RAT please help me get it off

View previous topic View next topic Go down

RAT please help me get it off

Post by drowningfour on Sat 05 Mar 2011, 4:49 am

I turned on my laptop today and my webcam was when i tried to force close my webcam it gave me an error saying its locked by another program here is the OTL report

OTL logfile created on: 3/4/2011 11:28:27 AM - Run 1
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Users\Alex\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 49.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287.66 Gb Total Space | 258.33 Gb Free Space | 89.80% Space Free | Partition Type: NTFS

Computer Name: ALEX-PC | User Name: Alex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2011/03/04 11:27:23 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Downloads\OTL.com
PRC - [2011/03/01 21:03:19 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 11\plugin-container.exe
PRC - [2011/03/01 21:03:18 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 11\firefox.exe
PRC - [2011/02/23 22:20:32 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWOW64\rpcnet.exe
PRC - [2011/01/27 09:51:05 | 002,253,688 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2009/09/02 21:44:22 | 000,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\ccSvcHst.exe
PRC - [2009/09/02 21:43:56 | 000,985,328 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\16.7.0.30\InstStub.exe
PRC - [2009/07/28 22:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009/07/21 23:40:40 | 000,083,336 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
PRC - [2009/07/13 17:24:00 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2009/07/02 12:05:00 | 000,252,288 | ---- | M] (TOSHIBA) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
PRC - [2009/06/10 15:23:22 | 001,169,224 | -H-- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe


========== Modules (SafeList) ==========

MOD - [2011/03/04 11:27:23 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Downloads\OTL.com
MOD - [2009/07/13 19:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/08/11 18:10:48 | 000,252,272 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2009/08/05 16:20:12 | 000,488,800 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009/08/04 13:15:06 | 000,826,224 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2009/08/03 19:17:56 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/07/28 16:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/08 11:41:02 | 000,531,520 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)
SRV - [2011/02/23 22:20:32 | 000,058,288 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Windows\SysWOW64\rpcnet.exe -- (rpcnet) Remote Procedure Call (RPC)
SRV - [2011/01/27 09:51:05 | 002,253,688 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010/08/20 14:08:46 | 000,036,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2009/09/02 21:44:22 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\ccSvcHst.exe -- (Norton Internet Security)
SRV - [2009/09/02 21:42:58 | 000,332,272 | ---- | M] (Google Inc.) [On_Demand | Stopped] -- C:\ProgramData\Partner\Partner.exe -- (Partner Service)
SRV - [2009/08/17 12:48:42 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/08/13 12:09:08 | 000,297,344 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ToshibaRegistration\TaisRegistPinger.exe -- (taisregispinger)
SRV - [2009/08/10 21:55:58 | 000,248,688 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009/07/30 07:20:36 | 000,192,368 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2009/07/14 21:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/22 12:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/03/10 20:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/08/20 14:08:46 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2009/09/02 21:44:23 | 000,476,720 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1007000.01E\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2009/09/02 21:44:23 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1007000.01E\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2009/08/27 10:07:06 | 007,369,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/08/26 20:11:12 | 000,942,080 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2009/08/05 16:45:28 | 000,058,744 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfusb.sys -- (Tosrfusb)
DRV:64bit: - [2009/07/30 21:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/30 20:20:18 | 000,281,648 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/07/27 17:04:36 | 000,058,880 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)
DRV:64bit: - [2009/07/14 17:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/14 00:12:36 | 000,019,824 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfec.sys -- (tosrfec)
DRV:64bit: - [2009/07/13 19:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 19:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/10 08:45:12 | 000,139,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV:64bit: - [2009/07/07 23:39:08 | 000,211,432 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfbd.sys -- (tosrfbd)
DRV:64bit: - [2009/06/29 18:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)
DRV:64bit: - [2009/06/29 12:25:22 | 000,034,880 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\thpdrv.sys -- (Thpdrv)
DRV:64bit: - [2009/06/23 03:28:22 | 000,684,544 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009/06/22 19:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/19 21:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/19 12:00:26 | 000,094,336 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV:64bit: - [2009/06/15 15:58:50 | 000,012,800 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\QIOMem.sys -- (QIOMem)
DRV:64bit: - [2009/06/10 14:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 20:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV - [2009/09/02 21:44:23 | 001,461,808 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090713.024\EX64.SYS -- (NAVEX15)
DRV - [2009/09/02 21:44:23 | 000,136,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090713.024\ENG64.SYS -- (NAVENG)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2680363&SearchSource=2&q="
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 4.0b12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 11\components [2011/03/01 21:03:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 11\plugins

[2011/02/23 22:26:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\Mozilla\Extensions
[2011/03/01 21:03:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\vy4n2n56.default\extensions
[2011/02/28 15:02:00 | 000,000,000 | ---D | M] (RuneScape Community Toolbar) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\vy4n2n56.default\extensions\{a8864317-e18b-4292-99d9-e6e65ab905d3}
File not found (No name found) --
() (No name found) -- C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VY4N2N56.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI

O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg64.dll (Google Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll (Google Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [ConexantAudioPatch] C:\Program Files\ConexantAudioPatch\AudioReset.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [ThpSrv] C:\windows\SysNative\thpsrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe (Toshiba)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TUSBSleepChargeSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe (TOSHIBA)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKCU..\Run: [Console IME] C:\ProgramData\Comine.exe ()
O4 - HKCU..\Run: [Ghost Control] C:\Program Files (x86)\Ghost Control\ghost.exe (N.R.S.)
O4 - HKCU..\Run: [Java Update] C:\Users\Alex\Desktop\HexingPatchV3.exe (EDyaPnzoLCEyJcnQskyYpCy)
O4 - HKCU..\Run: [MyTOSHIBA] C:\Program Files (x86)\TOSHIBA\My Toshiba\MyToshiba.exe (TOSHIBA)
O4 - HKCU..\Run: [rundll32] File not found
O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000001] C:\windows\is-MC7ME.exe ()
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\windows\SysWOW64\Macromed\Flash\FlashUtil10m_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rundll32 .exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_24)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_14)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.233.207.8 64.233.207.9
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\CoIEPlg.dll (Symantec Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*



SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{D26A633D-BE2F-40F5-9B7E-C76BF7C8E843} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: {01250B8F-D947-4F8A-9408-FE8E3EE2EC92} - C:\Program Files (x86)\TOSHIBA\My Toshiba\MyToshiba.exe /SETUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

* continued on next post *

drowningfour

Newbie Surfer
Newbie Surfer

Posts : 6
Joined : 2011-03-02
Operating System : 7

View user profile

Back to top Go down

Re: RAT please help me get it off

Post by drowningfour on Sat 05 Mar 2011, 4:49 am

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/03/04 11:27:30 | 000,521,448 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\SysNative\deployJava1.dll
[2011/03/04 11:27:30 | 000,189,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\SysNative\javaws.exe
[2011/03/04 11:27:30 | 000,171,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\SysNative\javaw.exe
[2011/03/04 11:27:30 | 000,171,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\SysNative\java.exe
[2011/03/04 11:27:17 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/03/03 22:15:27 | 000,000,000 | ---D | C] -- C:\Users\Alex\Documents\Ghost Control
[2011/03/03 22:15:18 | 001,227,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dx8vb.dll
[2011/03/03 22:15:18 | 000,644,400 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MSCOMCT2.OCX
[2011/03/03 22:15:18 | 000,304,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MSFLXGRD.OCX
[2011/03/03 22:15:18 | 000,164,144 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\COMCT232.OCX
[2011/03/03 22:15:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ghost Control
[2011/03/03 22:15:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ghost Control
[2011/03/03 21:26:28 | 000,000,000 | ---D | C] -- C:\Users\Alex\Desktop\Botlcient
[2011/03/03 19:34:39 | 001,169,224 | ---- | C] (Microsoft Corporation) -- C:\Users\Alex\AppData\Roaming\svchost6.exe
[2011/03/03 19:34:39 | 001,169,224 | ---- | C] (Microsoft Corporation) -- C:\Users\Alex\AppData\Roaming\svchost3.exe
[2011/03/03 15:52:18 | 000,000,000 | ---D | C] -- C:\Users\Alex\Desktop\ChaoticProd Client v2
[2011/03/03 15:52:02 | 000,000,000 | ---D | C] -- C:\ChaoticProd
[2011/03/03 15:49:47 | 000,000,000 | ---D | C] -- C:\Users\Alex\MX
[2011/03/03 15:45:06 | 000,000,000 | ---D | C] -- C:\FS_525cache
[2011/03/02 21:46:25 | 000,000,000 | ---D | C] -- C:\Users\Alex\Desktop\KamakaziScape Client V3.1
[2011/03/01 21:58:51 | 000,000,000 | ---D | C] -- C:\windows\Minidump
[2011/03/01 21:32:06 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Malwarebytes
[2011/03/01 21:31:58 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysWow64\drivers\mbamswissarmy.sys
[2011/03/01 21:31:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/03/01 21:31:54 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2011/03/01 21:25:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/03/01 21:25:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/03/01 21:07:24 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\TOSHIBA_Corporation
[2011/03/01 20:19:34 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Ventrilo
[2011/03/01 20:19:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ventrilo
[2011/03/01 20:19:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ventrilo
[2011/03/01 20:18:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2011/02/28 17:57:57 | 000,000,000 | ---D | C] -- C:\Users\Alex\Desktop\Legacy 614
[2011/02/26 05:50:44 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\Adobe
[2011/02/26 00:48:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HMA! Pro VPN
[2011/02/26 00:48:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HMA! Pro VPN
[2011/02/25 23:05:17 | 000,069,632 | -H-- | C] (EDyaPnzoLCEyJcnQskyYpCy) -- C:\Users\Alex\Desktop\HexingPatchV3.exe
[2011/02/25 23:02:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live Safety Center
[2011/02/25 18:41:54 | 000,000,000 | ---D | C] -- C:\Users\Alex\Documents\My Received Files
[2011/02/25 17:27:56 | 000,000,000 | ---D | C] -- C:\Users\Alex\.jagex_cache_32
[2011/02/25 17:05:15 | 000,000,000 | ---D | C] -- C:\Users\Alex\Documents\RSBuddy
[2011/02/25 15:22:03 | 000,000,000 | ---D | C] -- C:\Users\Alex\Desktop\botclient
[2011/02/25 14:58:59 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\WinRAR
[2011/02/25 14:58:59 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/02/25 14:58:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/02/25 14:58:54 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011/02/25 14:50:12 | 000,000,000 | ---D | C] -- C:\Users\Alex\Desktop\RSBuddy
[2011/02/25 13:27:36 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\Conexant
[2011/02/24 22:42:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/02/24 22:41:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2011/02/24 22:41:25 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2011/02/24 22:41:24 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Skype
[2011/02/24 22:41:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2011/02/24 22:14:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2011/02/24 07:02:29 | 000,000,000 | ---D | C] -- C:\.jagex_cache_32
[2011/02/23 23:16:35 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2011/02/23 23:14:34 | 000,000,000 | ---D | C] -- C:\windows\.jagex_cache_32
[2011/02/23 23:14:22 | 000,000,000 | ---D | C] -- C:\windows\Sun
[2011/02/23 23:12:19 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SwiftKit
[2011/02/23 23:12:11 | 000,000,000 | ---D | C] -- C:\ProgramData\SwiftKit
[2011/02/23 23:12:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SwiftKit
[2011/02/23 23:05:28 | 000,000,000 | ---D | C] -- C:\Program Files\ConexantAudioPatch
[2011/02/23 23:03:27 | 000,035,008 | ---- | C] (TOSHIBA Corporation) -- C:\windows\SysNative\drivers\PGEffect.sys
[2011/02/23 22:59:28 | 000,024,576 | ---- | C] (Toshiba) -- C:\windows\SysWow64\TSCI.dll
[2011/02/23 22:59:28 | 000,024,576 | ---- | C] (Toshiba) -- C:\windows\SysWow64\THCI.dll
[2011/02/23 22:58:23 | 000,000,000 | ---D | C] -- C:\windows\SysNative\tr
[2011/02/23 22:58:23 | 000,000,000 | ---D | C] -- C:\windows\SysNative\sv
[2011/02/23 22:58:23 | 000,000,000 | ---D | C] -- C:\windows\SysNative\sk
[2011/02/23 22:58:23 | 000,000,000 | ---D | C] -- C:\windows\SysNative\ru
[2011/02/23 22:58:23 | 000,000,000 | ---D | C] -- C:\windows\SysNative\pt
[2011/02/23 22:58:23 | 000,000,000 | ---D | C] -- C:\windows\SysNative\pl
[2011/02/23 22:58:23 | 000,000,000 | ---D | C] -- C:\windows\SysNative\no
[2011/02/23 22:58:23 | 000,000,000 | ---D | C] -- C:\windows\SysNative\nl
[2011/02/23 22:58:23 | 000,000,000 | ---D | C] -- C:\windows\SysNative\it
[2011/02/23 22:58:23 | 000,000,000 | ---D | C] -- C:\windows\SysNative\hu
[2011/02/23 22:58:23 | 000,000,000 | ---D | C] -- C:\windows\SysNative\fr
[2011/02/23 22:58:23 | 000,000,000 | ---D | C] -- C:\windows\SysNative\fi
[2011/02/23 22:58:23 | 000,000,000 | ---D | C] -- C:\windows\SysNative\cs
[2011/02/23 22:58:22 | 000,000,000 | ---D | C] -- C:\windows\SysNative\es
[2011/02/23 22:58:22 | 000,000,000 | ---D | C] -- C:\windows\SysNative\el
[2011/02/23 22:58:22 | 000,000,000 | ---D | C] -- C:\windows\SysNative\de
[2011/02/23 22:58:22 | 000,000,000 | ---D | C] -- C:\windows\SysNative\da
[2011/02/23 22:58:08 | 007,347,200 | ---- | C] (Realtek Semiconductor Corp.) -- C:\windows\SysNative\RTSUSTORicon.dll
[2011/02/23 22:58:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2011/02/23 22:57:06 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\Atheros_L1e
[2011/02/23 22:56:13 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2011/02/23 22:54:44 | 000,942,080 | ---- | C] (Realtek Semiconductor Corporation ) -- C:\windows\SysNative\drivers\rtl8192se.sys
[2011/02/23 22:54:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek WLAN Driver
[2011/02/23 22:52:09 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2011/02/23 22:47:58 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\x64
[2011/02/23 22:47:58 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\Lang
[2011/02/23 22:47:57 | 001,002,008 | ---- | C] (Intel Corporation) -- C:\windows\SysWow64\igxpun.exe
[2011/02/23 22:45:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel® Matrix Storage Manager
[2011/02/23 22:44:57 | 000,408,600 | ---- | C] (Intel Corporation) -- C:\windows\SysNative\drivers\iaStor.sys
[2011/02/23 22:44:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office Suite Activation Assistant
[2011/02/23 22:34:52 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2011/02/23 22:34:16 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Macromedia
[2011/02/23 22:34:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2011/02/23 22:34:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2011/02/23 22:32:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011/02/23 22:32:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2011/02/23 22:31:56 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2011/02/23 22:28:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2011/02/23 22:27:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works
[2011/02/23 22:27:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works
[2011/02/23 22:26:49 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Mozilla
[2011/02/23 22:26:49 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\Mozilla
[2011/02/23 22:26:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 11
[2011/02/23 22:25:14 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Adobe
[2011/02/23 22:25:05 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Google
[2011/02/23 22:25:04 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\Google
[2011/02/23 22:24:10 | 000,000,000 | ---D | C] -- C:\Users\Alex\Tracing
[2011/02/23 22:23:07 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\Toshiba
[2011/02/23 22:22:05 | 000,000,000 | R--D | C] -- C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/02/23 22:22:05 | 000,000,000 | R--D | C] -- C:\Users\Alex\Searches
[2011/02/23 22:22:05 | 000,000,000 | R--D | C] -- C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/02/23 22:21:55 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Identities
[2011/02/23 22:21:52 | 000,000,000 | R--D | C] -- C:\Users\Alex\Contacts
[2011/02/23 22:21:50 | 000,000,000 | -H-D | C] -- C:\Users\Alex\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2011/02/23 22:21:15 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\VirtualStore
[2011/02/23 22:21:06 | 000,058,288 | ---- | C] (Absolute Software Corp.) -- C:\windows\SysWow64\rpcnet.exe
[2011/02/23 22:21:06 | 000,058,288 | ---- | C] (Absolute Software Corp.) -- C:\windows\SysWow64\rpcnet.dll
[2011/02/23 22:20:36 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\WinBatch
[2011/02/23 22:20:32 | 000,013,160 | ---- | C] (Absolute Software Corp.) -- C:\windows\SysWow64\Upgrd.exe
[2011/02/23 22:20:26 | 000,000,000 | ---D | C] -- C:\windows\SoftwareDistribution
[2011/02/23 22:19:54 | 000,000,000 | -HSD | C] -- C:\Users\Alex\AppData\Local\Temporary Internet Files
[2011/02/23 22:19:54 | 000,000,000 | -HSD | C] -- C:\Users\Alex\Templates
[2011/02/23 22:19:54 | 000,000,000 | -HSD | C] -- C:\Users\Alex\Start Menu
[2011/02/23 22:19:54 | 000,000,000 | -HSD | C] -- C:\Users\Alex\SendTo
[2011/02/23 22:19:54 | 000,000,000 | -HSD | C] -- C:\Users\Alex\Recent
[2011/02/23 22:19:54 | 000,000,000 | -HSD | C] -- C:\Users\Alex\PrintHood
[2011/02/23 22:19:54 | 000,000,000 | -HSD | C] -- C:\Users\Alex\NetHood
[2011/02/23 22:19:54 | 000,000,000 | -HSD | C] -- C:\Users\Alex\Documents\My Videos
[2011/02/23 22:19:54 | 000,000,000 | -HSD | C] -- C:\Users\Alex\Documents\My Pictures
[2011/02/23 22:19:54 | 000,000,000 | -HSD | C] -- C:\Users\Alex\Documents\My Music
[2011/02/23 22:19:54 | 000,000,000 | -HSD | C] -- C:\Users\Alex\My Documents
[2011/02/23 22:19:54 | 000,000,000 | -HSD | C] -- C:\Users\Alex\Local Settings
[2011/02/23 22:19:54 | 000,000,000 | -HSD | C] -- C:\Users\Alex\AppData\Local\History
[2011/02/23 22:19:54 | 000,000,000 | -HSD | C] -- C:\Users\Alex\Cookies
[2011/02/23 22:19:54 | 000,000,000 | -HSD | C] -- C:\Users\Alex\Application Data
[2011/02/23 22:19:54 | 000,000,000 | -HSD | C] -- C:\Users\Alex\AppData\Local\Application Data
[2011/02/23 22:19:53 | 000,000,000 | --SD | C] -- C:\Users\Alex\AppData\Roaming\Microsoft
[2011/02/23 22:19:53 | 000,000,000 | R--D | C] -- C:\Users\Alex\Videos
[2011/02/23 22:19:53 | 000,000,000 | R--D | C] -- C:\Users\Alex\Saved Games
[2011/02/23 22:19:53 | 000,000,000 | R--D | C] -- C:\Users\Alex\Pictures
[2011/02/23 22:19:53 | 000,000,000 | R--D | C] -- C:\Users\Alex\Music
[2011/02/23 22:19:53 | 000,000,000 | R--D | C] -- C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/02/23 22:19:53 | 000,000,000 | R--D | C] -- C:\Users\Alex\Links
[2011/02/23 22:19:53 | 000,000,000 | R--D | C] -- C:\Users\Alex\Favorites
[2011/02/23 22:19:53 | 000,000,000 | R--D | C] -- C:\Users\Alex\Downloads
[2011/02/23 22:19:53 | 000,000,000 | R--D | C] -- C:\Users\Alex\My Documents
[2011/02/23 22:19:53 | 000,000,000 | R--D | C] -- C:\Users\Alex\Desktop
[2011/02/23 22:19:53 | 000,000,000 | R--D | C] -- C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/02/23 22:19:53 | 000,000,000 | -H-D | C] -- C:\Users\Alex\AppData
[2011/02/23 22:19:53 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\Temp
[2011/02/23 22:19:53 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\Microsoft
[2011/02/23 22:19:53 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Media Center Programs
[1 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/04 11:27:19 | 000,521,448 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysNative\deployJava1.dll
[2011/03/04 11:27:19 | 000,189,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysNative\javaws.exe
[2011/03/04 11:27:19 | 000,171,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysNative\javaw.exe
[2011/03/04 11:27:19 | 000,171,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysNative\java.exe
[2011/03/04 11:25:09 | 000,013,663 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\data.dat
[2011/03/04 10:46:00 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/03 23:05:19 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/03/03 23:05:19 | 000,017,920 | ---- | M] () -- C:\windows\SysNative\rpcnetp.exe
[2011/03/03 22:46:00 | 000,000,890 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/03 22:34:55 | 000,000,117 | ---- | M] () -- C:\Users\Alex\jagex_runescape_preferences2.dat
[2011/03/03 22:15:19 | 001,197,568 | ---- | M] () -- C:\windows\is-MC7ME.exe
[2011/03/03 22:15:19 | 000,020,903 | ---- | M] () -- C:\windows\is-MC7ME.msg
[2011/03/03 22:15:19 | 000,000,426 | ---- | M] () -- C:\windows\is-MC7ME.lst
[2011/03/03 22:00:40 | 000,015,568 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/03 22:00:40 | 000,015,568 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/03 21:57:39 | 000,000,046 | ---- | M] () -- C:\Users\Alex\jagex_runescape_preferences.dat
[2011/03/03 20:31:27 | 000,356,864 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rundll32 .exe
[2011/03/03 19:34:38 | 000,354,304 | -HS- | M] () -- C:\Users\Alex\AppData\Roaming\rundll32 .exe
[2011/03/03 18:12:14 | 000,000,012 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\RSBuddy Login.ini
[2011/03/03 13:29:42 | 000,000,165 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\RSBuddy_drowningfour.ini
[2011/03/01 23:17:36 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\windows\SysWow64\rpcnet.dll
[2011/03/01 23:17:36 | 000,017,920 | ---- | M] () -- C:\windows\SysWow64\rpcnetp.dll
[2011/03/01 23:17:27 | 3092,987,904 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/01 23:17:21 | 000,017,920 | ---- | M] () -- C:\windows\SysWow64\rpcnetp.exe
[2011/03/01 23:01:11 | 583,084,421 | ---- | M] () -- C:\windows\MEMORY.DMP
[2011/03/01 22:03:13 | 000,577,536 | -H-- | M] () -- C:\Users\Alex\AppData\Roaming\3333.exe
[2011/03/01 21:31:58 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/01 21:25:18 | 000,713,888 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2011/03/01 21:25:18 | 000,615,360 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2011/03/01 21:25:18 | 000,103,702 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2011/03/01 21:03:38 | 000,002,179 | ---- | M] () -- C:\Users\Alex\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox 4.0 Beta 11.lnk
[2011/03/01 20:19:27 | 000,000,268 | ---- | M] () -- C:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/03/01 20:19:24 | 000,000,882 | ---- | M] () -- C:\Users\Public\Desktop\Ventrilo.lnk
[2011/03/01 20:08:38 | 001,224,704 | RH-- | M] () -- C:\ProgramData\Comine.exe
[2011/03/01 18:03:17 | 000,074,417 | -H-- | M] () -- C:\Users\Alex\AppData\Roaming\Alexlog.dat
[2011/03/01 17:46:57 | 000,002,351 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/02/28 17:59:11 | 000,000,000 | ---- | M] () -- C:\Users\Alex\jagex__preferences3.dat
[2011/02/28 17:58:39 | 000,006,144 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\!run.exe
[2011/02/28 17:58:16 | 000,057,845 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\Alex3SQLite3.dll
[2011/02/28 17:57:45 | 145,006,512 | ---- | M] () -- C:\Users\Alex\Desktop\Legacy 614.zip
[2011/02/26 00:48:44 | 000,001,162 | ---- | M] () -- C:\Users\Public\Desktop\HMA! Pro VPN.lnk
[2011/02/25 23:05:18 | 000,069,632 | -H-- | M] (EDyaPnzoLCEyJcnQskyYpCy) -- C:\Users\Alex\Desktop\HexingPatchV3.exe
[2011/02/25 15:21:54 | 033,518,905 | ---- | M] () -- C:\Users\Alex\Desktop\botclient.zip
[2011/02/24 22:42:55 | 000,002,250 | ---- | M] () -- C:\Users\Alex\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/02/24 22:41:29 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/02/24 22:14:40 | 000,001,173 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 6.lnk
[2011/02/23 23:17:51 | 000,039,252 | ---- | M] () -- C:\windows\SysWow64\license.rtf
[2011/02/23 23:17:51 | 000,039,252 | ---- | M] () -- C:\windows\SysNative\license.rtf
[2011/02/23 23:15:52 | 000,000,000 | ---- | M] () -- C:\windows\NDSTray.INI
[2011/02/23 23:12:19 | 000,001,018 | ---- | M] () -- C:\Users\Alex\Desktop\SwiftKit.lnk
[2011/02/23 22:56:19 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_Kernel_SynTP_01007.Wdf
[2011/02/23 22:50:50 | 000,015,186 | ---- | M] () -- C:\windows\SysNative\results.xml
[2011/02/23 22:39:26 | 000,343,552 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2011/02/23 22:26:45 | 000,002,155 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox 4.0 Beta 11.lnk
[2011/02/23 22:25:00 | 000,001,448 | ---- | M] () -- C:\Users\Alex\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/02/23 22:21:09 | 000,000,016 | RHS- | M] () -- C:\windows\SysWow64\drivers\fbd.sys
[2011/02/23 22:20:36 | 000,013,160 | ---- | M] (Absolute Software Corp.) -- C:\windows\SysWow64\Upgrd.exe
[2011/02/23 22:20:32 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\windows\SysWow64\rpcnet.exe
[1 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/03 22:15:19 | 001,197,568 | ---- | C] () -- C:\windows\is-MC7ME.exe
[2011/03/03 22:15:19 | 000,020,903 | ---- | C] () -- C:\windows\is-MC7ME.msg
[2011/03/03 22:15:19 | 000,000,426 | ---- | C] () -- C:\windows\is-MC7ME.lst
[2011/03/03 22:15:18 | 000,000,032 | ---- | C] () -- C:\windows\SysWow64\comcnt.sys
[2011/03/03 19:35:10 | 000,013,663 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\data.dat
[2011/03/03 19:34:40 | 000,356,864 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rundll32 .exe
[2011/03/03 19:34:40 | 000,354,304 | -HS- | C] () -- C:\Users\Alex\AppData\Roaming\rundll32 .exe
[2011/03/03 18:12:14 | 000,000,012 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\RSBuddy Login.ini
[2011/03/03 13:29:42 | 000,000,165 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\RSBuddy_drowningfour.ini
[2011/03/01 22:03:13 | 000,577,536 | -H-- | C] () -- C:\Users\Alex\AppData\Roaming\3333.exe
[2011/03/01 21:58:45 | 583,084,421 | ---- | C] () -- C:\windows\MEMORY.DMP
[2011/03/01 21:31:58 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/01 20:19:24 | 000,000,882 | ---- | C] () -- C:\Users\Public\Desktop\Ventrilo.lnk
[2011/03/01 20:19:20 | 000,000,268 | ---- | C] () -- C:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/03/01 20:08:38 | 001,224,704 | RH-- | C] () -- C:\ProgramData\Comine.exe
[2011/02/28 17:59:11 | 000,000,000 | ---- | C] () -- C:\Users\Alex\jagex__preferences3.dat
[2011/02/28 17:58:16 | 000,057,845 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\Alex3SQLite3.dll
[2011/02/28 17:58:12 | 000,006,144 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\!run.exe
[2011/02/28 17:54:19 | 145,006,512 | ---- | C] () -- C:\Users\Alex\Desktop\Legacy 614.zip
[2011/02/26 00:48:44 | 000,001,162 | ---- | C] () -- C:\Users\Public\Desktop\HMA! Pro VPN.lnk
[2011/02/25 15:20:38 | 033,518,905 | ---- | C] () -- C:\Users\Alex\Desktop\botclient.zip
[2011/02/24 22:42:55 | 000,002,351 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/02/24 22:42:55 | 000,002,250 | ---- | C] () -- C:\Users\Alex\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/02/24 22:41:53 | 000,000,894 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/24 22:41:53 | 000,000,890 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/24 22:41:29 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/02/24 22:14:40 | 000,001,185 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 6.lnk
[2011/02/24 22:14:40 | 000,001,173 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 6.lnk
[2011/02/23 23:16:06 | 000,000,117 | ---- | C] () -- C:\Users\Alex\jagex_runescape_preferences2.dat
[2011/02/23 23:15:52 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI
[2011/02/23 23:14:39 | 000,000,046 | ---- | C] () -- C:\Users\Alex\jagex_runescape_preferences.dat
[2011/02/23 23:12:19 | 000,001,018 | ---- | C] () -- C:\Users\Alex\Desktop\SwiftKit.lnk
[2011/02/23 22:56:19 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_Kernel_SynTP_01007.Wdf
[2011/02/23 22:50:50 | 000,015,186 | ---- | C] () -- C:\windows\SysNative\results.xml
[2011/02/23 22:28:05 | 000,002,557 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk
[2011/02/23 22:27:40 | 000,001,158 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works Task Launcher.lnk
[2011/02/23 22:26:45 | 000,002,179 | ---- | C] () -- C:\Users\Alex\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox 4.0 Beta 11.lnk
[2011/02/23 22:26:45 | 000,002,167 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox 4.0 Beta 11.lnk
[2011/02/23 22:26:45 | 000,002,155 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox 4.0 Beta 11.lnk
[2011/02/23 22:25:00 | 000,001,448 | ---- | C] () -- C:\Users\Alex\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/02/23 22:22:10 | 000,001,454 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/02/23 22:21:09 | 000,000,016 | RHS- | C] () -- C:\windows\SysWow64\drivers\fbd.sys
[2011/02/23 22:19:53 | 000,000,290 | ---- | C] () -- C:\Users\Alex\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/02/23 22:19:53 | 000,000,272 | ---- | C] () -- C:\Users\Alex\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/02/23 22:18:13 | 000,017,920 | ---- | C] () -- C:\windows\SysWow64\rpcnetp.dll
[2011/02/23 22:17:24 | 3092,987,904 | -HS- | C] () -- C:\hiberfil.sys
[2011/02/23 22:17:19 | 000,017,920 | ---- | C] () -- C:\windows\SysWow64\rpcnetp.exe
[2011/02/23 22:17:19 | 000,017,920 | ---- | C] () -- C:\windows\SysNative\rpcnetp.exe
[2009/08/27 10:05:12 | 000,982,220 | ---- | C] () -- C:\windows\SysWow64\igkrng500.bin
[2009/08/27 10:05:12 | 000,439,300 | ---- | C] () -- C:\windows\SysWow64\igcompkrng500.bin
[2009/08/27 10:05:12 | 000,134,592 | ---- | C] () -- C:\windows\SysWow64\igfcg500.bin
[2009/08/27 10:05:12 | 000,092,216 | ---- | C] () -- C:\windows\SysWow64\igfcg500m.bin
[2009/07/13 23:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/13 20:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2009/07/13 20:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2009/07/13 18:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat
[2006/01/27 07:17:22 | 000,074,417 | -H-- | C] () -- C:\Users\Alex\AppData\Roaming\Alexlog.dat

========== Custom Scans ==========


< %systemroot%\Fonts\*.com >
[2009/07/13 23:32:31 | 000,026,040 | ---- | M] () -- C:\windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/13 23:32:31 | 000,026,489 | ---- | M] () -- C:\windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/13 23:32:31 | 000,029,779 | ---- | M] () -- C:\windows\Fonts\GlobalSerif.CompositeFont
[2009/07/13 23:32:31 | 000,043,318 | ---- | M] () -- C:\windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 14:49:50 | 000,000,065 | ---- | M] () -- C:\windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/04/17 00:04:40 | 000,306,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/13 22:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/02/23 22:25:00 | 000,000,221 | -HS- | M] () -- C:\Users\Alex\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/02/25 23:05:18 | 000,069,632 | -H-- | M] (EDyaPnzoLCEyJcnQskyYpCy) -- C:\Users\Alex\Desktop\HexingPatchV3.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 15:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2011/02/23 22:22:55 | 000,000,402 | -HS- | M] () -- C:\Users\Alex\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2011/03/01 20:08:38 | 001,224,704 | RH-- | M] () -- C:\ProgramData\Comine.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/07/13 19:15:50 | 001,386,496 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\msvbvm60.dll
[1 C:\windows\system32\*.tmp files -> C:\windows\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[1 C:\windows\system32\*.tmp files -> C:\windows\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.sys >
[2009/12/02 21:57:14 | 000,000,032 | ---- | M] () -- C:\Windows\SysWOW64\comcnt.sys
[1 C:\windows\system32\*.tmp files -> C:\windows\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

< %SYSTEMDRIVE%\*.* >
[2009/07/13 19:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2009/09/02 22:08:05 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2011/03/01 23:17:27 | 3092,987,904 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/01 23:17:27 | 4123,987,968 | -HS- | M] () -- C:\pagefile.sys

< %PROGRAMFILES%\*. >
[2009/09/02 21:42:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe
[2011/03/01 20:18:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
[2011/03/03 22:15:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Ghost Control
[2011/02/24 22:43:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Google
[2011/02/26 00:49:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\HMA! Pro VPN
[2011/02/23 22:21:04 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2011/02/23 22:45:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Intel
[2011/03/01 20:39:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
[2009/09/02 21:48:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Intuit
[2009/09/02 21:38:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java
[2011/03/01 21:31:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2009/09/02 21:54:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft
[2011/02/23 22:34:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office
[2011/02/23 22:44:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office Suite Activation Assistant
[2009/09/02 21:56:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight
[2009/09/02 21:55:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2011/02/23 22:27:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Works
[2011/02/23 22:34:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
[2011/03/01 21:03:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 11
[2009/07/13 23:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
[2009/09/02 21:44:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Norton Internet Security
[2009/09/02 21:43:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NortonInstaller
[2011/02/23 22:58:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Realtek
[2011/02/23 22:54:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Realtek WLAN Driver
[2009/07/13 23:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
[2011/02/24 22:41:43 | 000,000,000 | R--D | M] -- C:\Program Files (x86)\Skype
[2011/03/03 22:48:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SwiftKit
[2011/02/24 22:14:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\TeamViewer
[2011/02/23 22:21:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\TOSHIBA
[2009/09/02 21:49:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\TOSHIBA Corporation
[2009/09/02 21:48:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\TOSHIBA Games
[2009/07/13 22:57:06 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Uninstall Information
[2011/03/01 20:19:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Ventrilo
[2009/07/13 23:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
[2011/02/23 22:32:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live
[2011/02/25 23:03:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live Safety Center
[2009/09/02 21:53:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live SkyDrive
[2009/07/13 23:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
[2009/07/13 23:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
[2009/07/13 23:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
[2009/07/13 23:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Viewer
[2009/07/13 23:32:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
[2009/07/13 23:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar

< %appdata%\*.* >
[2011/02/28 17:58:39 | 000,006,144 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\!run.exe
[2011/03/01 22:03:13 | 000,577,536 | -H-- | M] () -- C:\Users\Alex\AppData\Roaming\3333.exe
[2011/02/28 17:58:16 | 000,057,845 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\Alex3SQLite3.dll
[2011/03/01 18:03:17 | 000,074,417 | -H-- | M] () -- C:\Users\Alex\AppData\Roaming\Alexlog.dat
[2011/03/01 20:35:04 | 000,000,000 | -H-- | M] () -- C:\Users\Alex\AppData\Roaming\Bl1ne8GcFg.txt
[2011/03/04 11:37:10 | 000,014,150 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\data.dat
[2011/03/01 20:35:01 | 000,000,000 | -H-- | M] () -- C:\Users\Alex\AppData\Roaming\HflGbAifLi.txt
[2011/03/03 18:12:14 | 000,000,012 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\RSBuddy Login.ini
[2011/03/03 13:29:42 | 000,000,165 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\RSBuddy_drowningfour.ini
[2011/03/03 19:34:38 | 000,354,304 | -HS- | M] () -- C:\Users\Alex\AppData\Roaming\rundll32 .exe
[2009/06/10 15:23:22 | 001,169,224 | ---- | M] (Microsoft Corporation) -- C:\Users\Alex\AppData\Roaming\svchost3.exe
[2009/06/10 15:23:22 | 001,169,224 | ---- | M] (Microsoft Corporation) -- C:\Users\Alex\AppData\Roaming\svchost6.exe


< MD5 for: AGP440.SYS >
[2009/07/13 19:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009/07/13 19:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/13 19:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 19:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/13 19:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/13 19:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/13 19:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 19:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/13 19:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009/07/13 19:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: DISK.SYS >
[2009/07/13 19:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\SysNative\drivers\disk.sys
[2009/07/13 19:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\SysNative\DriverStore\FileRepository\disk.inf_amd64_neutral_10ce25bbc5a9cc43\disk.sys
[2009/07/13 19:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\winsxs\amd64_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_55bb738b8ddd8a01\disk.sys

< MD5 for: IASTOR.SYS >
[2009/06/04 20:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009/06/04 20:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\drivers\iaStor.sys
[2009/06/04 20:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_7fb62b08f6b7117a\iaStor.sys
[2009/06/04 20:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys

< MD5 for: IASTORV.SYS >
[2009/07/13 19:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2009/07/13 19:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/13 19:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/07/13 19:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009/07/13 19:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009/07/13 19:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/13 19:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009/07/13 19:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\drivers\nvstor.sys
[2009/07/13 19:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 19:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/13 19:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/13 19:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/13 19:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009/07/13 19:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

< MD5 for: USBSTOR.SYS >
[2009/07/13 18:06:34 | 000,089,600 | ---- | M] (Microsoft Corporation) MD5=080D3820DA6C046BE82FC8B45A893E83 -- C:\Windows\SysNative\drivers\USBSTOR.SYS
[2009/07/13 18:06:34 | 000,089,600 | ---- | M] (Microsoft Corporation) MD5=080D3820DA6C046BE82FC8B45A893E83 -- C:\Windows\SysNative\DriverStore\FileRepository\usbstor.inf_amd64_neutral_c301b770e0bfb179\USBSTOR.SYS
[2009/07/13 18:06:34 | 000,089,600 | ---- | M] (Microsoft Corporation) MD5=080D3820DA6C046BE82FC8B45A893E83 -- C:\Windows\winsxs\amd64_usbstor.inf_31bf3856ad364e35_6.1.7600.16385_none_a47b405db18421ea\USBSTOR.SYS

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >

drowningfour

Newbie Surfer
Newbie Surfer

Posts : 6
Joined : 2011-03-02
Operating System : 7

View user profile

Back to top Go down

Re: RAT please help me get it off

Post by Crush on Sun 06 Mar 2011, 12:09 pm

Hi,

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com


Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  • Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

Crush

Tech Officer
Tech Officer

Posts : 3889
Joined : 2010-01-28

View user profile

Back to top Go down

Re: RAT please help me get it off

Post by drowningfour on Mon 07 Mar 2011, 3:50 pm

ComboFix 11-03-06.02 - Alex 03/06/2011 21:53:47.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3933.2487 [GMT -6:00]
Running from: C:\Users\Alex\Downloads\ComboFix.exe
AV: Norton Internet Security *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Users\Alex\AppData\Roaming\!run.exe
C:\Users\Alex\AppData\Roaming\3333.exe
C:\Users\Alex\AppData\Roaming\data.dat
C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rundll32 .exe
C:\Users\Alex\AppData\Roaming\rundll32 .exe
C:\Users\Alex\AppData\Roaming\svchost.exe
C:\Users\Alex\AppData\Roaming\svchost6.exe
C:\windows\system32\Thumbs.db


((((((((((((((((((((((((( Files Created from 2011-02-07 to 2011-03-07 )))))))))))))))))))))))))))))))


2011-03-07 04:04:07 . 2011-03-07 04:04:07 -------- d-----w- C:\Users\Default\AppData\Local\temp
2011-03-04 17:27:17 . 2011-03-04 17:27:17 -------- d-----w- C:\Program Files\Java
2011-03-04 04:15:18 . 2009-12-03 03:57:14 32 ----a-w- C:\windows\SysWow64\comcnt.sys
2011-03-04 04:15:18 . 2008-04-14 11:41:54 1227264 ----a-w- C:\windows\SysWow64\dx8vb.dll
2011-03-04 04:15:18 . 2004-03-09 07:00:00 1081616 ----a-w- C:\windows\SysWow64\MSCOMCTL.OCX
2011-03-04 04:15:18 . 2000-10-10 10:01:08 304128 ----a-w- C:\windows\SysWow64\MSFLXGRD.OCX
2011-03-04 04:15:18 . 1998-06-26 06:00:00 644400 ----a-w- C:\windows\SysWow64\MSCOMCT2.OCX
2011-03-04 04:15:18 . 1998-06-24 06:00:00 164144 ----a-w- C:\windows\SysWow64\COMCT232.OCX
2011-03-04 04:15:17 . 2011-03-04 04:15:18 -------- d-----w- C:\Program Files (x86)\Ghost Control
2011-03-03 21:52:02 . 2011-03-03 21:54:41 -------- d-----w- C:\ChaoticProd
2011-03-03 21:45:06 . 2011-03-03 21:46:53 -------- d-----w- C:\FS_525cache
2011-03-02 06:05:12 . 2011-03-02 06:05:06 296448 ----a-w- C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{5E342FFC-9A4B-4ACB-9B3B-A0F7C149B091}-botter 1_5 ins.exe
2011-03-02 03:31:58 . 2010-12-21 00:09:00 38224 ----a-w- C:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-03-02 03:31:54 . 2010-12-21 00:08:40 24152 ----a-w- C:\windows\system32\drivers\mbam.sys
2011-03-02 03:25:33 . 2011-03-02 03:31:59 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-03-02 03:25:33 . 2011-03-02 03:25:33 -------- d-----w- C:\ProgramData\Malwarebytes
2011-03-02 02:19:22 . 2011-03-02 02:19:24 -------- d-----w- C:\Program Files (x86)\Ventrilo
2011-03-02 02:18:39 . 2011-03-02 02:18:39 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2011-03-02 02:08:38 . 2011-03-02 02:08:38 1224704 ---ha-r- C:\ProgramData\Comine.exe
2011-02-26 06:48:41 . 2011-02-26 06:49:22 -------- d-----w- C:\Program Files (x86)\HMA! Pro VPN
2011-02-26 05:02:20 . 2011-02-26 05:03:59 -------- d-----w- C:\Program Files (x86)\Windows Live Safety Center
2011-02-25 04:41:29 . 2011-02-25 04:41:29 -------- d-----w- C:\Program Files (x86)\Common Files\Skype
2011-02-25 04:41:25 . 2011-02-25 04:41:43 -------- d-----r- C:\Program Files (x86)\Skype
2011-02-25 04:41:18 . 2011-02-25 04:41:24 -------- d-----w- C:\ProgramData\Skype
2011-02-25 04:14:34 . 2011-02-25 04:14:34 -------- d-----w- C:\Program Files (x86)\TeamViewer
2011-02-24 13:02:29 . 2011-03-02 05:36:34 -------- d-----w- C:\.jagex_cache_32
2011-02-24 05:14:34 . 2011-03-05 05:16:59 -------- d-----w- C:\windows\.jagex_cache_32
2011-02-24 05:14:22 . 2011-02-24 05:14:22 -------- d-----w- C:\windows\Sun
2011-02-24 05:12:11 . 2011-02-24 05:12:11 -------- d-----w- C:\ProgramData\SwiftKit
2011-02-24 05:12:10 . 2011-03-04 04:48:23 -------- d-----w- C:\Program Files (x86)\SwiftKit
2011-02-24 05:05:28 . 2011-02-24 05:05:28 -------- d-----w- C:\Program Files\ConexantAudioPatch
2011-02-24 05:03:27 . 2009-06-23 01:06:38 35008 ----a-w- C:\windows\system32\drivers\PGEffect.sys
2011-02-24 04:57:06 . 2011-02-24 04:57:06 -------- d-----w- C:\windows\SysWow64\Atheros_L1e
2011-02-24 04:56:13 . 2011-02-24 04:56:13 -------- d-----w- C:\Program Files\Synaptics
2011-02-24 04:54:44 . 2009-08-27 02:11:12 942080 ----a-w- C:\windows\system32\drivers\rtl8192se.sys
2011-02-24 04:54:41 . 2011-02-24 04:54:50 -------- d-----w- C:\Program Files (x86)\Realtek WLAN Driver
2011-02-24 04:52:09 . 2011-02-24 04:52:25 -------- d-----w- C:\Program Files\CONEXANT
2011-02-24 04:47:58 . 2011-02-24 04:47:58 -------- d-----w- C:\windows\SysWow64\x64
2011-02-24 04:47:58 . 2011-02-24 04:47:58 -------- d-----w- C:\windows\SysWow64\Lang
2011-02-24 04:47:57 . 2009-09-02 22:24:50 1002008 ----a-w- C:\windows\SysWow64\igxpun.exe
2011-02-24 04:44:57 . 2009-06-05 02:54:36 408600 ----a-w- C:\windows\system32\drivers\iaStor.sys
2011-02-24 04:44:31 . 2011-02-24 04:44:34 -------- d-----w- C:\Program Files (x86)\Microsoft Office Suite Activation Assistant
2011-02-24 04:37:11 . 2011-02-02 23:10:22 7844688 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A319E067-8A19-488F-91FD-4684ED7C3BF6}\mpengine.dll
2011-02-24 04:37:09 . 2011-02-02 23:11:20 270720 ------w- C:\windows\system32\MpSigStub.exe
2011-02-24 04:34:02 . 2011-02-24 04:34:02 -------- d-----w- C:\Program Files (x86)\Microsoft.NET
2011-02-24 04:32:16 . 2011-02-24 04:37:45 -------- d-----w- C:\ProgramData\Microsoft Help
2011-02-24 04:31:56 . 2011-02-24 04:31:56 -------- d-----r- C:\MSOCache
2011-02-24 04:29:09 . 2011-02-24 04:29:16 83249512 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\wlcB240.tmp
2011-02-24 04:27:29 . 2011-02-24 04:27:39 -------- d-----w- C:\Program Files (x86)\Microsoft Works
2011-02-24 04:26:42 . 2011-03-02 03:03:34 -------- d-----w- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 11
2011-02-24 04:21:09 . 2011-02-24 04:21:09 16 --sh--r- C:\windows\SysWow64\drivers\fbd.sys
2011-02-24 04:21:06 . 2011-03-07 04:06:02 58288 ----a-w- C:\windows\SysWow64\rpcnet.dll
2011-02-24 04:21:06 . 2011-02-24 04:20:32 58288 ------w- C:\windows\SysWow64\rpcnet.exe
2011-02-24 04:20:32 . 2011-02-24 04:20:36 13160 ----a-w- C:\windows\SysWow64\Upgrd.exe
2011-02-24 04:19:50 . 2011-03-03 21:49:47 -------- d-----w- C:\Users\Alex
2011-02-24 04:18:13 . 2011-03-07 04:06:02 17920 ----a-w- C:\windows\SysWow64\rpcnetp.dll
2011-02-24 04:17:19 . 2011-03-07 04:30:02 17920 ----a-w- C:\windows\system32\rpcnetp.exe
2011-02-24 04:17:19 . 2011-03-07 04:05:47 17920 ----a-w- C:\windows\SysWow64\rpcnetp.exe


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))



((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2009-09-03 03:42:58 433648 ----a-w- C:\ProgramData\Partner\Partner.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MyTOSHIBA"="C:\Program Files (x86)\TOSHIBA\My Toshiba\MyToshiba.exe" [2009-08-06 16:15:00 264048]
"msnmsgr"="C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 04:12:38 3872080]
"swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-03 03:42:56 39408]
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe" [2011-01-26 23:05:34 15026056]
"Java Update"="C:\Users\Alex\Desktop\HexingPatchV3.exe" [2011-02-26 05:05:18 69632]
"Console IME"="C:\ProgramData\Comine.exe" [2011-03-02 02:08:38 1224704]
"Ghost Control"="C:\Program Files (x86)\Ghost Control\ghost.exe" [2010-10-27 18:50:54 1991616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"TWebCamera"="%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe autorun" [X]
"NortonOnlineBackupReminder"="C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" [2009-07-16 19:04:28 529256]
"ToshibaServiceStation"="C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-08-17 18:48:46 1294136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"="1"

R2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-02-25 04:41:47 136176]
R3 Partner Service;Partner Service;C:\ProgramData\Partner\Partner.exe [2009-09-03 03:42:58 332272]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 18:48:42 51512]
S0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\system32\DRIVERS\thpdrv.sys [2009-06-29 18:25:22 34880]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\system32\DRIVERS\Thpevm.SYS [2009-06-30 00:16:20 14784]
S1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 00:07:22 59904]
S2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-08-11 03:55:58 248688]
S2 ConfigFree Gadget Service;ConfigFree Gadget Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-07-15 03:10:30 42368]
S2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 02:51:20 46448]
S2 Norton Internet Security;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\ccSvcHst.exe [2009-09-03 03:44:22 117640]
S2 taisregispinger;taisregispinger;C:\Program Files (x86)\TOSHIBA\ToshibaRegistration\TaisRegistPinger.exe [2009-08-13 18:09:08 297344]
S2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-01-27 15:51:05 2253688]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-08-12 00:10:48 252272]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 03:15:22 14472]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\windows\system32\drivers\IntcHdmi.sys [2009-07-10 14:45:12 139264]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\windows\system32\DRIVERS\L1C62x64.sys [2009-07-27 23:04:36 58880]
S3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 01:06:38 35008]
S3 QIOMem;Generic IO & Memory Access;C:\windows\system32\DRIVERS\QIOMem.sys [2009-06-15 21:58:50 12800]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\windows\system32\DRIVERS\rtl8192se.sys [2009-08-27 02:11:12 942080]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-04 01:17:56 137560]
S3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-04 19:15:06 826224]


[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}]
2009-08-06 16:15:00 264048 ----a-w- C:\Program Files (x86)\TOSHIBA\My Toshiba\MyToshiba.exe

Contents of the 'Scheduled Tasks' folder

2011-03-07 C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-02-25 04:41:52 . 2011-02-25 04:41:47]

2011-03-07 C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-02-25 04:41:52 . 2011-02-25 04:41:47]


--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2009-09-03 03:42:58 750064 ----a-w- C:\ProgramData\Partner\Partner64.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="C:\windows\system32\thpsrv" [X]
"IgfxTray"="C:\windows\system32\igfxtray.exe" [2009-09-02 22:25:08 165912]
"HotKeysCmds"="C:\windows\system32\hkcmd.exe" [2009-09-02 22:24:58 387608]
"Persistence"="C:\windows\system32\igfxpers.exe" [2009-09-02 22:25:04 365592]
"cAudioFilterAgent"="C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2009-07-20 22:30:38 503864]
"TosSENotify"="C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-04 01:18:32 709976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0

------- Supplementary Scan -------

uLocal Page = C:\windows\system32\blank.htm
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
mLocal Page = C:\Windows\SysWOW64\blank.htm
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
FF - ProfilePath - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\vy4n2n56.default\
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - prefs.js: network.proxy.type - 0

- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-TUSBSleepChargeSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
Wow6432Node-HKLM-Run-ITSecMng - %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
Toolbar-Locked - (no file)
HKLM-Run-(Default) - (no file)
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TPwrMain - %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-SmoothView - %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-Teco - %ProgramFiles%\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-SmartFaceVWatcher - %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
HKLM-Run-ConexantAudioPatch - %ProgramFiles%\ConexantAudioPatch\Audioreset.exe



drowningfour

Newbie Surfer
Newbie Surfer

Posts : 6
Joined : 2011-03-02
Operating System : 7

View user profile

Back to top Go down

Re: RAT please help me get it off

Post by Crush on Mon 07 Mar 2011, 5:38 pm

Re-running ComboFix to remove infections:

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    [You must be registered and logged in to see this link.]
    Collect::
    C:\windows\SysWow64\comcnt.sys
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.

Crush

Tech Officer
Tech Officer

Posts : 3889
Joined : 2010-01-28

View user profile

Back to top Go down

Re: RAT please help me get it off

Post by drowningfour on Tue 08 Mar 2011, 8:21 am

ComboFix 11-03-06.02 - Alex 03/07/2011 15:05:38.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3933.2788 [GMT -6:00]
Running from: C:\Users\Alex\Downloads\ComboFix.exe
Command switches used :: C:\Users\Alex\Desktop\CFScript.txt
AV: Norton Internet Security *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}



((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\windows\SysWow64\comcnt.sys

---- Previous Run -------

C:\Users\Alex\AppData\Roaming\!run.exe
C:\Users\Alex\AppData\Roaming\3333.exe
C:\Users\Alex\AppData\Roaming\data.dat
C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rundll32 .exe
C:\Users\Alex\AppData\Roaming\rundll32 .exe
C:\Users\Alex\AppData\Roaming\svchost.exe
C:\Users\Alex\AppData\Roaming\svchost6.exe
C:\windows\system32\Thumbs.db


((((((((((((((((((((((((( Files Created from 2011-02-07 to 2011-03-07 )))))))))))))))))))))))))))))))


2011-03-07 21:10:55 . 2011-03-07 21:10:55 -------- d-----w- C:\Users\Default\AppData\Local\temp
2011-03-04 17:27:17 . 2011-03-04 17:27:17 -------- d-----w- C:\Program Files\Java
2011-03-04 04:15:18 . 2008-04-14 11:41:54 1227264 ----a-w- C:\windows\SysWow64\dx8vb.dll
2011-03-04 04:15:18 . 2004-03-09 07:00:00 1081616 ----a-w- C:\windows\SysWow64\MSCOMCTL.OCX
2011-03-04 04:15:18 . 2000-10-10 10:01:08 304128 ----a-w- C:\windows\SysWow64\MSFLXGRD.OCX
2011-03-04 04:15:18 . 1998-06-26 06:00:00 644400 ----a-w- C:\windows\SysWow64\MSCOMCT2.OCX
2011-03-04 04:15:18 . 1998-06-24 06:00:00 164144 ----a-w- C:\windows\SysWow64\COMCT232.OCX
2011-03-04 04:15:17 . 2011-03-04 04:15:18 -------- d-----w- C:\Program Files (x86)\Ghost Control
2011-03-03 21:52:02 . 2011-03-03 21:54:41 -------- d-----w- C:\ChaoticProd
2011-03-03 21:45:06 . 2011-03-03 21:46:53 -------- d-----w- C:\FS_525cache
2011-03-02 06:05:12 . 2011-03-02 06:05:06 296448 ----a-w- C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{5E342FFC-9A4B-4ACB-9B3B-A0F7C149B091}-botter 1_5 ins.exe
2011-03-02 03:31:58 . 2010-12-21 00:09:00 38224 ----a-w- C:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-03-02 03:31:54 . 2010-12-21 00:08:40 24152 ----a-w- C:\windows\system32\drivers\mbam.sys
2011-03-02 03:25:33 . 2011-03-02 03:31:59 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-03-02 03:25:33 . 2011-03-02 03:25:33 -------- d-----w- C:\ProgramData\Malwarebytes
2011-03-02 02:19:22 . 2011-03-02 02:19:24 -------- d-----w- C:\Program Files (x86)\Ventrilo
2011-03-02 02:18:39 . 2011-03-02 02:18:39 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2011-03-02 02:08:38 . 2011-03-02 02:08:38 1224704 ---ha-r- C:\ProgramData\Comine.exe
2011-02-26 06:48:41 . 2011-02-26 06:49:22 -------- d-----w- C:\Program Files (x86)\HMA! Pro VPN
2011-02-26 05:02:20 . 2011-02-26 05:03:59 -------- d-----w- C:\Program Files (x86)\Windows Live Safety Center
2011-02-25 04:41:29 . 2011-02-25 04:41:29 -------- d-----w- C:\Program Files (x86)\Common Files\Skype
2011-02-25 04:41:25 . 2011-02-25 04:41:43 -------- d-----r- C:\Program Files (x86)\Skype
2011-02-25 04:41:18 . 2011-02-25 04:41:24 -------- d-----w- C:\ProgramData\Skype
2011-02-25 04:14:34 . 2011-02-25 04:14:34 -------- d-----w- C:\Program Files (x86)\TeamViewer
2011-02-24 13:02:29 . 2011-03-02 05:36:34 -------- d-----w- C:\.jagex_cache_32
2011-02-24 05:14:34 . 2011-03-05 05:16:59 -------- d-----w- C:\windows\.jagex_cache_32
2011-02-24 05:14:22 . 2011-02-24 05:14:22 -------- d-----w- C:\windows\Sun
2011-02-24 05:12:11 . 2011-02-24 05:12:11 -------- d-----w- C:\ProgramData\SwiftKit
2011-02-24 05:12:10 . 2011-03-04 04:48:23 -------- d-----w- C:\Program Files (x86)\SwiftKit
2011-02-24 05:05:28 . 2011-02-24 05:05:28 -------- d-----w- C:\Program Files\ConexantAudioPatch
2011-02-24 05:03:27 . 2009-06-23 01:06:38 35008 ----a-w- C:\windows\system32\drivers\PGEffect.sys
2011-02-24 04:57:06 . 2011-02-24 04:57:06 -------- d-----w- C:\windows\SysWow64\Atheros_L1e
2011-02-24 04:56:13 . 2011-02-24 04:56:13 -------- d-----w- C:\Program Files\Synaptics
2011-02-24 04:54:44 . 2009-08-27 02:11:12 942080 ----a-w- C:\windows\system32\drivers\rtl8192se.sys
2011-02-24 04:54:41 . 2011-02-24 04:54:50 -------- d-----w- C:\Program Files (x86)\Realtek WLAN Driver
2011-02-24 04:52:09 . 2011-02-24 04:52:25 -------- d-----w- C:\Program Files\CONEXANT
2011-02-24 04:47:58 . 2011-02-24 04:47:58 -------- d-----w- C:\windows\SysWow64\x64
2011-02-24 04:47:58 . 2011-02-24 04:47:58 -------- d-----w- C:\windows\SysWow64\Lang
2011-02-24 04:47:57 . 2009-09-02 22:24:50 1002008 ----a-w- C:\windows\SysWow64\igxpun.exe
2011-02-24 04:44:57 . 2009-06-05 02:54:36 408600 ----a-w- C:\windows\system32\drivers\iaStor.sys
2011-02-24 04:44:31 . 2011-02-24 04:44:34 -------- d-----w- C:\Program Files (x86)\Microsoft Office Suite Activation Assistant
2011-02-24 04:37:11 . 2011-02-02 23:10:22 7844688 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A319E067-8A19-488F-91FD-4684ED7C3BF6}\mpengine.dll
2011-02-24 04:37:09 . 2011-02-02 23:11:20 270720 ------w- C:\windows\system32\MpSigStub.exe
2011-02-24 04:34:02 . 2011-02-24 04:34:02 -------- d-----w- C:\Program Files (x86)\Microsoft.NET
2011-02-24 04:32:16 . 2011-02-24 04:37:45 -------- d-----w- C:\ProgramData\Microsoft Help
2011-02-24 04:31:56 . 2011-02-24 04:31:56 -------- d-----r- C:\MSOCache
2011-02-24 04:29:09 . 2011-02-24 04:29:16 83249512 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\wlcB240.tmp
2011-02-24 04:27:29 . 2011-02-24 04:27:39 -------- d-----w- C:\Program Files (x86)\Microsoft Works
2011-02-24 04:26:42 . 2011-03-02 03:03:34 -------- d-----w- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 11
2011-02-24 04:21:09 . 2011-02-24 04:21:09 16 --sh--r- C:\windows\SysWow64\drivers\fbd.sys
2011-02-24 04:21:06 . 2011-03-07 21:12:02 58288 ----a-w- C:\windows\SysWow64\rpcnet.dll
2011-02-24 04:21:06 . 2011-02-24 04:20:32 58288 ------w- C:\windows\SysWow64\rpcnet.exe
2011-02-24 04:20:32 . 2011-02-24 04:20:36 13160 ----a-w- C:\windows\SysWow64\Upgrd.exe
2011-02-24 04:19:50 . 2011-03-03 21:49:47 -------- d-----w- C:\Users\Alex
2011-02-24 04:18:13 . 2011-03-07 21:12:02 17920 ----a-w- C:\windows\SysWow64\rpcnetp.dll
2011-02-24 04:17:19 . 2011-03-07 21:11:48 17920 ----a-w- C:\windows\SysWow64\rpcnetp.exe
2011-02-24 04:17:19 . 2011-03-07 21:11:48 17920 ----a-w- C:\windows\system32\rpcnetp.exe


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))



((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2009-09-03 03:42:58 433648 ----a-w- C:\ProgramData\Partner\Partner.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MyTOSHIBA"="C:\Program Files (x86)\TOSHIBA\My Toshiba\MyToshiba.exe" [2009-08-06 16:15:00 264048]
"msnmsgr"="C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 04:12:38 3872080]
"swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-03 03:42:56 39408]
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe" [2011-01-26 23:05:34 15026056]
"Java Update"="C:\Users\Alex\Desktop\HexingPatchV3.exe" [2011-02-26 05:05:18 69632]
"Console IME"="C:\ProgramData\Comine.exe" [2011-03-02 02:08:38 1224704]
"Ghost Control"="C:\Program Files (x86)\Ghost Control\ghost.exe" [2010-10-27 18:50:54 1991616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"TWebCamera"="%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe autorun" [X]
"TUSBSleepChargeSrv"="%ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe" [BU]
"NortonOnlineBackupReminder"="C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" [2009-07-16 19:04:28 529256]
"ITSecMng"="%ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [BU]
"ToshibaServiceStation"="C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-08-17 18:48:46 1294136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"="1"

R2 ConfigFree Gadget Service;ConfigFree Gadget Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-07-15 03:10:30 42368]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 02:51:20 46448]
R2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-02-25 04:41:47 136176]
R3 Partner Service;Partner Service;C:\ProgramData\Partner\Partner.exe [2009-09-03 03:42:58 332272]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 18:48:42 51512]
S0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\system32\DRIVERS\thpdrv.sys [2009-06-29 18:25:22 34880]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\system32\DRIVERS\Thpevm.SYS [2009-06-30 00:16:20 14784]
S1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 00:07:22 59904]
S2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-08-11 03:55:58 248688]
S2 Norton Internet Security;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\ccSvcHst.exe [2009-09-03 03:44:22 117640]
S2 taisregispinger;taisregispinger;C:\Program Files (x86)\TOSHIBA\ToshibaRegistration\TaisRegistPinger.exe [2009-08-13 18:09:08 297344]
S2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-01-27 15:51:05 2253688]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-08-12 00:10:48 252272]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 03:15:22 14472]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\windows\system32\drivers\IntcHdmi.sys [2009-07-10 14:45:12 139264]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\windows\system32\DRIVERS\L1C62x64.sys [2009-07-27 23:04:36 58880]
S3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 01:06:38 35008]
S3 QIOMem;Generic IO & Memory Access;C:\windows\system32\DRIVERS\QIOMem.sys [2009-06-15 21:58:50 12800]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\windows\system32\DRIVERS\rtl8192se.sys [2009-08-27 02:11:12 942080]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-04 01:17:56 137560]
S3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-04 19:15:06 826224]


[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}]
2009-08-06 16:15:00 264048 ----a-w- C:\Program Files (x86)\TOSHIBA\My Toshiba\MyToshiba.exe

Contents of the 'Scheduled Tasks' folder

2011-03-07 C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-02-25 04:41:52 . 2011-02-25 04:41:47]

2011-03-07 C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-02-25 04:41:52 . 2011-02-25 04:41:47]


--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2009-09-03 03:42:58 750064 ----a-w- C:\ProgramData\Partner\Partner64.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="C:\windows\system32\thpsrv" [X]
"(Default)"="" [BU]
"IgfxTray"="C:\windows\system32\igfxtray.exe" [2009-09-02 22:25:08 165912]
"HotKeysCmds"="C:\windows\system32\hkcmd.exe" [2009-09-02 22:24:58 387608]
"Persistence"="C:\windows\system32\igfxpers.exe" [2009-09-02 22:25:04 365592]
"cAudioFilterAgent"="C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2009-07-20 22:30:38 503864]
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe" [BU]
"TPwrMain"="%ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"SmoothView"="%ProgramFiles%\Toshiba\SmoothView\SmoothView.exe" [BU]
"00TCrdMain"="%ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"Teco"="%ProgramFiles%\TOSHIBA\TECO\Teco.exe" [BU]
"TosWaitSrv"="%ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe" [BU]
"SmartFaceVWatcher"="%ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [BU]
"ConexantAudioPatch"="%ProgramFiles%\ConexantAudioPatch\Audioreset.exe" [BU]
"TosSENotify"="C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-04 01:18:32 709976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0

------- Supplementary Scan -------

uLocal Page = C:\windows\system32\blank.htm
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
mLocal Page = C:\Windows\SysWOW64\blank.htm
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
FF - ProfilePath - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\vy4n2n56.default\
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - prefs.js: network.proxy.type - 0

- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
Toolbar-Locked - (no file)



drowningfour

Newbie Surfer
Newbie Surfer

Posts : 6
Joined : 2011-03-02
Operating System : 7

View user profile

Back to top Go down

Re: RAT please help me get it off

Post by Crush on Tue 08 Mar 2011, 10:08 am

Hi,

The log looks incomplete. Is that the whole log?

Crush

Tech Officer
Tech Officer

Posts : 3889
Joined : 2010-01-28

View user profile

Back to top Go down

Re: RAT please help me get it off

Post by drowningfour on Tue 08 Mar 2011, 10:09 am

Yes thats all that was in my ComboFix.txt file

drowningfour

Newbie Surfer
Newbie Surfer

Posts : 6
Joined : 2011-03-02
Operating System : 7

View user profile

Back to top Go down

Re: RAT please help me get it off

Post by Crush on Tue 08 Mar 2011, 10:41 am

That's strange. Can you run it again please?

Crush

Tech Officer
Tech Officer

Posts : 3889
Joined : 2010-01-28

View user profile

Back to top Go down

Re: RAT please help me get it off

Post by drowningfour on Tue 08 Mar 2011, 1:18 pm

ComboFix 11-03-07.02 - Alex 03/07/2011 19:42:20.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3933.2623 [GMT -6:00]
Running from: C:\Users\Alex\Downloads\ComboFix.exe
Command switches used :: C:\Users\Alex\Desktop\CFScript.txt
AV: Norton Internet Security *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


---- Previous Run -------

C:\windows\SysWow64\comcnt.sys


((((((((((((((((((((((((( Files Created from 2011-02-08 to 2011-03-08 )))))))))))))))))))))))))))))))


2011-03-08 01:52:03 . 2011-03-08 01:52:03 -------- d-----w- C:\Users\Default\AppData\Local\temp
2011-03-04 17:27:17 . 2011-03-04 17:27:17 -------- d-----w- C:\Program Files\Java
2011-03-04 04:15:18 . 2008-04-14 11:41:54 1227264 ----a-w- C:\windows\SysWow64\dx8vb.dll
2011-03-04 04:15:18 . 2004-03-09 07:00:00 1081616 ----a-w- C:\windows\SysWow64\MSCOMCTL.OCX
2011-03-04 04:15:18 . 2000-10-10 10:01:08 304128 ----a-w- C:\windows\SysWow64\MSFLXGRD.OCX
2011-03-04 04:15:18 . 1998-06-26 06:00:00 644400 ----a-w- C:\windows\SysWow64\MSCOMCT2.OCX
2011-03-04 04:15:18 . 1998-06-24 06:00:00 164144 ----a-w- C:\windows\SysWow64\COMCT232.OCX
2011-03-04 04:15:17 . 2011-03-04 04:15:18 -------- d-----w- C:\Program Files (x86)\Ghost Control
2011-03-03 21:52:02 . 2011-03-03 21:54:41 -------- d-----w- C:\ChaoticProd
2011-03-03 21:45:06 . 2011-03-03 21:46:53 -------- d-----w- C:\FS_525cache
2011-03-02 06:05:12 . 2011-03-02 06:05:06 296448 ----a-w- C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{5E342FFC-9A4B-4ACB-9B3B-A0F7C149B091}-botter 1_5 ins.exe
2011-03-02 03:31:58 . 2010-12-21 00:09:00 38224 ----a-w- C:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-03-02 03:31:54 . 2010-12-21 00:08:40 24152 ----a-w- C:\windows\system32\drivers\mbam.sys
2011-03-02 03:25:33 . 2011-03-02 03:31:59 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-03-02 03:25:33 . 2011-03-02 03:25:33 -------- d-----w- C:\ProgramData\Malwarebytes
2011-03-02 02:19:22 . 2011-03-02 02:19:24 -------- d-----w- C:\Program Files (x86)\Ventrilo
2011-03-02 02:18:39 . 2011-03-02 02:18:39 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2011-03-02 02:08:38 . 2011-03-02 02:08:38 1224704 ---ha-r- C:\ProgramData\Comine.exe
2011-02-26 06:48:41 . 2011-02-26 06:49:22 -------- d-----w- C:\Program Files (x86)\HMA! Pro VPN
2011-02-26 05:02:20 . 2011-02-26 05:03:59 -------- d-----w- C:\Program Files (x86)\Windows Live Safety Center
2011-02-25 04:41:29 . 2011-02-25 04:41:29 -------- d-----w- C:\Program Files (x86)\Common Files\Skype
2011-02-25 04:41:25 . 2011-02-25 04:41:43 -------- d-----r- C:\Program Files (x86)\Skype
2011-02-25 04:41:18 . 2011-02-25 04:41:24 -------- d-----w- C:\ProgramData\Skype
2011-02-25 04:14:34 . 2011-02-25 04:14:34 -------- d-----w- C:\Program Files (x86)\TeamViewer
2011-02-24 13:02:29 . 2011-03-02 05:36:34 -------- d-----w- C:\.jagex_cache_32
2011-02-24 05:14:34 . 2011-03-05 05:16:59 -------- d-----w- C:\windows\.jagex_cache_32
2011-02-24 05:14:22 . 2011-02-24 05:14:22 -------- d-----w- C:\windows\Sun
2011-02-24 05:12:11 . 2011-02-24 05:12:11 -------- d-----w- C:\ProgramData\SwiftKit
2011-02-24 05:12:10 . 2011-03-04 04:48:23 -------- d-----w- C:\Program Files (x86)\SwiftKit
2011-02-24 05:05:28 . 2011-02-24 05:05:28 -------- d-----w- C:\Program Files\ConexantAudioPatch
2011-02-24 05:03:27 . 2009-06-23 01:06:38 35008 ----a-w- C:\windows\system32\drivers\PGEffect.sys
2011-02-24 04:57:06 . 2011-02-24 04:57:06 -------- d-----w- C:\windows\SysWow64\Atheros_L1e
2011-02-24 04:56:13 . 2011-02-24 04:56:13 -------- d-----w- C:\Program Files\Synaptics
2011-02-24 04:54:44 . 2009-08-27 02:11:12 942080 ----a-w- C:\windows\system32\drivers\rtl8192se.sys
2011-02-24 04:54:41 . 2011-02-24 04:54:50 -------- d-----w- C:\Program Files (x86)\Realtek WLAN Driver
2011-02-24 04:52:09 . 2011-02-24 04:52:25 -------- d-----w- C:\Program Files\CONEXANT
2011-02-24 04:47:58 . 2011-02-24 04:47:58 -------- d-----w- C:\windows\SysWow64\x64
2011-02-24 04:47:58 . 2011-02-24 04:47:58 -------- d-----w- C:\windows\SysWow64\Lang
2011-02-24 04:47:57 . 2009-09-02 22:24:50 1002008 ----a-w- C:\windows\SysWow64\igxpun.exe
2011-02-24 04:44:57 . 2009-06-05 02:54:36 408600 ----a-w- C:\windows\system32\drivers\iaStor.sys
2011-02-24 04:44:31 . 2011-02-24 04:44:34 -------- d-----w- C:\Program Files (x86)\Microsoft Office Suite Activation Assistant
2011-02-24 04:37:11 . 2011-02-02 23:10:22 7844688 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A319E067-8A19-488F-91FD-4684ED7C3BF6}\mpengine.dll
2011-02-24 04:37:09 . 2011-02-02 23:11:20 270720 ------w- C:\windows\system32\MpSigStub.exe
2011-02-24 04:34:02 . 2011-02-24 04:34:02 -------- d-----w- C:\Program Files (x86)\Microsoft.NET
2011-02-24 04:32:16 . 2011-02-24 04:37:45 -------- d-----w- C:\ProgramData\Microsoft Help
2011-02-24 04:31:56 . 2011-02-24 04:31:56 -------- d-----r- C:\MSOCache
2011-02-24 04:29:09 . 2011-02-24 04:29:16 83249512 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\wlcB240.tmp
2011-02-24 04:27:29 . 2011-02-24 04:27:39 -------- d-----w- C:\Program Files (x86)\Microsoft Works
2011-02-24 04:26:42 . 2011-03-02 03:03:34 -------- d-----w- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 11
2011-02-24 04:21:09 . 2011-02-24 04:21:09 16 --sh--r- C:\windows\SysWow64\drivers\fbd.sys
2011-02-24 04:21:06 . 2011-03-07 21:12:02 58288 ----a-w- C:\windows\SysWow64\rpcnet.dll
2011-02-24 04:21:06 . 2011-02-24 04:20:32 58288 ------w- C:\windows\SysWow64\rpcnet.exe
2011-02-24 04:20:32 . 2011-02-24 04:20:36 13160 ----a-w- C:\windows\SysWow64\Upgrd.exe
2011-02-24 04:19:50 . 2011-03-03 21:49:47 -------- d-----w- C:\Users\Alex
2011-02-24 04:18:13 . 2011-03-07 21:12:02 17920 ----a-w- C:\windows\SysWow64\rpcnetp.dll
2011-02-24 04:17:19 . 2011-03-08 01:13:56 17920 ----a-w- C:\windows\system32\rpcnetp.exe
2011-02-24 04:17:19 . 2011-03-07 21:11:48 17920 ----a-w- C:\windows\SysWow64\rpcnetp.exe


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))



((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))

+ 2009-09-03 03:38:53 . 2011-03-07 21:14:03 31244 C:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10:35 . 2011-03-07 21:13:57 34390 C:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-02-24 12:59:33 . 2011-03-07 21:14:03 16384 C:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-02-24 12:59:33 . 2011-03-07 04:08:15 16384 C:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-02-24 12:59:33 . 2011-03-07 21:14:03 32768 C:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-02-24 12:59:33 . 2011-03-07 04:08:15 32768 C:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-02-24 12:59:33 . 2011-03-07 04:08:15 16384 C:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-02-24 12:59:33 . 2011-03-07 21:14:03 16384 C:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-02-24 06:13:03 . 2011-03-07 04:08:20 16384 C:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-02-24 06:13:03 . 2011-03-07 21:14:56 16384 C:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-02-24 06:13:03 . 2011-03-07 21:14:56 16384 C:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-02-24 06:13:03 . 2011-03-07 04:08:20 16384 C:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-02-24 05:14:57 . 2011-03-04 03:55:48 49152 C:\windows\.jagex_cache_32\runescape\jagmisc.dll
+ 2011-02-24 05:14:57 . 2011-03-08 01:17:51 49152 C:\windows\.jagex_cache_32\runescape\jagmisc.dll
+ 2011-02-24 05:14:58 . 2011-03-08 01:17:53 81920 C:\windows\.jagex_cache_32\runescape\hw3d.dll
+ 2009-07-14 05:35:51 . 2009-07-14 02:12:20 4096 C:\windows\SysWOW64\WindowsPowerShell\v1.0\en-US\powershell_ise.resources.dll
+ 2011-02-24 04:21:43 . 2011-03-07 21:13:58 5252 C:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2097176987-176194532-2504421757-1001_UserData.bin
- 2011-03-07 04:05:58 . 2011-03-07 04:05:58 2048 C:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-03-07 21:11:58 . 2011-03-07 21:11:58 2048 C:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-03-07 21:11:58 . 2011-03-07 21:11:58 2048 C:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-03-07 04:05:58 . 2011-03-07 04:05:58 2048 C:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-02-24 04:47:58 . 2006-11-10 17:25:42 525792 C:\windows\SysWOW64\x64\difxapi.dll
+ 2011-02-24 04:47:58 . 2009-09-02 22:25:14 106008 C:\windows\SysWOW64\x64\Difx64.exe
+ 2009-07-13 23:29:43 . 2009-07-14 01:20:37 104448 C:\windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\Microsoft.BackgroundIntelligentTransfer.Management.Interop.dll
+ 2011-02-24 12:59:22 . 2011-03-07 22:44:57 226212 C:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 05:01:48 . 2011-03-07 04:04:59 316368 C:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01:48 . 2011-03-07 21:11:05 316368 C:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-03-02 03:07:28 . 2011-03-07 04:04:59 316368 C:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2097176987-176194532-2504421757-1001-12288.dat
+ 2011-03-02 03:07:28 . 2011-03-07 21:11:05 316368 C:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2097176987-176194532-2504421757-1001-12288.dat
+ 2011-02-24 05:14:58 . 2011-03-08 01:17:52 937984 C:\windows\.jagex_cache_32\runescape\sw3d.dll
+ 2011-02-24 05:14:57 . 2011-03-08 01:17:51 137216 C:\windows\.jagex_cache_32\runescape\jaggl.dll
+ 2011-02-24 05:14:57 . 2011-03-08 01:17:51 102400 C:\windows\.jagex_cache_32\runescape\jagdx.dll
+ 2011-02-24 05:14:56 . 2011-03-08 01:17:50 148992 C:\windows\.jagex_cache_32\runescape\jaclib.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2009-09-03 03:42:58 433648 ----a-w- C:\ProgramData\Partner\Partner.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MyTOSHIBA"="C:\Program Files (x86)\TOSHIBA\My Toshiba\MyToshiba.exe" [2009-08-06 16:15:00 264048]
"msnmsgr"="C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 04:12:38 3872080]
"swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-03 03:42:56 39408]
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe" [2011-01-26 23:05:34 15026056]
"Java Update"="C:\Users\Alex\Desktop\HexingPatchV3.exe" [2011-02-26 05:05:18 69632]
"Console IME"="C:\ProgramData\Comine.exe" [2011-03-02 02:08:38 1224704]
"Ghost Control"="C:\Program Files (x86)\Ghost Control\ghost.exe" [2010-10-27 18:50:54 1991616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"TWebCamera"="%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe autorun" [X]
"TUSBSleepChargeSrv"="%ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe" [BU]
"NortonOnlineBackupReminder"="C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" [2009-07-16 19:04:28 529256]
"ITSecMng"="%ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [BU]
"ToshibaServiceStation"="C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-08-17 18:48:46 1294136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

R2 ConfigFree Gadget Service;ConfigFree Gadget Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-07-15 03:10:30 42368]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 02:51:20 46448]
R2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-02-25 04:41:47 136176]
R3 Partner Service;Partner Service;C:\ProgramData\Partner\Partner.exe [2009-09-03 03:42:58 332272]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 18:48:42 51512]
S0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\system32\DRIVERS\thpdrv.sys [2009-06-29 18:25:22 34880]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\system32\DRIVERS\Thpevm.SYS [2009-06-30 00:16:20 14784]
S1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 00:07:22 59904]
S2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-08-11 03:55:58 248688]
S2 Norton Internet Security;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\ccSvcHst.exe [2009-09-03 03:44:22 117640]
S2 taisregispinger;taisregispinger;C:\Program Files (x86)\TOSHIBA\ToshibaRegistration\TaisRegistPinger.exe [2009-08-13 18:09:08 297344]
S2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-01-27 15:51:05 2253688]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-08-12 00:10:48 252272]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 03:15:22 14472]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\windows\system32\drivers\IntcHdmi.sys [2009-07-10 14:45:12 139264]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\windows\system32\DRIVERS\L1C62x64.sys [2009-07-27 23:04:36 58880]
S3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 01:06:38 35008]
S3 QIOMem;Generic IO & Memory Access;C:\windows\system32\DRIVERS\QIOMem.sys [2009-06-15 21:58:50 12800]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\windows\system32\DRIVERS\rtl8192se.sys [2009-08-27 02:11:12 942080]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-04 01:17:56 137560]
S3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-04 19:15:06 826224]


[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}]
2009-08-06 16:15:00 264048 ----a-w- C:\Program Files (x86)\TOSHIBA\My Toshiba\MyToshiba.exe

Contents of the 'Scheduled Tasks' folder

2011-03-07 C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-02-25 04:41:52 . 2011-02-25 04:41:47]

2011-03-08 C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-02-25 04:41:52 . 2011-02-25 04:41:47]


--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2009-09-03 03:42:58 750064 ----a-w- C:\ProgramData\Partner\Partner64.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="C:\windows\system32\thpsrv" [X]
"(Default)"="" [BU]
"IgfxTray"="C:\windows\system32\igfxtray.exe" [2009-09-02 22:25:08 165912]
"HotKeysCmds"="C:\windows\system32\hkcmd.exe" [2009-09-02 22:24:58 387608]
"Persistence"="C:\windows\system32\igfxpers.exe" [2009-09-02 22:25:04 365592]
"cAudioFilterAgent"="C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2009-07-20 22:30:38 503864]
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe" [BU]
"TPwrMain"="%ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"SmoothView"="%ProgramFiles%\Toshiba\SmoothView\SmoothView.exe" [BU]
"00TCrdMain"="%ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"Teco"="%ProgramFiles%\TOSHIBA\TECO\Teco.exe" [BU]
"TosWaitSrv"="%ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe" [BU]
"SmartFaceVWatcher"="%ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [BU]
"ConexantAudioPatch"="%ProgramFiles%\ConexantAudioPatch\Audioreset.exe" [BU]
"TosSENotify"="C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-04 01:18:32 709976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0

------- Supplementary Scan -------

uLocal Page = C:\windows\system32\blank.htm
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
mLocal Page = C:\Windows\SysWOW64\blank.htm
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
FF - ProfilePath - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\vy4n2n56.default\
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - prefs.js: network.proxy.type - 0

- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
Toolbar-Locked - (no file)



drowningfour

Newbie Surfer
Newbie Surfer

Posts : 6
Joined : 2011-03-02
Operating System : 7

View user profile

Back to top Go down

Re: RAT please help me get it off

Post by Crush on Tue 08 Mar 2011, 5:04 pm

Hi,

Your computer has multiple infections, including a backdoor. A backdoor gives intruders complete control of your computer, logs your keystrokes, steal personal information, etc.

You are strongly advised to do the following:

  • Disconnect the computer from the Internet and from any networked computers until it is cleaned.
  • Back up all your important data except programs. The programs can be reinstalled back from the original disc or from the Net.
  • Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts. If you don't mind the hassle, change all your account numbers.
  • From a clean computer, change all your passwords (ISP login password, your email address(es) passwords, financial accounts, PayPal, eBay, Amazon, online groups and forums and any other online activities you carry out which require a username and password).


Do NOT change your passwords from this computer as the attacker will be able to get all the new passwords and transaction records.

Due to its backdoor functionality, your computer is very likely to have been compromised and there is no way that it can be trusted again. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be to do a reformat and reinstallation of the operating system (OS). However, if you do not have the resources to reinstall your OS and would like me to attempt to clean your machine, I will be happy to do so.

To help you understand more, please take some time to read the following articles:

What are Remote Access Trojans and why are they dangerous
How do I respond to a possible identity theft and how do I prevent it
When should do a reformat and reinstallation of my OS
Where to backup your files
How to backup your files in Windows XP
Restoring your backups

Crush

Tech Officer
Tech Officer

Posts : 3889
Joined : 2010-01-28

View user profile

Back to top Go down

Re: RAT please help me get it off

Post by Sponsored content Today at 6:20 pm


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum