Plugin Class) O16 - DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} http://www.ritzpix.c...PUploader57.cab (Image Uploader Control) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://77.105.97.97:...activex/AMC.cab (AxisMediaControlEmb Class) O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} http://www.cvsphoto....veX_Control.cab (Photo Upload Plugin Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company) O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKU\Bob_ON_C Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKU\Bob_ON_C Winlogon: Shell - (J:\Documents and Settings\Bob\Application Data\skype.dat) - File not found O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{1bb1cc14-2f45-11e0-92bb-001cc0a0be8b}\Shell\AutoRun\command - "" = O:\InstallSeagateManager.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe () O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2013/04/23 22:02:50 | 000,000,000 | ---D | C] -- C:\$Anvi Rescue Disk$ [2013/04/23 20:59:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kristen\My Documents\My Albums [2013/04/23 15:54:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft Antimalware [2013/04/23 04:47:53 | 000,000,000 | R--D | C] -- C:\Documents and Settings\NetworkService\Favorites [2013/04/23 04:46:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Application Data\Sun [2013/04/23 04:42:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Application Data\Malwarebytes [2013/04/23 04:42:16 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Michael\PrivacIE [2013/04/23 04:42:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Local Settings\Application Data\Google [2013/04/23 04:42:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Application Data\Google [2013/04/23 04:41:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Local Settings\Application Data\IsolatedStorage [2013/04/23 04:41:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Local Settings\Application Data\HP [2013/04/23 04:41:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Local Settings\Application Data\ApplicationHistory [2013/04/23 04:41:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Application Data\Apple Computer [2013/04/23 04:41:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Application Data\Share-to-Web Upload Folder [2013/04/23 04:40:47 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Michael\IETldCache [2013/04/23 04:40:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Application Data\Identities [2013/04/23 04:39:50 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Michael\My Documents\My Pictures [2013/04/23 04:39:50 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Michael\My Documents\My Music [2013/04/23 04:39:33 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Michael\Application Data\Microsoft [2013/04/23 04:39:33 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Michael\Application Data [2013/04/23 04:39:33 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Michael\Favorites [2013/04/23 04:39:33 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Michael\Cookies [2013/04/23 04:39:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Application Data\Macromedia [2013/04/23 04:39:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Desktop [2013/04/23 04:39:32 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Michael\SendTo [2013/04/23 04:39:32 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Michael\Recent [2013/04/23 04:39:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Michael\Start Menu\Programs\Startup [2013/04/23 04:39:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Michael\Start Menu [2013/04/23 04:39:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Michael\My Documents [2013/04/23 04:39:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Michael\Start Menu\Programs\Accessories [2013/04/23 04:39:32 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Michael\Templates [2013/04/23 04:39:32 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Michael\PrintHood [2013/04/23 04:39:32 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Michael\NetHood [2013/04/23 04:39:32 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Michael\Local Settings [2013/04/23 04:39:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Local Settings\Application Data\Microsoft Help [2013/04/23 04:39:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Local Settings\Application Data\Microsoft [2013/04/23 03:57:37 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2013/04/23 03:57:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\Application Data\Malwarebytes [2013/04/23 03:57:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/04/23 03:56:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2013/04/23 03:56:54 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2013/04/23 03:56:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013/04/23 03:56:18 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Michelle\Desktop\mbam-setup-1.75.0.1300.exe [2013/04/23 03:40:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia [2013/04/23 03:40:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe [2013/04/23 03:39:14 | 000,093,696 | ---- | C] (Hilgraeve, Inc.) -- C:\Documents and Settings\All Users\Application Data\f34rfcdsfwe.exe [2013/04/23 03:36:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\2C533BF2BA1AC45700002C530FA4C976 [2013/04/23 03:35:53 | 000,458,752 | ---- | C] (Axacalto) -- C:\Documents and Settings\Bob\Application Data\isrml.dll [2013/04/23 03:35:48 | 000,696,320 | ---- | C] (Interactive, Inc.) -- C:\Documents and Settings\Bob\Application Data\rkbcob.dll [2013/04/14 22:55:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TurboTax 2012 [2013/04/10 17:04:56 | 000,061,440 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\ASIW32N50.dll [2013/04/10 17:04:56 | 000,041,280 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\drivers\PCASp50a64.sys [2013/04/10 17:04:56 | 000,028,160 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\drivers\PcaSp50.sys [2013/04/10 17:04:56 | 000,016,302 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\ASINDIS5.sys [2013/04/10 17:04:55 | 000,000,000 | ---D | C] -- C:\Program Files\ASUS [2013/04/10 17:04:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ASUS Utility [2013/04/08 09:59:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bob\My Documents\Golf Car [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/04/23 23:23:04 | 000,006,491 | ---- | M] () -- C:\Documents and Settings\Bob\Local Settings\Application Data\659d9545-abe8-11e2-8274-b8ac6f996f26.crx [2013/04/23 23:22:34 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013/04/23 23:22:31 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2013/04/23 22:31:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2013/04/23 22:23:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013/04/23 20:54:43 | 000,006,491 | ---- | M] () -- C:\Documents and Settings\Kristen\Local Settings\Application Data\659d9545-abe8-11e2-8274-b8ac6f996f26.crx [2013/04/23 04:52:40 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2013/04/23 04:42:57 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2013/04/23 04:41:50 | 000,000,130 | ---- | M] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\fusioncache.dat [2013/04/23 04:40:45 | 000,000,835 | ---- | M] () -- C:\Documents and Settings\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2013/04/23 04:40:40 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf [2013/04/23 04:22:56 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Bob\Application Data\skype.ini [2013/04/23 04:21:18 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2013/04/23 04:03:19 | 002,250,054 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1.bmp [2013/04/23 04:03:04 | 000,302,806 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1.jpg [2013/04/23 03:57:02 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2013/04/23 03:57:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/04/23 03:56:25 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Michelle\Desktop\mbam-setup-1.75.0.1300.exe [2013/04/23 03:39:09 | 000,093,696 | ---- | M] (Hilgraeve, Inc.) -- C:\Documents and Settings\All Users\Application Data\f34rfcdsfwe.exe [2013/04/23 03:35:53 | 000,458,752 | ---- | M] (Axacalto) -- C:\Documents and Settings\Bob\Application Data\isrml.dll [2013/04/23 03:35:48 | 000,696,320 | ---- | M] (Interactive, Inc.) -- C:\Documents and Settings\Bob\Application Data\rkbcob.dll [2013/04/22 10:14:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2013/04/21 22:29:59 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat [2013/04/21 22:29:59 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat [2013/04/21 12:19:06 | 000,004,096 | -HS- | M] () -- C:\VSNAP.IDX [2013/04/20 17:52:11 | 000,471,576 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013/04/19 22:41:25 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2013/04/14 23:33:49 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2012.lnk [2013/04/14 22:57:29 | 000,000,744 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc [2013/04/14 22:55:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\TurboTax 2012 [2013/04/14 16:11:09 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2011.lnk [2013/04/11 10:27:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2013/04/10 17:04:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\ASUS Utility [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/04/23 21:24:59 | 000,006,491 | ---- | C] () -- C:\Documents and Settings\Bob\Local Settings\Application Data\659d9545-abe8-11e2-8274-b8ac6f996f26.crx [2013/04/23 20:47:37 | 000,006,491 | ---- | C] () -- C:\Documents and Settings\Kristen\Local Settings\Application Data\659d9545-abe8-11e2-8274-b8ac6f996f26.crx [2013/04/23 04:41:50 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\fusioncache.dat [2013/04/23 04:40:45 | 000,000,835 | ---- | C] () -- C:\Documents and Settings\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2013/04/23 04:40:45 | 000,000,823 | ---- | C] () -- C:\Documents and Settings\Michael\Start Menu\Programs\Internet Explorer.lnk [2013/04/23 04:40:40 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf [2013/04/23 04:40:27 | 000,000,758 | ---- | C] () -- C:\Documents and Settings\Michael\Start Menu\Programs\Outlook Express.lnk [2013/04/23 04:39:33 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Michael\Start Menu\Programs\Remote Assistance.lnk [2013/04/23 04:39:33 | 000,000,808 | ---- | C] () -- C:\Documents and Settings\Michael\Start Menu\Programs\Windows Media Player.lnk [2013/04/23 04:03:19 | 002,250,054 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1.bmp [2013/04/23 04:03:03 | 000,302,806 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1.jpg [2013/04/23 03:57:02 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2013/04/23 03:40:00 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Bob\Application Data\skype.ini [2013/04/14 22:55:53 | 000,002,447 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2012.lnk [2013/04/10 17:04:56 | 000,015,577 | ---- | C] () -- C:\WINDOWS\System32\ASINDIS3.vxd [2012/04/20 18:20:38 | 000,418,470 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat [2012/04/20 18:20:38 | 000,418,470 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-57989841-1078081533-682003330-1003-0.dat [2012/04/17 01:51:13 | 000,000,744 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc [2012/03/13 22:18:16 | 000,273,344 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin [2012/03/13 22:18:16 | 000,273,344 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin [2012/03/13 22:18:16 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin [2012/02/22 02:38:26 | 005,210,112 | ---- | C] () -- C:\Documents and Settings\Kristen\s-1-5-21-57989841-1078081533-682003330-1005.rrr [2012/02/22 02:38:26 | 000,962,560 | ---- | C] () -- C:\Documents and Settings\Michelle\s-1-5-21-57989841-1078081533-682003330-1004.rrr [2012/02/22 02:38:21 | 010,989,568 | ---- | C] () -- C:\Documents and Settings\Bob\s-1-5-21-57989841-1078081533-682003330-1003.rrr [2012/02/22 02:38:21 | 000,385,024 | ---- | C] () -- C:\Documents and Settings\NetworkService\s-1-5-20.rrr [2012/02/22 02:38:21 | 000,253,952 | ---- | C] () -- C:\Documents and Settings\LocalService\s-1-5-19.rrr [2012/02/22 00:11:28 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe [2012/02/21 21:39:52 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011/06/15 20:52:08 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\Michelle\Local Settings\Application Data\fusioncache.dat [2011/05/21 06:01:00 | 002,123,582 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data [2011/05/21 00:07:19 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2011/05/07 20:14:22 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat [2011/05/07 20:14:22 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat [2011/01/19 21:31:59 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI [2011/01/19 21:31:32 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf09a.dat [2011/01/19 21:31:27 | 000,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini [2011/01/04 17:47:12 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\Bob\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini [2010/12/30 00:24:20 | 000,000,065 | ---- | C] () -- C:\WINDOWS\System32\BD8860DN.DAT [2010/10/15 11:03:07 | 000,072,080 | ---- | C] () -- C:\Documents and Settings\Bob\g2mdlhlpx.exe [2010/08/23 18:19:48 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Kristen\Local Settings\Application Data\fusioncache.dat [2010/08/03 03:32:01 | 000,003,072 | ---- | C] () -- C:\Documents and Settings\Bob\Cache.db [2010/08/03 00:40:46 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\Bob\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/06/07 12:04:40 | 000,000,167 | ---- | C] () -- C:\Documents and Settings\Bob\udownload.dat [2010/06/06 10:20:02 | 000,065,344 | ---- | C] () -- C:\WINDOWS\System32\PDFreDirectMonNT.dll [2010/02/14 17:59:11 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2010/02/05 00:20:52 | 000,102,344 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2010/01/06 23:37:48 | 000,001,255 | ---- | C] () -- C:\WINDOWS\checkip.dat [2009/08/14 14:43:04 | 000,000,269 | ---- | C] () -- C:\WINDOWS\PrnPrint.ini [2009/06/01 03:11:21 | 000,000,765 | ---- | C] () -- C:\WINDOWS\efscan.ini [2009/06/01 03:11:21 | 000,000,021 | ---- | C] () -- C:\WINDOWS\efaxview.ini [2009/03/29 19:15:32 | 000,215,144 | R--- | C] () -- C:\WINDOWS\patchw32.dll [2009/03/29 19:13:46 | 000,215,144 | R--- | C] () -- C:\WINDOWS\pw32a.dll [2009/03/29 18:44:42 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Bob\Local Settings\Application Data\fusioncache.dat [2009/03/29 18:10:12 | 000,000,148 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini [2009/03/29 18:10:11 | 000,003,567 | R--- | C] () -- C:\WINDOWS\System32\hptcpmon.ini [2009/03/29 18:09:43 | 000,000,650 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini [2009/03/29 18:04:03 | 000,094,260 | ---- | C] () -- C:\WINDOWS\HPHins03.dat [2009/03/29 18:04:03 | 000,002,655 | ---- | C] () -- C:\WINDOWS\hphmdl03.dat [2009/03/17 02:00:32 | 000,002,907 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate [2009/03/17 01:45:02 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\PRTSERV.dll [2009/03/17 01:10:41 | 000,000,056 | ---- | C] () -- C:\WINDOWS\Addrfixr.ini [2009/03/17 01:10:41 | 000,000,035 | ---- | C] () -- C:\WINDOWS\iltwain.ini [2009/03/17 01:10:40 | 000,009,391 | ---- | C] () -- C:\WINDOWS\System32\dymourl.ini [2009/03/17 01:07:38 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\DYMOCFG.DLL [2009/03/17 00:04:07 | 000,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI [2009/03/14 23:37:26 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\Bob\Local Settings\Application Data\FASTWiz.html [2009/03/14 16:07:51 | 000,000,435 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI [2009/03/14 16:07:23 | 000,000,844 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini [2009/03/14 16:07:23 | 000,000,094 | ---- | C] () -- C:\WINDOWS\brpcfx.ini [2009/03/14 16:07:09 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL [2009/03/14 16:07:08 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI [2009/03/14 16:06:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat [2009/03/14 16:06:53 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll [2009/03/14 16:02:57 | 000,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini [2009/03/14 11:37:51 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2009/03/14 11:33:59 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2009/03/14 08:51:09 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2009/03/14 08:50:09 | 000,471,576 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2008/07/27 01:18:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2008/04/14 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2008/04/14 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2008/04/14 08:00:00 | 000,484,464 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2008/04/14 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2008/04/14 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2008/04/14 08:00:00 | 000,080,734 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2008/04/14 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2008/04/14 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2008/04/14 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2008/04/14 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2008/04/14 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin [2008/04/14 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2007/02/23 21:05:20 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2007/02/23 20:59:36 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll [2005/10/14 17:09:48 | 000,051,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys [2004/06/07 00:32:52 | 000,009,505 | ---- | C] () -- C:\WINDOWS\System32\hphmon06.dat [2002/03/04 10:16:34 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll [2001/08/07 18:59:54 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HPNVRRes.dll [2001/01/24 09:31:18 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\prntfix.exe [2000/04/14 16:50:02 | 000,343,040 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll [1998/06/11 14:08:06 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll ========== LOP Check ========== [2013/03/29 02:10:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2013/04/23 03:45:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2C533BF2BA1AC45700002C530FA4C976 [2011/01/19 21:47:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AT&T [2011/10/12 00:31:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avery [2011/08/10 22:12:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN [2010/09/27 17:59:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Leapfrog [2010/01/07 00:55:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Linksys [2009/03/17 01:57:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings [2011/06/28 22:31:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PDF reDirect [2009/03/14 16:02:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft [2013/04/23 23:23:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2009/03/17 21:29:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3} [2010/01/07 00:50:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{35ACA973-70F0-495F-9092-74A130711865} [2010/04/10 20:53:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2009/09/11 12:23:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2009/04/10 11:39:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2013/04/23 04:21:18 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 177 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D287FACF < End of report >
  14. About 4 days ago my laptop (Windows XP) was hijacked by a Ransom trojan. My laptop "locked up" with the welcoming and friendly screen "Your Computer is Locked Unless You Pay The $200 Fee" message which demanded I immediately take $200 cash to a local MoneyPak outlet. I ran an Avast scan and then MalwareBytes scan and they both deleted the following: MalwareBytes deleted "Trojan.Downloader" in Local Settings\Temp\install_0_msi.exe. And Avast Scan detected Win32.Malware-gen.and quaranteed it in Virus Chest. Both MalareBytes and Avast scans are now "clean" and the "Ransom Screen" has not returned...HOWEVER, the following suspicious items keep reappearing periodically: The RogueKiller scan report (I scan only) revealed this: ¤¤¤ Bad processes: 1 ¤¤¤ [sUSP PATH] install_0_msi.exe -- C:\DOCUME~1\VINCE\LOCALS~1\Temp\install_0_msi.exe -> KILLED [TermProc] ¤¤¤ Registry Entries: 3 ¤¤¤ [sUSP PATH] ctfmon.lnk @VINCE : C:\WINDOWS\system32\rundll32.exe|C:\DOCUME~1\VINCE\LOCALS~1\Temp\install_0_msi.exe -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND Most of these items no longer appear on the RogueKiller scan, however the two HJ items still remain (see below) and still persist in RogueKiller scans: ¤¤¤ Registry Entries: 2 ¤¤¤ [HJ] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND Also, periodically the "Bad Process" below reappears in RogueKiller: ¤¤¤ Bad processes: 1 ¤¤¤ [HJ NAME] notepad.exe -- C:\WINDOWS\notepad.exe -> KILLED [TermProc] I am concerned about these 2 entries RogueKiller detects in the Registry: ¤¤¤ Registry Entries: 2 ¤¤¤ [HJ] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND Should I have RogueKiller delete the 2 above items in the Registry? I have included the most recent logs from DDS,RogueKiller, and HiJackThis. Thanks for any help you can offer. dds.txt attach.txt RKreport6.txt hijackthis-08-22-2012.log
  15. My computer started to act funny a couple of days ago and it appears that trojans have invaded my system. The particular trojans are bc miner as well as ransom trojan and an agent trojan that are both in the registry. What should I do in order to get rid of the infections?
  16. Hello, Thank you for taking the time to read this. My computer has recently been infected with some sort of malware on my business computer. I have windows 7 ultimate and all my word, docs, and pdf files have had an .crypt extension added. I cannot open any of these files and my anti-virus cannot help me. Please help, I would greatly appreciate this! A WARNING.txt file was placed on my desktop stating the following: WARNING! YOU WCAP ID: 5291 If you see this screen or read warning.txt. It means you IP address: 67.164.131.123 was included in WCAP Black List. From your PC was infringement one or more of the following items: 1. Viewing, listening, downloading or distributing audio or video files protected Copyright Law. 2. Spam or Ddos attack. 3. Downloading or distributing illegal content (child porno, phishing, etc.) 4. Downloading or distributing Software protected Copyright Law. The result of these infringement you PC and file was blocked. The decision was made about blocking on the basis of Digital Millennium Copyright Act (DMCA) amendment 1272 of 06/10/2011 You can remove you IP from black list and unblock PC and files paying money penalty 100$. STEP 1: Buy a MoneyPak in amount of $100 at the nearest store. STEP 2: Fill in the fields on the screen, and click Make Payment. Alternate send as an e-mail at WCAPLLC@yahoo.com . Indicate your WCAP ID in the message title and provide MoneyPak number. STEP 3: Check your e-mail. We will send you Unblock code once payment is verified. Your computer will roll back to the ordinary state. Q: Where can I purchase MoneyPak? A: MonekPak can be purchased at thousands of stores nationwide, including major retailers such as Wal-Mart, Walgreens, CVS/pharmacy, Rite Aid, Kmart, Kroger and Meijer. Click here to find a store near. Q: How do I buy a MoneyPak at the store? A: Pick up a MoneyPak from the Prepaid Product Section or Green Dot display and take it to the register. The cashier will collect your cash and load it onto the MoneyPak. Q: How I can make sure that you can really decipher my files? A: You can send ONE any ciphered file on email WCAPLLC@yahoo.com (Indicate your IS and /test decrypt/ phrase in the message title), in the response message you receive the deciphered file. WARNING!!!: If you don't pay money penalty 100$ within 72 HOURS, all your computer data will be deleted. WARNING!!! Dont remove this screen this may complicate or make impossible the decryption. Even after removing the screen, files will remain encrypted. You can confirm this moving crypt file to another PC. MONEYPAK _______________ EMAIL _______________ [Make Payment] Please contact us if you have any questions wcapllc@yahoo.com. I don't know what to do and really need these files. Is there anything I can do to save my files? Thank you so much in advance.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.