Registry Data Items Infected:Trojan.DNSChanger

View previous topic View next topic Go down

Registry Data Items Infected:Trojan.DNSChanger

Post by rlewis on Tue 21 Sep 2010, 2:50 pm

I have kaspersky anti virus 2011 which did not find the virus so after researching i learned to download malware bytes which does find it and remove it but when I restart computer and rescan it shows up again. I have also discovered that this only happens when i am at home connected to our home wireless network. I went to a bookstore and connected to the wifi connection there and ran scan with malware bytes and it didn't find the virus and I had non of the problems I have when I am at home on the internet... but of course when I get back home I run the malware bytes scan and the trojan is there again and cant be removed and I have all these problems for example my problems at home include: being redirected to different websites, not able to go to certain websites, not able to do any updates. Please help......I have tried anti spyware, malware bytes, avira..the only one that finds is malware bytes but it only stays removed when i am not at home on the wireless connection there.
Here is otl log:
OTL logfile created on: 9/20/2010 10:11:11 PM - Run 1
OTL by OldTimer - Version 3.2.14.0 Folder = C:\Users\Richelle\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 69.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.62 Gb Total Space | 395.40 Gb Free Space | 87.17% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RICHELLE-PC
Current User Name: Richelle
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - File not found -- Q:\140061.enu\Office14\ONENOTEM.EXE
PRC - [2010/09/20 22:09:00 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Richelle\Desktop\OTL.com
PRC - [2010/09/16 11:49:31 | 000,352,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
PRC - [2010/08/16 20:19:45 | 000,232,912 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10i_ActiveX.exe
PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/07/22 02:34:42 | 000,079,872 | ---- | M] (SanDisk Corporation) -- C:\Users\Richelle\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
PRC - [2010/04/24 01:10:34 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/04/24 01:10:28 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2010/02/28 02:33:14 | 003,207,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
PRC - [2010/02/28 02:33:14 | 000,821,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
PRC - [2010/02/28 02:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
PRC - [2009/11/19 23:29:16 | 000,623,960 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2009/08/11 15:37:50 | 002,446,648 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
PRC - [2009/07/29 00:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009/07/14 23:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
PRC - [2009/07/13 19:24:00 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2009/07/02 14:05:00 | 000,252,288 | ---- | M] (TOSHIBA) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
PRC - [2009/05/08 06:53:34 | 000,174,424 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe
PRC - [2009/03/10 22:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2009/02/23 09:05:34 | 000,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/10/24 10:14:36 | 000,206,112 | ---- | M] (Macrovision Corporation) -- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe


========== Modules (SafeList) ==========

MOD - [2010/09/20 22:09:00 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Richelle\Desktop\OTL.com
MOD - [2009/07/13 21:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2009/08/11 20:10:48 | 000,252,272 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2009/08/05 18:20:12 | 000,488,800 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009/08/04 15:15:06 | 000,826,224 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2009/08/03 21:17:56 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/07/28 18:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/08 13:41:02 | 000,531,520 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)
SRV - [2010/09/16 11:49:31 | 000,352,976 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe -- (AVP)
SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/05/20 10:06:14 | 000,245,760 | ---- | M] (SMServer) [On_Demand | Stopped] -- C:\windows\SysWOW64\snmvtsvc.exe -- (SMServer)
SRV - [2010/05/20 08:04:06 | 000,344,064 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\1Step DVD Copy\CDVDService.exe -- (CDVDService)
SRV - [2010/05/20 07:01:10 | 000,344,064 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\SoundTaxi Media Suite\STSService.exe -- (STSService)
SRV - [2010/04/24 01:10:34 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/04/24 01:10:28 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/28 02:33:14 | 000,821,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE -- (cvhsvc)
SRV - [2009/08/10 23:55:58 | 000,248,688 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009/07/21 15:15:20 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/07/14 23:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service)
SRV - [2009/05/22 14:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/03/10 22:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/09/16 11:49:30 | 000,556,120 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2010/06/09 17:44:00 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2010/06/09 17:43:56 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2010/05/21 09:12:54 | 000,033,336 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SndTAudio.sys -- (SndTAudio)
DRV:64bit: - [2010/04/26 17:23:08 | 001,103,904 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2010/04/24 01:10:32 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010/04/24 01:10:28 | 000,269,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010/04/24 01:10:28 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010/04/24 01:10:20 | 000,721,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010/04/22 19:07:36 | 000,027,736 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2010/04/19 20:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/11/05 14:15:40 | 000,291,328 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/11/02 20:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009/10/09 22:41:20 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/08/27 12:07:06 | 007,369,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/08/07 09:24:14 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/07/30 23:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/28 22:24:12 | 000,081,408 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdpe64.sys -- (risdpcie)
DRV:64bit: - [2009/07/24 19:57:08 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2009/07/20 21:48:32 | 000,274,480 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/07/14 19:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/13 20:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/10 10:45:12 | 000,139,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV:64bit: - [2009/07/07 12:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2009/07/04 23:27:02 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpe64.sys -- (rixdpcie)
DRV:64bit: - [2009/07/02 12:54:52 | 000,060,416 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci)
DRV:64bit: - [2009/06/29 20:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)
DRV:64bit: - [2009/06/29 14:25:22 | 000,034,880 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\thpdrv.sys -- (Thpdrv)
DRV:64bit: - [2009/06/22 21:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/19 23:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/19 22:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/06/10 17:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/01/09 16:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2008/05/20 20:33:36 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2007/05/01 04:00:00 | 000,052,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg64.dll (Google Inc.)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [ThpSrv] C:\windows\SysNative\thpsrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe (Toshiba)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TUSBSleepChargeSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe (TOSHIBA)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKLM..\Run: [YMailAdvisor] C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe (Yahoo! Inc.)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [MyTOSHIBA] C:\Program Files (x86)\TOSHIBA\My Toshiba\MyToshiba.exe (TOSHIBA)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\windows\SysWow64\StikyNot.exe File not found
O4 - HKCU..\Run: [SansaDispatch] C:\Users\Richelle\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
O4 - HKCU..\Run: [Search Protection] C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - Startup: C:\Users\Richelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9:64bit: - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files (x86)\SoundTaxi\YouTubeRipper.dll ()
O9 - Extra 'Tools' menuitem : Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files (x86)\SoundTaxi\YouTubeRipper.dll ()
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} [You must be registered and logged in to see this link.] (MySpace Uploader Control)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} [You must be registered and logged in to see this link.] (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd.dll File not found
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~2\mzvkbd3.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\mzvkbd3.dll (Kaspersky Lab ZAO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - Reg Error: Key error. - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{d34acffc-472d-11df-bc56-00266c3816d6}\Shell - "" = AutoRun
O33 - MountPoints2\{d34acffc-472d-11df-bc56-00266c3816d6}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*




rlewis

Newbie Surfer
Newbie Surfer

Posts : 10
Joined : 2010-09-21
Operating System : 7

View user profile

Back to top Go down

Re: Registry Data Items Infected:Trojan.DNSChanger

Post by rlewis on Tue 21 Sep 2010, 2:51 pm

SafeBootMin:64bit: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE File not found
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE File not found
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} -
ActiveX:64bit: >{D26A633D-BE2F-40F5-9B7E-C76BF7C8E843} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: {01250B8F-D947-4F8A-9408-FE8E3EE2EC92} - C:\Program Files (x86)\TOSHIBA\My Toshiba\MyToshiba.exe /SETUP
ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - Reg Error: Value error.
ActiveX: {AA218328-0EA8-4D70-8972-E987A9190FF4} - Reg Error: Value error.
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.dvacm - C:\Program Files (x86)\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.mpegacm - C:\Program Files (x86)\Common Files\Ulead Systems\MPEG\MPEGACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.ulmp3acm - C:\Program Files (x86)\Common Files\Ulead Systems\MPEG\ulmp3acm.acm (Ulead systems)
Drivers32: vidc.cvid - C:\windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/09/20 22:09:00 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Users\Richelle\Desktop\OTL.com
[2010/09/20 21:49:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2010/09/20 21:47:31 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\sdbus.sys
[2010/09/20 21:47:06 | 002,441,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iertutil.dll
[2010/09/20 15:53:03 | 000,000,000 | ---D | C] -- C:\Users\Richelle\Documents\JavaRa[1]
[2010/09/20 15:38:21 | 000,468,480 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\SysNative\deployJava1.dll
[2010/09/20 15:38:21 | 000,183,296 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\SysNative\javaws.exe
[2010/09/20 15:38:21 | 000,165,888 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\SysNative\javaw.exe
[2010/09/20 15:38:20 | 000,165,888 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\SysNative\java.exe
[2010/09/20 15:37:54 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/09/19 17:17:36 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dfshim.dll
[2010/09/19 17:17:36 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\PresentationHost.exe
[2010/09/19 17:17:36 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\PresentationHostProxy.dll
[2010/09/19 17:17:36 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\netfxperf.dll
[2010/09/19 17:17:35 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dfshim.dll
[2010/09/19 17:17:35 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\PresentationHost.exe
[2010/09/19 17:17:35 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\PresentationHostProxy.dll
[2010/09/19 17:17:35 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netfxperf.dll
[2010/09/19 17:13:23 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\oleaut32.dll
[2010/09/19 17:13:22 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\CPFilters.dll
[2010/09/19 17:13:21 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\CPFilters.dll
[2010/09/19 17:13:19 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mpg2splt.ax
[2010/09/19 17:13:12 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msdri.dll
[2010/09/19 17:13:11 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mpg2splt.ax
[2010/09/19 17:13:09 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MSNP.ax
[2010/09/19 17:13:06 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MSNP.ax
[2010/09/19 17:12:53 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cdd.dll
[2010/09/19 17:12:18 | 001,736,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntdll.dll
[2010/09/19 17:12:06 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iepeers.dll
[2010/09/19 17:12:05 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iepeers.dll
[2010/09/19 17:12:04 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2010/09/19 17:12:03 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2010/09/19 17:12:00 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeedssync.exe
[2010/09/19 17:11:59 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msfeedssync.exe
[2010/09/19 17:11:53 | 005,507,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2010/09/19 17:11:51 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2010/09/19 17:11:51 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2010/09/19 17:11:19 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rtutils.dll
[2010/09/19 17:11:19 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\rtutils.dll
[2010/09/19 17:11:18 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\windows\SysWow64\iccvid.dll
[2010/09/17 20:05:04 | 000,000,000 | ---D | C] -- C:\Users\Richelle\Documents\OneNote Notebooks
[2010/09/16 20:48:58 | 000,000,000 | ---D | C] -- C:\Users\Richelle\AppData\Local\Threat Expert
[2010/09/16 20:04:37 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/09/16 19:58:20 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010/09/16 15:29:18 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/09/16 15:29:17 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/09/16 15:29:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/09/16 08:04:57 | 112,029,488 | ---- | C] (Kaspersky Lab) -- C:\Users\Richelle\Desktop\kav2011_11.0.1.401en_us.exe
[2010/09/14 18:53:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2010/09/10 16:38:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/09/09 21:52:57 | 000,000,000 | ---D | C] -- C:\Users\Richelle\Documents\tdsskiller
[2010/09/09 20:12:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2010/09/09 16:35:55 | 000,000,000 | ---D | C] -- C:\Users\Richelle\AppData\Roaming\SUPERAntiSpyware.com
[2010/09/09 16:35:55 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/09/09 16:35:49 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2010/09/08 20:54:04 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysWow64\drivers\mbamswissarmy.sys
[2010/09/08 20:54:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/09/08 16:02:47 | 000,000,000 | ---D | C] -- C:\Users\Richelle\AppData\Roaming\Malwarebytes
[2010/09/08 16:02:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/09/08 16:02:07 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2010/09/07 20:28:38 | 000,000,000 | ---D | C] -- C:\ProgramData\262DF
[2010/08/27 07:20:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/08/27 07:09:17 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2010/08/27 07:02:45 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/08/27 07:02:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010/08/26 22:01:24 | 000,000,000 | ---D | C] -- C:\Users\Richelle\AppData\Local\Trend Micro
[2010/08/26 18:22:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2010/08/24 13:39:57 | 000,000,000 | ---D | C] -- C:\Users\Richelle\Documents\organize tools
[2 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Users\Richelle\Documents\*.tmp files -> C:\Users\Richelle\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/09/20 22:26:31 | 002,621,440 | -HS- | M] () -- C:\Users\Richelle\ntuser.dat
[2010/09/20 22:09:00 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Richelle\Desktop\OTL.com
[2010/09/20 22:04:19 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/20 22:04:19 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/20 21:56:54 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/20 21:55:51 | 000,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
[2010/09/20 21:55:42 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2010/09/20 21:55:24 | 3117,404,160 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/20 21:53:56 | 001,832,424 | -H-- | M] () -- C:\Users\Richelle\AppData\Local\IconCache.db
[2010/09/20 21:53:35 | 000,738,572 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2010/09/20 21:53:35 | 000,624,622 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2010/09/20 21:53:35 | 000,106,708 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2010/09/20 21:32:00 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/20 15:37:59 | 000,468,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysNative\deployJava1.dll
[2010/09/20 15:37:59 | 000,183,296 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysNative\javaws.exe
[2010/09/20 15:37:59 | 000,165,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysNative\javaw.exe
[2010/09/20 15:37:59 | 000,165,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysNative\java.exe
[2010/09/20 03:45:37 | 000,000,017 | ---- | M] () -- C:\windows\SysWow64\shortcut_ex.dat
[2010/09/19 19:56:02 | 000,000,497 | ---- | M] () -- C:\Users\Richelle\Desktop\Desktop.lnk
[2010/09/19 17:14:50 | 000,731,106 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2010/09/17 20:44:27 | 000,002,025 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/09/17 20:41:00 | 000,410,912 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2010/09/17 20:05:16 | 000,001,517 | ---- | M] () -- C:\Users\Richelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2010/09/17 14:01:52 | 000,049,664 | ---- | M] () -- C:\Users\Richelle\Documents\Richelle Lewis Resume 2010 (2).doc
[2010/09/17 07:07:46 | 001,458,587 | ---- | M] () -- C:\Users\Richelle\Desktop\kasp10.0_rescuedisk_en.pdf
[2010/09/16 20:07:25 | 001,111,974 | ---- | M] () -- C:\windows\SysNative\drivers\Cat.DB
[2010/09/16 15:30:03 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/09/16 14:37:57 | 000,049,664 | ---- | M] () -- C:\Users\Richelle\Documents\Richelle resume 2010 (2).doc
[2010/09/16 12:05:08 | 000,001,044 | ---- | M] () -- C:\Users\Richelle\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/09/16 12:05:08 | 000,001,020 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/16 11:49:30 | 000,556,120 | ---- | M] (Kaspersky Lab) -- C:\windows\SysNative\drivers\klif.sys
[2010/09/16 08:08:19 | 000,065,536 | -HS- | M] () -- C:\Users\Richelle\ntuser.dat{43e7f654-c183-11df-ae18-00266c3816d6}.TM.blf
[2010/09/16 08:08:18 | 000,524,288 | -HS- | M] () -- C:\Users\Richelle\ntuser.dat{43e7f654-c183-11df-ae18-00266c3816d6}.TMContainer00000000000000000002.regtrans-ms
[2010/09/16 08:08:18 | 000,524,288 | -HS- | M] () -- C:\Users\Richelle\ntuser.dat{43e7f654-c183-11df-ae18-00266c3816d6}.TMContainer00000000000000000001.regtrans-ms
[2010/09/16 08:05:11 | 112,029,488 | ---- | M] (Kaspersky Lab) -- C:\Users\Richelle\Desktop\kav2011_11.0.1.401en_us.exe
[2010/09/16 07:53:52 | 000,001,448 | ---- | M] () -- C:\Users\Richelle\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/09/16 07:35:48 | 000,109,832 | ---- | M] () -- C:\Users\Richelle\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/09/16 07:11:45 | 000,524,288 | -HS- | M] () -- C:\Users\Richelle\ntuser.dat{897b498a-c143-11df-82fe-00266c3816d6}.TMContainer00000000000000000002.regtrans-ms
[2010/09/16 07:11:45 | 000,524,288 | -HS- | M] () -- C:\Users\Richelle\ntuser.dat{897b498a-c143-11df-82fe-00266c3816d6}.TMContainer00000000000000000001.regtrans-ms
[2010/09/16 07:11:45 | 000,065,536 | -HS- | M] () -- C:\Users\Richelle\ntuser.dat{897b498a-c143-11df-82fe-00266c3816d6}.TM.blf
[2010/09/15 07:40:34 | 000,097,619 | ---- | M] () -- C:\Users\Richelle\Documents\Richelle resume 2010 (1).rtf
[2010/09/12 21:03:23 | 000,524,288 | -HS- | M] () -- C:\Users\Richelle\ntuser.dat{59ca9262-bec9-11df-bc87-00266c3816d6}.TMContainer00000000000000000002.regtrans-ms
[2010/09/12 21:03:23 | 000,524,288 | -HS- | M] () -- C:\Users\Richelle\ntuser.dat{59ca9262-bec9-11df-bc87-00266c3816d6}.TMContainer00000000000000000001.regtrans-ms
[2010/09/12 21:03:23 | 000,065,536 | -HS- | M] () -- C:\Users\Richelle\ntuser.dat{59ca9262-bec9-11df-bc87-00266c3816d6}.TM.blf
[2010/09/12 20:20:14 | 000,524,288 | -HS- | M] () -- C:\Users\Richelle\ntuser.dat{86b4807f-be9c-11df-b639-00266c3816d6}.TMContainer00000000000000000002.regtrans-ms
[2010/09/12 20:20:14 | 000,524,288 | -HS- | M] () -- C:\Users\Richelle\ntuser.dat{86b4807f-be9c-11df-b639-00266c3816d6}.TMContainer00000000000000000001.regtrans-ms
[2010/09/12 20:20:14 | 000,065,536 | -HS- | M] () -- C:\Users\Richelle\ntuser.dat{86b4807f-be9c-11df-b639-00266c3816d6}.TM.blf
[2010/09/11 14:39:16 | 000,524,288 | -HS- | M] () -- C:\Users\Richelle\ntuser.dat{e7ae5c5f-bda7-11df-b99a-00266c3816d6}.TMContainer00000000000000000002.regtrans-ms
[2010/09/11 14:39:16 | 000,524,288 | -HS- | M] () -- C:\Users\Richelle\ntuser.dat{e7ae5c5f-bda7-11df-b99a-00266c3816d6}.TMContainer00000000000000000001.regtrans-ms
[2010/09/11 14:39:16 | 000,065,536 | -HS- | M] () -- C:\Users\Richelle\ntuser.dat{e7ae5c5f-bda7-11df-b99a-00266c3816d6}.TM.blf
[2010/09/10 22:41:14 | 000,524,288 | -HS- | M] () -- C:\Users\Richelle\ntuser.dat{c74af21f-bd49-11df-bc6c-00266c3816d6}.TMContainer00000000000000000002.regtrans-ms
[2010/09/10 22:41:14 | 000,524,288 | -HS- | M] () -- C:\Users\Richelle\ntuser.dat{c74af21f-bd49-11df-bc6c-00266c3816d6}.TMContainer00000000000000000001.regtrans-ms
[2010/09/10 22:41:14 | 000,065,536 | -HS- | M] () -- C:\Users\Richelle\ntuser.dat{c74af21f-bd49-11df-bc6c-00266c3816d6}.TM.blf
[2010/09/10 17:43:11 | 000,000,000 | ---- | M] () -- C:\backup.reg
[2010/09/06 20:37:01 | 000,013,019 | ---- | M] () -- C:\Users\Richelle\Documents\cassius about me dates.docx
[2010/09/06 19:17:23 | 000,013,871 | ---- | M] () -- C:\Users\Richelle\Documents\cassius history of me 7th grade.docx
[2010/08/31 16:40:39 | 000,000,162 | -H-- | M] () -- C:\Users\Richelle\Documents\~$chelle resume 2010 (2).doc
[2010/08/31 01:19:12 | 002,441,216 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iertutil.dll
[2010/08/27 07:21:03 | 000,001,856 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/08/27 07:14:33 | 000,002,515 | ---- | M] () -- C:\Users\Richelle\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/08/27 07:14:33 | 000,002,491 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2010/08/26 22:01:04 | 000,000,824 | ---- | M] () -- C:\windows\SysNative\drivers\etc\tmvsthfud.bin
[2010/08/26 22:00:59 | 000,000,824 | ---- | M] () -- C:\windows\SysNative\drivers\etc\tmvsthfss.bin
[2010/08/26 09:46:00 | 000,047,616 | ---- | M] () -- C:\Users\Richelle\Documents\Richelle resume 2010 (1).doc
[2 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Users\Richelle\Documents\*.tmp files -> C:\Users\Richelle\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/20 03:45:37 | 000,000,017 | ---- | C] () -- C:\windows\SysWow64\shortcut_ex.dat
[2010/09/17 20:05:16 | 000,001,517 | ---- | C] () -- C:\Users\Richelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2010/09/17 07:07:46 | 001,458,587 | ---- | C] () -- C:\Users\Richelle\Desktop\kasp10.0_rescuedisk_en.pdf
[2010/09/16 20:06:00 | 001,111,974 | ---- | C] () -- C:\windows\SysNative\drivers\Cat.DB
[2010/09/16 15:30:03 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/09/16 12:05:08 | 000,001,044 | ---- | C] () -- C:\Users\Richelle\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/09/16 07:33:57 | 000,524,288 | -HS- | C] () -- C:\Users\Richelle\ntuser.dat{43e7f654-c183-11df-ae18-00266c3816d6}.TMContainer00000000000000000002.regtrans-ms
[2010/09/16 07:33:57 | 000,524,288 | -HS- | C] () -- C:\Users\Richelle\ntuser.dat{43e7f654-c183-11df-ae18-00266c3816d6}.TMContainer00000000000000000001.regtrans-ms
[2010/09/16 07:33:57 | 000,065,536 | -HS- | C] () -- C:\Users\Richelle\ntuser.dat{43e7f654-c183-11df-ae18-00266c3816d6}.TM.blf
[2010/09/16 06:46:09 | 000,524,288 | -HS- | C] () -- C:\Users\Richelle\ntuser.dat{897b498a-c143-11df-82fe-00266c3816d6}.TMContainer00000000000000000002.regtrans-ms
[2010/09/16 06:46:09 | 000,524,288 | -HS- | C] () -- C:\Users\Richelle\ntuser.dat{897b498a-c143-11df-82fe-00266c3816d6}.TMContainer00000000000000000001.regtrans-ms
[2010/09/16 06:46:08 | 000,065,536 | -HS- | C] () -- C:\Users\Richelle\ntuser.dat{897b498a-c143-11df-82fe-00266c3816d6}.TM.blf
[2010/09/15 07:48:45 | 000,049,664 | ---- | C] () -- C:\Users\Richelle\Documents\Richelle Lewis Resume 2010 (2).doc
[2010/09/12 20:29:10 | 000,524,288 | -HS- | C] () -- C:\Users\Richelle\ntuser.dat{59ca9262-bec9-11df-bc87-00266c3816d6}.TMContainer00000000000000000002.regtrans-ms
[2010/09/12 20:29:10 | 000,524,288 | -HS- | C] () -- C:\Users\Richelle\ntuser.dat{59ca9262-bec9-11df-bc87-00266c3816d6}.TMContainer00000000000000000001.regtrans-ms
[2010/09/12 20:29:10 | 000,065,536 | -HS- | C] () -- C:\Users\Richelle\ntuser.dat{59ca9262-bec9-11df-bc87-00266c3816d6}.TM.blf
[2010/09/12 19:56:48 | 000,524,288 | -HS- | C] () -- C:\Users\Richelle\ntuser.dat{86b4807f-be9c-11df-b639-00266c3816d6}.TMContainer00000000000000000002.regtrans-ms
[2010/09/12 19:56:48 | 000,524,288 | -HS- | C] () -- C:\Users\Richelle\ntuser.dat{86b4807f-be9c-11df-b639-00266c3816d6}.TMContainer00000000000000000001.regtrans-ms
[2010/09/12 19:56:48 | 000,065,536 | -HS- | C] () -- C:\Users\Richelle\ntuser.dat{86b4807f-be9c-11df-b639-00266c3816d6}.TM.blf
[2010/09/11 09:57:54 | 000,524,288 | -HS- | C] () -- C:\Users\Richelle\ntuser.dat{e7ae5c5f-bda7-11df-b99a-00266c3816d6}.TMContainer00000000000000000002.regtrans-ms
[2010/09/11 09:57:54 | 000,524,288 | -HS- | C] () -- C:\Users\Richelle\ntuser.dat{e7ae5c5f-bda7-11df-b99a-00266c3816d6}.TMContainer00000000000000000001.regtrans-ms
[2010/09/11 09:57:54 | 000,065,536 | -HS- | C] () -- C:\Users\Richelle\ntuser.dat{e7ae5c5f-bda7-11df-b99a-00266c3816d6}.TM.blf
[2010/09/10 22:38:27 | 000,524,288 | -HS- | C] () -- C:\Users\Richelle\ntuser.dat{c74af21f-bd49-11df-bc6c-00266c3816d6}.TMContainer00000000000000000002.regtrans-ms
[2010/09/10 22:38:27 | 000,524,288 | -HS- | C] () -- C:\Users\Richelle\ntuser.dat{c74af21f-bd49-11df-bc6c-00266c3816d6}.TMContainer00000000000000000001.regtrans-ms
[2010/09/10 22:38:27 | 000,065,536 | -HS- | C] () -- C:\Users\Richelle\ntuser.dat{c74af21f-bd49-11df-bc6c-00266c3816d6}.TM.blf
[2010/09/10 17:43:11 | 000,000,000 | ---- | C] () -- C:\backup.reg
[2010/09/10 09:17:19 | 000,001,448 | ---- | C] () -- C:\Users\Richelle\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/09/08 20:54:06 | 000,001,020 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/06 20:37:00 | 000,013,019 | ---- | C] () -- C:\Users\Richelle\Documents\cassius about me dates.docx
[2010/09/06 19:17:22 | 000,013,871 | ---- | C] () -- C:\Users\Richelle\Documents\cassius history of me 7th grade.docx
[2010/08/31 16:40:39 | 000,000,162 | -H-- | C] () -- C:\Users\Richelle\Documents\~$chelle resume 2010 (2).doc
[2010/08/27 07:21:03 | 000,001,856 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/08/26 09:46:31 | 000,049,664 | ---- | C] () -- C:\Users\Richelle\Documents\Richelle resume 2010 (2).doc
[2010/08/15 17:21:52 | 000,731,106 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2010/01/27 17:49:33 | 000,001,124 | ---- | C] () -- C:\Users\Richelle\AppData\Roaming\wklnhst.dat
[2010/01/10 17:44:43 | 000,000,013 | RHS- | C] () -- C:\windows\SysWow64\drivers\fbd.sys
[2009/12/09 01:53:03 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll

========== Custom Scans ==========


< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/07/13 21:15:50 | 001,386,496 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\msvbvm60.dll
[2 C:\windows\system32\*.tmp files -> C:\windows\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[2 C:\windows\system32\*.tmp files -> C:\windows\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.sys >

< %systemroot%\system32\drivers\*.dll >

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %SYSTEMDRIVE%\*.* >
[2010/09/10 17:42:03 | 000,000,680 | ---- | M] () -- C:\avenger.txt
[2010/09/10 17:43:11 | 000,000,000 | ---- | M] () -- C:\backup.reg
[2009/07/13 21:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2009/09/03 00:56:06 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010/09/20 21:55:24 | 3117,404,160 | -HS- | M] () -- C:\hiberfil.sys
[2006/12/02 03:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2010/09/20 21:55:35 | 4156,538,880 | -HS- | M] () -- C:\pagefile.sys
[2010/09/10 07:41:19 | 000,133,136 | ---- | M] () -- C:\TDSSKiller.2.4.2.1_09.09.2010_21.53.31_log.txt

< %PROGRAMFILES%\*. >
[2010/06/07 10:01:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\1Step DVD Copy
[2010/07/14 21:03:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe
[2010/01/12 18:28:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Apple Software Update
[2010/09/09 20:12:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Avira
[2010/07/06 11:54:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\BearShare Applications
[2010/09/16 07:31:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Bonjour
[2010/02/05 23:03:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Canon
[2010/09/16 21:42:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
[2009/09/02 23:30:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Corel
[2010/09/16 07:47:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Google
[2010/01/10 17:44:39 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2009/12/09 01:13:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Intel
[2010/09/19 17:33:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
[2009/09/02 23:40:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Intuit
[2010/09/16 15:29:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\iTunes
[2010/09/16 07:25:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java
[2010/09/16 07:31:35 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Kaspersky Lab
[2010/09/16 12:05:09 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2009/09/02 23:47:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft
[2010/09/14 18:53:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Analysis Services
[2010/09/19 17:14:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Application Virtualization Client
[2010/09/16 07:25:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office
[2009/12/09 01:10:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office Suite Activation Assistant
[2010/09/17 20:40:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight
[2009/09/02 23:49:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2010/09/17 20:38:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Works
[2010/09/20 21:49:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
[2009/07/14 01:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
[2010/06/18 19:38:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSXML 4.0
[2010/08/26 18:22:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NortonInstaller
[2010/09/16 07:31:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\QuickTime
[2009/12/09 01:25:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Realtek
[2009/12/09 01:24:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Realtek WLAN Driver
[2009/07/14 01:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
[2010/01/15 16:48:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Research In Motion
[2010/01/21 18:57:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Roxio
[2010/09/16 07:31:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Safari
[2010/06/05 15:24:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SoundTaxi
[2010/06/05 15:25:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SoundTaxi Media Suite
[2009/12/09 01:23:54 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Temp
[2010/01/10 17:44:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\TOSHIBA
[2009/09/02 23:41:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\TOSHIBA Corporation
[2009/09/02 23:40:09 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\TOSHIBA Games
[2010/09/16 07:26:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Trend Micro
[2009/07/14 00:57:06 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Uninstall Information
[2009/07/14 01:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
[2009/09/02 23:49:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live
[2009/09/02 23:46:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live SkyDrive
[2010/06/20 08:30:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
[2010/06/20 08:30:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
[2009/07/14 01:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
[2009/07/14 01:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Viewer
[2009/07/14 01:32:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
[2009/07/14 01:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar
[2010/09/16 07:26:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Yahoo!

< %appdata%\*.* >
[2010/01/27 18:30:59 | 000,001,124 | ---- | M] () -- C:\Users\Richelle\AppData\Roaming\wklnhst.dat


< MD5 for: AGP440.SYS >
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/13 21:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: DISK.SYS >
[2009/07/13 21:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\windows\SysWow64\DriverStore\FileRepository\disk.inf_amd64_neutral_10ce25bbc5a9cc43\disk.sys
[2009/07/13 21:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\winsxs\amd64_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_55bb738b8ddd8a01\disk.sys

< MD5 for: IASTOR.SYS >
[2009/08/07 09:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2009/08/07 09:24:14 | 000,408,600 | ---- | M] (Intel Corporation) MD5=BBB3B6DF1ABB0FE35802EDE85CC1C011 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009/08/07 09:24:14 | 000,408,600 | ---- | M] (Intel Corporation) MD5=BBB3B6DF1ABB0FE35802EDE85CC1C011 -- C:\windows\SysWow64\DriverStore\FileRepository\iaahci.inf_amd64_neutral_4fa22a1c88c09097\iaStor.sys

< MD5 for: IASTORV.SYS >
[2009/07/13 21:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/13 21:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/07/13 21:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009/07/13 21:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 21:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/13 21:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

< MD5 for: USBSTOR.SYS >
[2009/07/13 20:06:34 | 000,089,600 | ---- | M] (Microsoft Corporation) MD5=080D3820DA6C046BE82FC8B45A893E83 -- C:\windows\SysWow64\DriverStore\FileRepository\usbstor.inf_amd64_neutral_c301b770e0bfb179\USBSTOR.SYS
[2009/07/13 20:06:34 | 000,089,600 | ---- | M] (Microsoft Corporation) MD5=080D3820DA6C046BE82FC8B45A893E83 -- C:\Windows\winsxs\amd64_usbstor.inf_31bf3856ad364e35_6.1.7600.16385_none_a47b405db18421ea\USBSTOR.SYS

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:430C6D84
< End of report >


rlewis

Newbie Surfer
Newbie Surfer

Posts : 10
Joined : 2010-09-21
Operating System : 7

View user profile

Back to top Go down

Re: Registry Data Items Infected:Trojan.DNSChanger

Post by rlewis on Tue 21 Sep 2010, 2:52 pm

here is malwarebytes log when I run it at home(and if I run it at home again it says the same thing):
Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]
Database version: 4633
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
9/19/2010 8:25:10 PM
mbam-log-2010-09-19 (20-25-10).txt
Scan type: Quick scan
Objects scanned: 143004
Time elapsed: 8 minute(s), 24 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.148 85.255.112.10 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{a551fa16-b190-42be-bcb5-f829172ee91d}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.148 85.255.112.10 -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Here is Malware log when I run it while at the bookstore on there wifi hotspot:
Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]
Database version: 4633
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
9/17/2010 7:36:24 PM
mbam-log-2010-09-17 (19-36-24).txt
Scan type: Quick scan
Objects scanned: 143346
Time elapsed: 5 minute(s), 1 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)

rlewis

Newbie Surfer
Newbie Surfer

Posts : 10
Joined : 2010-09-21
Operating System : 7

View user profile

Back to top Go down

Re: Registry Data Items Infected:Trojan.DNSChanger

Post by Belahzur on Wed 22 Sep 2010, 8:08 am

Hello.
Still having problems? MBAM removed the DNS hijack.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Registry Data Items Infected:Trojan.DNSChanger

Post by rlewis on Wed 22 Sep 2010, 11:03 am

yes I am still having problems. I only posted that malware bytes to show that it removes it but when I reboot and rescan it is still there. I have scanned and deleted it many times only to always have it show up after I reboot the computer.

rlewis

Newbie Surfer
Newbie Surfer

Posts : 10
Joined : 2010-09-21
Operating System : 7

View user profile

Back to top Go down

Re: Registry Data Items Infected:Trojan.DNSChanger

Post by Belahzur on Wed 22 Sep 2010, 11:19 am

Hello.
Are you on a router? if so, the malware has likely altered your router settings. You may need to talk to your ISP into resetting your router settings.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Registry Data Items Infected:Trojan.DNSChanger

Post by rlewis on Wed 22 Sep 2010, 1:19 pm

Yes on a wireless router. 3 different computers in the home use it. ok thank you. I live with my parents so I will have to get that info to call them about resetting the router. Thanks. Ill let you know what happens.

rlewis

Newbie Surfer
Newbie Surfer

Posts : 10
Joined : 2010-09-21
Operating System : 7

View user profile

Back to top Go down

Re: Registry Data Items Infected:Trojan.DNSChanger

Post by rlewis on Fri 24 Sep 2010, 7:49 am

Hi, So when they chande the router settings the malware will be gone? or do I need to do other things after that

rlewis

Newbie Surfer
Newbie Surfer

Posts : 10
Joined : 2010-09-21
Operating System : 7

View user profile

Back to top Go down

Re: Registry Data Items Infected:Trojan.DNSChanger

Post by Belahzur on Fri 24 Sep 2010, 8:44 am

Hello.
I wanted to do 1 more scan once the router hijack has been fixed, just a simple online scan.

The malware basically has changed your IP in the router from your ISP's DNS to a custom set malicious DNS which causes the hijack to keep coming back. Once the malicious DNS has been removed, all should be good.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Registry Data Items Infected:Trojan.DNSChanger

Post by rlewis on Fri 24 Sep 2010, 10:32 am

Hi..First thank you so much for taking time to help me it is well appreciated. I went online and talked to isp(Buckeye cable) thru online live chat and this is what they told me regarding my problem..

this is a partial copy of the conversation below:

Received:There should be a reset button on your actual router to push in.
Sent:ok I have a dnschnger virus and someone told me that my isp had to reset it because the virus has changed the settings
Received:No, actually we can't reset your router's settings even if we wanted to.
Sent:I believe the ip address has been changed...is that possible ?
Sent:this is what I was told by a friend:The malware basically has changed your IP in the router from your ISP's DNS to a custom set malicious DNS which causes the hijack to keep coming back. Once the malicious DNS has been removed, all should be good.
Sent:can you assist with this?
Sent:hello?
Received:This isn't something we can change from our end. Your 2 options are to log into your router and change the connections or press the reset button on the router so it goes back to the default settings.



So should I do what they said to do or try talking to someone else with the company?

rlewis

Newbie Surfer
Newbie Surfer

Posts : 10
Joined : 2010-09-21
Operating System : 7

View user profile

Back to top Go down

Re: Registry Data Items Infected:Trojan.DNSChanger

Post by Belahzur on Fri 24 Sep 2010, 7:51 pm

You can try, but if they aren't being very helpful, who set up your router in the first place, was it pre-set by your ISP?


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Registry Data Items Infected:Trojan.DNSChanger

Post by rlewis on Sun 26 Sep 2010, 9:46 am

hi again, ok heres the deal I live with someone else who is the only one that can actually call the isp and ask them to make changes. I was only able to go to there website and generelly ask the questions I did above with a online so called tech. My moms fiance thinks we can just keep turning it on and off and that will fix the problem. I told him to please call and asks them what you told me but he wont do it...soooo I guess that just leaves me in limbo.....if he shall ever call and do what you suggestged I guess Ill get back online and update you. Untill then I guess I will have to deal with this nuisance of a problem. which is driving me crazy(my computer is my best friend)...almost my only friend).....Is there anyway I can buy my own router and set it up seperatly then his? and if so do I still need to have access to the isp?or just buy a new one and replace his. I believe he set the router uphimself originally...Any other help or sugeestions you have for me to get around this problem I have will be greatly appreciated... Thank you so much

rlewis

Newbie Surfer
Newbie Surfer

Posts : 10
Joined : 2010-09-21
Operating System : 7

View user profile

Back to top Go down

Re: Registry Data Items Infected:Trojan.DNSChanger

Post by Belahzur on Sun 26 Sep 2010, 11:16 am

Hello.
I want to try this to check out your DNS settings.

Please download RenewMyDNS by DragonMaster Jay.
  • Save it to your Desktop.
  • Right-click on the file and select Extract All...
  • Choose a location to save extracted files and keep pressing Next until Finish.
  • Double-click RenewMyDNS folder, then double-click RenewMyDNS.bat to start the program.
  • Follow the prompts, and when finished it will launch a log.
  • Post that log in your next reply.
  • After posting the log, delete the folder RenewMyDNS.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Registry Data Items Infected:Trojan.DNSChanger

Post by rlewis on Sun 26 Sep 2010, 1:04 pm

hi Me again..hope I did it right..


RenewMyDNS by DragonMaster Jay
DNS Diagnostics and refresher
Version 0.1.4 - November 2009

Microsoft Windows [Version 6.1.7600]


(((((((((((((((((((( Network and DNS Information ))))))))))))))))))))



Windows IP Configuration

Host Name . . . . . . . . . . . . : Richelle-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8191SE Wireless LAN 802.11n PCI-E NIC
Physical Address. . . . . . . . . : 00-26-B6-84-92-5E
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::409b:899b:5e1:1994%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.4(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, September 25, 2010 9:50:56 PM
Lease Expires . . . . . . . . . . : Sunday, September 26, 2010 9:50:56 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 301999798
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-B0-E3-DB-00-26-6C-38-16-D6
DNS Servers . . . . . . . . . . . : 85.255.116.148
85.255.112.10
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : 00-26-6C-38-16-D6
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{A551FA16-B190-42BE-BCB5-F829172EE91D}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e74:34a8:13e9:e7ca:4daa(Preferred)
Link-local IPv6 Address . . . . . : fe80::34a8:13e9:e7ca:4daa%14(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

(((((((((((((((((((( DNS-Fake Request Testing and Flush ))))))))))))))))))))

... Requests made were successful

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.


(((((((((((((((((((( Speed-test - Ping ))))))))))))))))))))

Pinging yahoo.com [67.195.160.76] with 32 bytes of data:
Reply from 67.195.160.76: bytes=32 time=153ms TTL=51
Reply from 67.195.160.76: bytes=32 time=70ms TTL=51
Reply from 67.195.160.76: bytes=32 time=57ms TTL=51
Reply from 67.195.160.76: bytes=32 time=67ms TTL=51

Ping statistics for 67.195.160.76:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 57ms, Maximum = 153ms, Average = 86ms

Pinging GeekPolice.net [64.202.189.170] with 32 bytes of data:
Reply from 64.202.189.170: bytes=32 time=76ms TTL=118
Reply from 64.202.189.170: bytes=32 time=224ms TTL=118
Reply from 64.202.189.170: bytes=32 time=77ms TTL=118
Reply from 64.202.189.170: bytes=32 time=75ms TTL=118

Ping statistics for 64.202.189.170:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 75ms, Maximum = 224ms, Average = 113ms

Pinging facebook.com [69.63.189.16] with 32 bytes of data:
Reply from 69.63.189.16: bytes=32 time=32ms TTL=243
Reply from 69.63.189.16: bytes=32 time=31ms TTL=243
Reply from 69.63.189.16: bytes=32 time=30ms TTL=243
Reply from 69.63.189.16: bytes=32 time=30ms TTL=243

Ping statistics for 69.63.189.16:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 30ms, Maximum = 32ms, Average = 30ms

Pinging microsoft.com [207.46.197.32] with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 207.46.197.32:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

********************
EOF

rlewis

Newbie Surfer
Newbie Surfer

Posts : 10
Joined : 2010-09-21
Operating System : 7

View user profile

Back to top Go down

Re: Registry Data Items Infected:Trojan.DNSChanger

Post by Belahzur on Mon 27 Sep 2010, 1:43 am

Hello.
Yep, that shows the DNS hijack, it definitely the router that's been hijacked.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Registry Data Items Infected:Trojan.DNSChanger

Post by rlewis on Mon 27 Sep 2010, 7:46 am

ok.thank you Belahzur.So the only way to fix this is by talking to the isp people?

rlewis

Newbie Surfer
Newbie Surfer

Posts : 10
Joined : 2010-09-21
Operating System : 7

View user profile

Back to top Go down

Re: Registry Data Items Infected:Trojan.DNSChanger

Post by Sponsored content Today at 7:40 am


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum