W32.Shadesrat and other possible infection.

View previous topic View next topic Go down

Solved W32.Shadesrat and other possible infection.

Post by Tankman on Tue 10 May 2011, 7:35 am

Recently, i visited a friends link he told me was a video. It asked me to Verify so i clicked yes. Big mistake. Norton picked up something on its SONAR activity and advised me to delete related files in the %appdata% roaming folder. I did, but they came back. SO i used norton power eraser to rid of the damn files (data.dat, flash.exe,winlogn.exe) Then i ran another norton Full system scan and it found w32.shadesrat. It said it deleted it but I started to notice some strange icons for my shortcuts. I looked at the original file in properties and it was ggg.exe. I knew this wasnt right so i removed all those icons and moved on with a full system scan. Scan turned up with nothing, but im afraid there may still be an infection.

SOLVED


Last edited by Tankman on Thu 12 May 2011, 10:56 am; edited 3 times in total (Reason for editing : SOLVED)

Tankman

Newbie Surfer
Newbie Surfer

Posts : 19
Joined : 2011-05-10
Operating System : Windows 7 x32 Bit

View user profile

Back to top Go down

Solved Re: W32.Shadesrat and other possible infection.

Post by Tankman on Tue 10 May 2011, 7:37 am

OTL logfile created on: 5/9/2011 3:56:32 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Joshua\Downloads
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 47.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 61.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931.41 Gb Total Space | 601.91 Gb Free Space | 64.62% Space Free | Partition Type: NTFS
Drive D: | 612.43 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive H: | 7.39 Gb Total Space | 7.39 Gb Free Space | 100.00% Space Free | Partition Type: FAT32

Computer Name: JOSHUA-PC | User Name: Joshua | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/09 15:55:25 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Joshua\Downloads\OTL.com
PRC - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe
PRC - [2011/04/14 12:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/03/09 00:53:18 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011/03/09 00:52:54 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/12/20 18:08:46 | 000,963,976 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2010/07/16 17:32:34 | 000,619,800 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
PRC - [2010/03/18 19:17:48 | 000,019,456 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\CtHelper.exe
PRC - [2010/02/12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2010/01/15 08:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/07/13 21:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 21:14:16 | 000,176,128 | ---- | M] (Microsoft Corp.) -- C:\Windows\System32\Defrag.exe
PRC - [2009/07/13 21:14:15 | 000,301,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
PRC - [2009/07/13 21:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/01/18 17:37:38 | 000,126,976 | ---- | M] (Saitek) -- C:\Program Files\Saitek\CyborgKeyboard\SaiVolume.exe
PRC - [2008/01/18 17:36:24 | 000,131,072 | ---- | M] (Saitek) -- C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
PRC - [2008/01/18 17:35:48 | 000,233,472 | ---- | M] (Saitek) -- C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
PRC - [2007/09/11 01:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
PRC - [2006/11/17 17:42:46 | 000,053,341 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTSched.exe


========== Modules (SafeList) ==========

MOD - [2011/05/09 15:55:25 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Joshua\Downloads\OTL.com
MOD - [2010/08/21 01:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2010/03/18 19:17:48 | 000,008,704 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\ctagent.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/05/05 17:27:22 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2011/05/05 17:12:34 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2011/05/02 15:54:56 | 003,274,328 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_3f211bc.dll -- (Akamai)
SRV - [2011/04/16 21:19:16 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe -- (NIS)
SRV - [2011/03/09 00:52:54 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010/11/16 21:45:58 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/08/02 20:53:03 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/02/12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/07/13 21:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2007/09/11 01:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)


========== Driver Services (SafeList) ==========

DRV - [2011/05/09 08:49:05 | 001,393,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110509.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/05/09 08:49:05 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110509.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/05/02 18:30:05 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/04/21 14:23:20 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/04/15 16:29:05 | 000,802,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110430.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/03/30 23:04:12 | 000,035,960 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2011/03/30 23:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\Drivers\NIS\1206000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/30 23:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1206000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/21 20:39:49 | 000,296,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NIS\1206000.01D\SYMNETS.SYS -- (SymNetS)
DRV - [2011/03/14 22:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NIS\1206000.01D\SYMEFA.SYS -- (SymEFA)
DRV - [2011/03/14 14:58:33 | 000,353,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110506.001\IDSvix86.sys -- (IDSVix86)
DRV - [2011/03/09 05:21:34 | 007,723,008 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011/03/09 00:17:24 | 000,239,616 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2011/01/27 02:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\NIS\1206000.01D\SYMDS.SYS -- (SymDS)
DRV - [2011/01/27 01:07:05 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1206000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2010/12/30 02:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | Disabled | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/12/18 07:03:56 | 000,021,696 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\system32\speedfan.sys -- (speedfan)
DRV - [2010/11/17 08:04:24 | 000,101,392 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2010/07/01 14:21:14 | 000,034,896 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER)
DRV - [2010/05/06 05:21:42 | 000,108,560 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2010/03/18 20:50:12 | 000,189,528 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2010/03/18 20:50:04 | 000,162,904 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2010/03/18 20:49:56 | 000,798,808 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2010/03/18 20:45:42 | 000,092,760 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\emupia2k.sys -- (emupia)
DRV - [2010/03/18 20:45:28 | 000,157,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2010/03/18 20:45:20 | 000,014,424 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2010/03/18 20:45:12 | 000,127,576 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2010/03/18 20:40:48 | 000,347,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2010/03/18 20:40:40 | 000,528,472 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2010/03/18 20:40:32 | 000,511,064 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2010/03/18 20:39:36 | 000,100,952 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTERFXFX.SYS -- (CTERFXFX.SYS)
DRV - [2010/03/18 20:39:36 | 000,100,952 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTERFXFX.sys -- (CTERFXFX)
DRV - [2010/03/18 20:39:28 | 000,566,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CTSBLFX.SYS -- (CTSBLFX.SYS)
DRV - [2010/03/18 20:39:28 | 000,566,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTSBLFX.sys -- (CTSBLFX)
DRV - [2010/03/18 20:39:18 | 000,555,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CTAUDFX.SYS -- (CTAUDFX.SYS)
DRV - [2010/03/18 20:39:18 | 000,555,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTAUDFX.sys -- (CTAUDFX)
DRV - [2010/03/18 20:39:10 | 000,099,416 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\COMMONFX.SYS -- (COMMONFX.SYS)
DRV - [2010/03/18 20:39:10 | 000,099,416 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\COMMONFX.sys -- (COMMONFX)
DRV - [2009/09/28 09:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/13 21:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 21:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 21:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 19:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 19:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 19:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2008/12/26 12:56:04 | 000,017,792 | ---- | M] (Avnex) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vcsvad.sys -- (VCSVADHWSer) Avnex Virtual Audio Device (WDM)
DRV - [2008/04/04 14:31:38 | 000,136,832 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SaiHFFB5.sys -- (SaiHFFB5)
DRV - [2008/04/04 14:31:38 | 000,016,384 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SaiIFFB5.sys -- (SaiIFFB5) Immersion's HID USB Driver (FFB5)
DRV - [2008/02/18 10:21:42 | 000,035,456 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SaiBus.sys -- (SaiNtBus)
DRV - [2008/02/18 10:21:42 | 000,014,080 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SaiMini.sys -- (SaiMini)
DRV - [2008/01/21 09:22:08 | 000,104,960 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SaiK0728.sys -- (SaiK0728)
DRV - [2007/08/02 09:32:26 | 000,022,784 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dadder.sys -- (DAdderFltr)
DRV - [2007/06/29 14:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2007/05/11 17:31:36 | 003,580,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam Pro 5000(UVC)
DRV - [2007/05/11 17:31:22 | 000,041,888 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/05/11 17:30:04 | 001,921,184 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2007/04/12 08:10:26 | 000,164,608 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CT20XUT.DLL -- (CT20XUT.DLL)
DRV - [2007/04/12 08:10:26 | 000,066,816 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTHWIUT.DLL -- (CTHWIUT.DLL)
DRV - [2007/04/12 08:10:24 | 001,317,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTEXFIFX.DLL -- (CTEXFIFX.DLL)
DRV - [2007/04/12 08:10:22 | 000,323,328 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTEDSPSY.DLL -- (CTEDSPSY.DLL)
DRV - [2007/04/12 08:10:22 | 000,128,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTEDSPIO.DLL -- (CTEDSPIO.DLL)
DRV - [2007/04/12 08:10:20 | 000,280,320 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTEDSPFX.DLL -- (CTEDSPFX.DLL)
DRV - [2007/04/12 08:10:18 | 000,168,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTEAPSFX.DLL -- (CTEAPSFX.DLL)
DRV - [1996/04/03 15:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9B EB 56 14 2B 0C CC 01 [binary data]
IE - HKCU\..\URLSearchHook: {9565115d-c7d6-46d3-bd63-b67b481a4368} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=BABTDF&PC=BBLN&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.noxiousnet.com/forums/"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:4.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {d37dc5d0-431d-44e5-8c91-49419370caa1}:2.7.82
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2011/05/03 06:32:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn\ [2011/05/02 18:29:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/30 08:42:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/06 15:43:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/04/30 08:46:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2011/04/30 08:46:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joshua\AppData\Roaming\Mozilla\Extensions
[2011/04/30 08:46:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joshua\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/05/08 19:53:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joshua\AppData\Roaming\Mozilla\Firefox\Profiles\lii1xsux.default\extensions
[2011/04/12 06:52:56 | 000,000,000 | ---D | M] (FoxClocks) -- C:\Users\Joshua\AppData\Roaming\Mozilla\Firefox\Profiles\lii1xsux.default\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}
[2011/05/01 09:42:28 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Users\Joshua\AppData\Roaming\Mozilla\Firefox\Profiles\lii1xsux.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2010/10/22 22:25:28 | 000,001,832 | ---- | M] () -- C:\Users\Joshua\AppData\Roaming\Mozilla\Firefox\Profiles\lii1xsux.default\searchplugins\bing.xml
[2011/04/30 08:42:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/28 22:16:09 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/09/07 17:47:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/16 14:29:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/11 19:21:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/28 19:56:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
[2011/05/02 18:29:29 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\COFFPLGN
[2011/05/03 06:32:00 | 000,000,000 | ---D | M] (Symantec IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPLGN
() (No name found) -- C:\USERS\JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LII1XSUX.DEFAULT\EXTENSIONS\{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI
[2011/04/14 12:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/12/09 06:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/05/01 09:25:59 | 000,433,294 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 14910 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (no name) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - No CLSID value found.
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [ATICustomerCare] c:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [CTHelper] C:\Windows\System32\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe (Saitek)
O4 - HKLM..\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe (Saitek)
O4 - HKLM..\Run: [SaiVolume] C:\Program Files\Saitek\CyborgKeyboard\SaiVolume.exe (Saitek)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [CreativeTaskScheduler] C:\Program Files\Creative\Shared Files\CTSched.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_23)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} [You must be registered and logged in to see this link.] (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} [You must be registered and logged in to see this link.] (Creative Software AutoUpdate Support Package 1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\WBSrv: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2003/08/08 19:04:18 | 000,190,234 | R--- | M] () - D:\autoplay.exe -- [ CDFS ]
O32 - AutoRun File - [2003/08/08 18:45:58 | 000,000,043 | R--- | M] () - D:\AutoRun.inf -- [ CDFS ]
O33 - MountPoints2\{60eec817-9e96-11df-811e-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{60eec817-9e96-11df-811e-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autoplay.exe -- [2003/08/08 19:04:18 | 000,190,234 | R--- | M] ()
O33 - MountPoints2\{f0634fe7-9e9c-11df-836f-000129a3c593}\Shell - "" = AutoRun
O33 - MountPoints2\{f0634fe7-9e9c-11df-836f-000129a3c593}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 8.0
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Windows Media Player 5.2
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 8.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {BAFF5258-B1B4-28C8-94B1-E6770BB8AAAE} - Macromedia Shockwave Director 8.0
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker 2.6
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codec - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.i420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: VIDC.XFR1 - C:\Windows\System32\xfcodec.dll ()


========== Files/Folders - Created Within 30 Days ==========

[2011/05/09 15:56:57 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Users\Joshua\Desktop\aswMBR.exe
[2011/05/08 16:58:29 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\Electronic Arts
[2011/05/08 16:37:46 | 000,000,000 | -HSD | C] -- C:\ProgramData\DSS
[2011/05/07 22:13:10 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\EA Games
[2011/05/07 22:10:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Solidshield
[2011/05/07 21:46:44 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{7208BC7F-77D9-4943-A5F3-A04269F2103C}
[2011/05/06 16:23:28 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{B1E2ED00-80C5-4055-A389-DC9A7FA69A74}
[2011/05/06 15:48:36 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011/05/06 15:48:36 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/05/06 15:48:36 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/05/06 15:48:36 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/05/06 15:48:36 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/05/06 15:48:36 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/05/06 15:48:36 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011/05/06 15:48:36 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/05/06 15:48:36 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/05/06 15:48:36 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011/05/06 15:48:36 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/05/06 15:48:36 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/05/06 15:48:36 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011/05/06 15:48:36 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011/05/06 15:48:36 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/05/06 15:48:36 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011/05/06 15:48:36 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011/05/06 15:48:36 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011/05/06 15:48:36 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011/05/06 15:48:36 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011/05/06 15:48:36 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/05/06 15:48:36 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011/05/06 15:48:36 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/05/06 15:48:36 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011/05/06 15:48:36 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011/05/06 15:48:36 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/05/06 15:48:36 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011/05/06 15:48:36 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011/05/06 15:48:36 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011/05/06 15:48:36 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/05/06 15:48:36 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/05/06 15:48:36 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/05/06 15:48:36 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011/05/06 15:48:36 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011/05/06 15:48:36 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/05/06 15:48:36 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011/05/06 15:48:36 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/05/06 15:48:36 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/05/06 15:48:36 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/05/06 07:55:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
[2011/05/05 17:32:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\Defaults
[2011/05/05 17:12:42 | 000,647,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mscomct2.ocx
[2011/05/05 17:12:42 | 000,053,248 | ---- | C] (Creative Technology Ltd ) -- C:\Windows\Ctregrun.exe
[2011/05/05 17:11:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Creative Labs
[2011/05/05 17:05:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Creative
[2011/05/05 17:05:39 | 000,000,000 | -H-D | C] -- C:\Program Files\Creative Installation Information
[2011/05/05 16:58:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Creative
[2011/05/05 16:51:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
[2011/05/05 16:50:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Creative Labs Shared
[2011/05/05 16:47:51 | 000,000,000 | ---D | C] -- C:\Program Files\Creative
[2011/05/01 18:06:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mumble
[2011/05/01 18:06:19 | 000,000,000 | ---D | C] -- C:\Program Files\Mumble
[2011/05/01 11:12:30 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fraps
[2011/05/01 11:12:29 | 000,000,000 | ---D | C] -- C:\Fraps
[2011/05/01 09:42:34 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Roaming\QuickScan
[2011/04/30 08:46:17 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Roaming\Thunderbird
[2011/04/30 08:46:17 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\Thunderbird
[2011/04/30 08:46:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird
[2011/04/30 08:46:05 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2011/04/27 06:30:37 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prevhost.exe
[2011/04/27 06:30:35 | 001,686,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\esent.dll
[2011/04/27 06:30:35 | 000,146,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\storport.sys
[2011/04/27 06:30:35 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fsutil.exe
[2011/04/27 06:30:32 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/04/27 06:30:31 | 002,614,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2011/04/26 07:43:45 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/04/25 19:03:00 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011/04/25 19:02:28 | 000,000,000 | ---D | C] -- C:\Program Files\AMD APP
[2011/04/25 19:01:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2011/04/24 18:24:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/04/24 18:23:35 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/04/24 18:23:35 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/04/24 18:20:32 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/04/24 18:07:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FX MOD 1.85
[2011/04/24 08:00:04 | 000,000,000 | ---D | C] -- C:\Users\Joshua\Documents\Homeworld 2
[2011/04/23 17:58:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2011/04/22 20:11:17 | 000,000,000 | ---D | C] -- C:\Program Files\Sierra On-Line
[2011/04/22 20:11:17 | 000,000,000 | ---D | C] -- C:\Sierra
[2011/04/21 17:00:43 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2011/04/21 17:00:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2011/04/21 17:00:43 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedFan
[2011/04/20 15:06:17 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2011/04/20 15:06:05 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2011/04/19 17:25:13 | 000,276,992 | ---- | C] (Aureal Semiconductor) -- C:\Windows\System32\a3dapi.dll
[2011/04/19 16:38:14 | 000,000,000 | ---D | C] -- C:\Program Files\Sierra
[2011/04/19 12:09:58 | 000,000,000 | ---D | C] -- C:\Windows\System32\%LOCALAPPDATA%
[2011/04/18 11:13:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
[2011/04/18 11:13:03 | 000,000,000 | ---D | C] -- C:\Program Files\Sony
[2011/04/18 09:38:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe
[2011/04/18 09:31:34 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{2486393B-829A-4154-AB0E-2984E66B39A8}
[2011/04/17 11:24:41 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{855E9C59-7F37-404A-B573-F45E1A79DF1C}
[2011/04/17 08:28:16 | 000,000,000 | ---D | C] -- C:\Users\Joshua\Desktop\Willowtree
[2011/04/16 18:51:00 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\{94D7BE5D-A2FB-4F89-9C6B-9AAD723FC717}
[2011/04/14 16:00:44 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011/04/14 16:00:42 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/04/14 16:00:42 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/04/14 16:00:15 | 002,331,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/04/14 16:00:14 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSCOVER.exe
[2011/04/14 16:00:13 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/04/14 16:00:05 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011/04/14 16:00:04 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011/04/13 19:39:45 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM
[2011/04/12 16:16:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft XNA
[2011/04/09 18:55:44 | 015,453,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xlive.dll
[2011/04/09 18:55:42 | 013,642,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xlivefnt.dll
[2010/03/18 19:18:32 | 000,010,752 | ---- | C] ( ) -- C:\Windows\System32\a3d.dll
[2010/03/18 18:59:50 | 000,010,240 | ---- | C] ( ) -- C:\Windows\System32\killapps.exe
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/09 15:57:13 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Users\Joshua\Desktop\aswMBR.exe
[2011/05/09 15:09:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/09 06:34:10 | 000,013,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/09 06:34:10 | 000,013,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/09 06:26:58 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/09 06:26:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/09 06:26:42 | 2616,053,760 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/08 21:24:59 | 000,031,056 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000005-00000000-00000001-00001102-00000004-20021102}.rfx
[2011/05/08 21:24:59 | 000,031,056 | ---- | M] () -- C:\Windows\System32\BMXState-{00000005-00000000-00000001-00001102-00000004-20021102}.rfx
[2011/05/08 21:24:59 | 000,030,528 | ---- | M] () -- C:\Windows\System32\BMXCtrlState-{00000005-00000000-00000001-00001102-00000004-20021102}.rfx
[2011/05/08 21:24:59 | 000,030,528 | ---- | M] () -- C:\Windows\System32\BMXBkpCtrlState-{00000005-00000000-00000001-00001102-00000004-20021102}.rfx
[2011/05/08 21:24:59 | 000,011,564 | ---- | M] () -- C:\Windows\System32\DVCState-{00000005-00000000-00000001-00001102-00000004-20021102}.rfx
[2011/05/08 21:23:55 | 004,931,577 | ---- | M] () -- C:\Windows\{00000005-00000000-00000001-00001102-00000004-20021102}.CDF
[2011/05/08 21:23:55 | 004,931,577 | ---- | M] () -- C:\Windows\{00000005-00000000-00000001-00001102-00000004-20021102}.BAK
[2011/05/08 19:34:20 | 000,138,440 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011/05/08 19:34:10 | 000,270,856 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2011/05/08 18:44:07 | 000,000,215 | ---- | M] () -- C:\Users\Joshua\Desktop\Medal of Honor MP.url
[2011/05/08 18:22:41 | 000,270,856 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0
[2011/05/08 17:33:05 | 000,138,056 | ---- | M] () -- C:\Users\Joshua\AppData\Roaming\PnkBstrK.sys
[2011/05/08 17:00:05 | 000,000,296 | ---- | M] () -- C:\Windows\tasks\Crysis Wars(R) Updates.job
[2011/05/08 16:09:08 | 002,601,752 | ---- | M] () -- C:\Windows\System32\pbsvc_moh.exe
[2011/05/08 15:26:10 | 000,000,215 | ---- | M] () -- C:\Users\Joshua\Desktop\Medal of Honor.url
[2011/05/07 22:00:00 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\At1.job
[2011/05/06 17:10:30 | 000,000,215 | ---- | M] () -- C:\Users\Joshua\Desktop\S.T.A.L.K.E.R. Call of Pripyat.url
[2011/05/06 16:00:06 | 000,043,520 | ---- | M] () -- C:\Windows\System32\CmdLineExt03.dll
[2011/05/06 15:53:13 | 000,001,407 | ---- | M] () -- C:\Users\Joshua\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/06 15:48:36 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011/05/06 15:48:36 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/05/06 15:48:36 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/05/06 15:48:36 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/05/06 15:48:36 | 001,124,868 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1206000.01D\Cat.DB
[2011/05/06 15:48:36 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/05/06 15:48:36 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/05/06 15:48:36 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011/05/06 15:48:36 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/05/06 15:48:36 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/05/06 15:48:36 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011/05/06 15:48:36 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/05/06 15:48:36 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/05/06 15:48:36 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011/05/06 15:48:36 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011/05/06 15:48:36 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/05/06 15:48:36 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011/05/06 15:48:36 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011/05/06 15:48:36 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011/05/06 15:48:36 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011/05/06 15:48:36 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011/05/06 15:48:36 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/05/06 15:48:36 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011/05/06 15:48:36 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/05/06 15:48:36 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011/05/06 15:48:36 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011/05/06 15:48:36 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/05/06 15:48:36 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011/05/06 15:48:36 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011/05/06 15:48:36 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011/05/06 15:48:36 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/05/06 15:48:36 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/05/06 15:48:36 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011/05/06 15:48:36 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/05/06 15:48:36 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011/05/06 15:48:36 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011/05/06 15:48:36 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/05/06 15:48:36 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011/05/06 15:48:36 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/05/06 15:48:36 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/05/06 15:48:36 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/05/05 17:26:14 | 000,445,016 | ---- | M] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
[2011/05/05 17:26:14 | 000,109,144 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll
[2011/05/05 17:26:12 | 000,000,087 | RH-- | M] () -- C:\Windows\ctfile.rfc
[2011/05/02 18:30:05 | 000,126,584 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011/05/02 18:30:05 | 000,007,468 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011/05/02 18:30:05 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011/05/01 11:12:30 | 000,000,572 | ---- | M] () -- C:\Users\Joshua\Desktop\Fraps.lnk
[2011/05/01 09:25:59 | 000,433,294 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/05/01 09:25:31 | 000,433,294 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20110501-092559.backup
[2011/05/01 04:40:00 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\Driver Robot.job
[2011/05/01 00:20:53 | 000,003,184 | ---- | M] () -- C:\{6797077F-C94A-4D3A-A4AA-2FD034CFCE45}
[2011/05/01 00:17:15 | 000,003,224 | ---- | M] () -- C:\{CE230612-2481-47AA-BE5E-D4F144C6F8E6}
[2011/05/01 00:13:36 | 000,002,360 | ---- | M] () -- C:\{58AC47FD-3877-43C9-A21E-2302E2BD896E}
[2011/05/01 00:12:11 | 000,002,536 | ---- | M] () -- C:\{E0704891-4DB8-4769-B31A-9A0B4096DA1E}
[2011/05/01 00:08:09 | 000,001,768 | ---- | M] () -- C:\{A3B536D6-64E3-4A05-90D2-0E4377C8F83E}
[2011/05/01 00:03:43 | 000,002,744 | ---- | M] () -- C:\{971539BF-9DCC-460F-8DF7-0C40FE4132E8}
[2011/04/30 23:59:18 | 000,002,768 | ---- | M] () -- C:\{05D3D81F-6C61-436D-8855-E6FE0D23E19A}
[2011/04/30 23:54:14 | 000,002,176 | ---- | M] () -- C:\{04B372BB-9D3F-4B0A-A99B-E85BD336C611}
[2011/04/30 21:48:02 | 000,002,432 | ---- | M] () -- C:\{5FFC0665-C65C-4624-B416-BA6572CE4447}
[2011/04/30 08:46:10 | 000,001,975 | ---- | M] () -- C:\Users\Joshua\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2011/04/30 08:43:38 | 000,001,998 | ---- | M] () -- C:\Users\Joshua\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/04/28 23:29:05 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1206000.01D\isolate.ini
[2011/04/26 07:24:42 | 000,000,215 | ---- | M] () -- C:\Users\Joshua\Desktop\Call of Duty Modern Warfare 2 - Multiplayer.url
[2011/04/24 18:26:00 | 000,002,314 | ---- | M] () -- C:\Users\Joshua\Desktop\FX MOD 1.85.lnk
[2011/04/24 18:24:14 | 000,001,771 | ---- | M] () -- C:\Users\Joshua\Desktop\iTunes.lnk
[2011/04/24 08:38:35 | 000,002,280 | ---- | M] () -- C:\Users\Joshua\Desktop\Complex 7.4.4.lnk
[2011/04/24 08:24:58 | 000,001,302 | ---- | M] () -- C:\Users\Joshua\Desktop\Homeworld2.lnk
[2011/04/23 17:58:04 | 000,001,810 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/04/22 20:17:47 | 000,000,645 | ---- | M] () -- C:\Users\Joshua\Desktop\Homeworld.lnk
[2011/04/22 20:12:34 | 000,000,100 | ---- | M] () -- C:\Windows\SIERRA.INI
[2011/04/21 17:00:43 | 000,000,045 | ---- | M] () -- C:\Windows\System32\initdebug.nfo
[2011/04/21 14:15:47 | 000,626,844 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/04/21 14:15:47 | 000,107,160 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/04/20 08:37:51 | 000,000,213 | ---- | M] () -- C:\Users\Joshua\Desktop\Portal 2.url
[2011/04/15 06:44:46 | 000,417,184 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/04/09 18:55:44 | 015,453,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xlive.dll
[2011/04/09 18:55:42 | 013,642,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xlivefnt.dll
[2011/04/09 18:55:28 | 000,179,261 | ---- | M] () -- C:\Windows\System32\xlive.dll.cat
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]



Tankman

Newbie Surfer
Newbie Surfer

Posts : 19
Joined : 2011-05-10
Operating System : Windows 7 x32 Bit

View user profile

Back to top Go down

Solved Re: W32.Shadesrat and other possible infection.

Post by Tankman on Tue 10 May 2011, 7:42 am

========== Files Created - No Company Name ==========

[2011/05/08 18:44:07 | 000,000,215 | ---- | C] () -- C:\Users\Joshua\Desktop\Medal of Honor MP.url
[2011/05/08 15:26:10 | 000,000,215 | ---- | C] () -- C:\Users\Joshua\Desktop\Medal of Honor.url
[2011/05/08 09:53:12 | 000,001,771 | ---- | C] () -- C:\Users\Joshua\Desktop\iTunes.lnk
[2011/05/06 17:10:30 | 000,000,215 | ---- | C] () -- C:\Users\Joshua\Desktop\S.T.A.L.K.E.R. Call of Pripyat.url
[2011/05/06 15:48:36 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/05/05 17:33:03 | 000,030,528 | ---- | C] () -- C:\Windows\System32\BMXCtrlState-{00000005-00000000-00000001-00001102-00000004-20021102}.rfx
[2011/05/05 17:33:03 | 000,030,528 | ---- | C] () -- C:\Windows\System32\BMXBkpCtrlState-{00000005-00000000-00000001-00001102-00000004-20021102}.rfx
[2011/05/05 17:33:03 | 000,011,564 | ---- | C] () -- C:\Windows\System32\DVCState-{00000005-00000000-00000001-00001102-00000004-20021102}.rfx
[2011/05/05 17:32:44 | 004,931,577 | ---- | C] () -- C:\Windows\{00000005-00000000-00000001-00001102-00000004-20021102}.BAK
[2011/05/05 17:32:35 | 004,174,814 | ---- | C] () -- C:\Windows\System32\CT4MGM.SF2
[2011/05/05 17:28:30 | 004,931,577 | ---- | C] () -- C:\Windows\{00000005-00000000-00000001-00001102-00000004-20021102}.CDF
[2011/05/05 17:26:12 | 000,148,480 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2011/05/05 17:26:12 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2011/05/05 17:26:12 | 000,000,087 | RH-- | C] () -- C:\Windows\ctfile.rfc
[2011/05/05 16:51:38 | 000,007,062 | ---- | C] () -- C:\Windows\System32\audiopid.vxd
[2011/05/01 11:12:30 | 000,000,572 | ---- | C] () -- C:\Users\Joshua\Desktop\Fraps.lnk
[2011/05/01 00:20:53 | 000,003,184 | ---- | C] () -- C:\{6797077F-C94A-4D3A-A4AA-2FD034CFCE45}
[2011/05/01 00:17:13 | 000,003,224 | ---- | C] () -- C:\{CE230612-2481-47AA-BE5E-D4F144C6F8E6}
[2011/05/01 00:13:35 | 000,002,360 | ---- | C] () -- C:\{58AC47FD-3877-43C9-A21E-2302E2BD896E}
[2011/05/01 00:12:09 | 000,002,536 | ---- | C] () -- C:\{E0704891-4DB8-4769-B31A-9A0B4096DA1E}
[2011/05/01 00:08:07 | 000,001,768 | ---- | C] () -- C:\{A3B536D6-64E3-4A05-90D2-0E4377C8F83E}
[2011/05/01 00:03:41 | 000,002,744 | ---- | C] () -- C:\{971539BF-9DCC-460F-8DF7-0C40FE4132E8}
[2011/04/30 23:59:16 | 000,002,768 | ---- | C] () -- C:\{05D3D81F-6C61-436D-8855-E6FE0D23E19A}
[2011/04/30 23:54:11 | 000,002,176 | ---- | C] () -- C:\{04B372BB-9D3F-4B0A-A99B-E85BD336C611}
[2011/04/30 21:48:02 | 000,002,432 | ---- | C] () -- C:\{5FFC0665-C65C-4624-B416-BA6572CE4447}
[2011/04/30 08:46:10 | 000,001,975 | ---- | C] () -- C:\Users\Joshua\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2011/04/30 08:42:31 | 000,001,108 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/04/26 07:24:42 | 000,000,215 | ---- | C] () -- C:\Users\Joshua\Desktop\Call of Duty Modern Warfare 2 - Multiplayer.url
[2011/04/24 18:07:51 | 000,002,314 | ---- | C] () -- C:\Users\Joshua\Desktop\FX MOD 1.85.lnk
[2011/04/24 08:40:49 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2011/04/24 08:38:35 | 000,002,280 | ---- | C] () -- C:\Users\Joshua\Desktop\Complex 7.4.4.lnk
[2011/04/24 08:24:58 | 000,001,302 | ---- | C] () -- C:\Users\Joshua\Desktop\Homeworld2.lnk
[2011/04/22 20:17:47 | 000,000,645 | ---- | C] () -- C:\Users\Joshua\Desktop\Homeworld.lnk
[2011/04/22 20:12:25 | 000,000,100 | ---- | C] () -- C:\Windows\SIERRA.INI
[2011/04/21 17:00:27 | 000,000,045 | ---- | C] () -- C:\Windows\System32\initdebug.nfo
[2011/04/20 15:06:08 | 000,001,810 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/04/20 08:37:51 | 000,000,213 | ---- | C] () -- C:\Users\Joshua\Desktop\Portal 2.url
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/03/21 19:56:22 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011/02/28 19:19:32 | 016,002,589 | ---- | C] () -- C:\Users\Joshua\AppData\Roaming\SMRBackup161.dat
[2011/02/01 18:01:14 | 000,227,586 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011/01/12 23:03:18 | 000,003,155 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2010/12/04 22:07:16 | 000,024,576 | ---- | C] () -- C:\Windows\System32\ealtest.exe
[2010/11/16 21:42:06 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010/11/02 20:50:13 | 000,000,618 | ---- | C] () -- C:\Windows\hegames.ini
[2010/11/02 20:45:57 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2010/11/02 20:25:34 | 000,002,587 | ---- | C] () -- C:\Windows\WAVEMIX.INI
[2010/10/27 03:13:04 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2010/10/18 19:33:35 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/10/17 15:01:26 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2010/10/10 10:43:01 | 000,000,289 | ---- | C] () -- C:\Windows\EReg072.dat
[2010/10/10 10:42:54 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2010/10/04 20:42:14 | 002,601,752 | ---- | C] () -- C:\Windows\System32\pbsvc_moh.exe
[2010/09/24 18:00:59 | 000,009,728 | ---- | C] () -- C:\Users\Joshua\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/18 18:14:17 | 000,057,904 | ---- | C] () -- C:\Windows\System32\wbload.dll
[2010/09/11 13:33:20 | 000,000,154 | ---- | C] () -- C:\Windows\wininit.ini
[2010/08/07 19:43:50 | 000,190,920 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010/08/07 17:40:52 | 000,669,184 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2010/08/05 17:27:44 | 000,138,440 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010/08/05 17:27:44 | 000,138,056 | ---- | C] () -- C:\Users\Joshua\AppData\Roaming\PnkBstrK.sys
[2010/08/05 17:27:17 | 000,270,856 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010/08/05 17:27:12 | 002,434,856 | ---- | C] () -- C:\Windows\System32\pbsvc_bc2.exe
[2010/08/05 17:27:12 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010/08/02 21:39:07 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/08/02 21:33:48 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/08/02 21:18:03 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/07/09 15:00:32 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2010/03/18 19:59:54 | 000,050,439 | ---- | C] () -- C:\Windows\System32\instwdm.ini
[2010/03/18 19:59:50 | 000,000,054 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini
[2010/03/18 19:19:58 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CTBurst.dll
[2010/03/18 19:17:50 | 000,037,888 | ---- | C] () -- C:\Windows\System32\psconv.exe
[2010/03/18 19:07:54 | 000,386,852 | ---- | C] () -- C:\Windows\System32\ctdnlstr.dat
[2010/03/18 19:07:54 | 000,051,787 | ---- | C] () -- C:\Windows\System32\ctdlang.dat
[2010/03/18 19:03:12 | 000,013,312 | ---- | C] () -- C:\Windows\System32\regplib.exe
[2010/03/18 19:02:14 | 000,149,838 | ---- | C] () -- C:\Windows\System32\ctbas2w.dat
[2010/03/18 19:00:42 | 000,274,587 | ---- | C] () -- C:\Windows\System32\ctsbas2w.dat
[2010/03/18 18:59:56 | 000,313,207 | ---- | C] () -- C:\Windows\System32\ctstatic.dat
[2010/03/18 18:59:56 | 000,053,932 | ---- | C] () -- C:\Windows\System32\ctdaught.dat
[2010/03/18 18:59:54 | 000,005,120 | ---- | C] () -- C:\Windows\System32\enlocstr.exe
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 000,417,184 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,626,844 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,107,160 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 20:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/08 15:10:56 | 000,000,307 | ---- | C] () -- C:\Windows\System32\kill.ini
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2008/04/04 14:31:36 | 001,978,368 | ---- | C] () -- C:\Windows\System32\SaiCFFB5.Dll
[2008/04/04 14:31:36 | 000,008,704 | ---- | C] () -- C:\Windows\System32\SaiCFFB5_0C.dll
[2008/04/04 14:31:36 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiCFFB5_10.dll
[2008/04/04 14:31:36 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiCFFB5_0A.dll
[2008/04/04 14:31:36 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiCFFB5_07.dll
[2008/04/04 14:31:36 | 000,007,680 | ---- | C] () -- C:\Windows\System32\SaiCFFB5_09.dll
[2008/04/04 14:31:36 | 000,007,168 | ---- | C] () -- C:\Windows\System32\SaiCFFB5_0402.dll
[2008/04/04 14:31:36 | 000,005,632 | ---- | C] () -- C:\Windows\System32\SaiCFFB5_11.dll
[2007/08/13 20:45:02 | 000,077,824 | ---- | C] () -- C:\Windows\System32\ctmmactl.dll
[2007/05/11 16:12:54 | 000,057,126 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2007/04/12 08:10:28 | 000,105,728 | ---- | C] () -- C:\Windows\System32\APOMgrH.dll
[1996/04/03 15:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== Custom Scans ==========


< %systemroot%\Fonts\*.com >
[2009/07/14 00:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 00:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 00:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 00:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 17:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2010/04/24 05:00:00 | 000,027,648 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\1_CNMPDA1.DLL
[2010/04/24 05:00:00 | 000,027,648 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNMPDA1.DLL
[2010/04/24 05:00:00 | 000,070,656 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNMPPA1.DLL
[2009/07/13 21:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2009/07/13 21:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/11/10 02:28:46 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2011/01/17 10:19:18 | 000,225,280 | ---- | M] (MultiMedia Soft) -- C:\Users\Joshua\AppData\Roaming\Microsoft\AdjMmsVista.dll

< %PROGRAMFILES%\*.* >
[2009/07/14 00:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
[2003/09/03 07:46:54 | 000,010,960 | ---- | M] () -- C:\Program Files\EULA.txt
[2011/04/24 08:40:18 | 000,001,432 | ---- | M] () -- C:\Program Files\INSTALL.LOG
[2003/12/18 11:33:46 | 000,020,102 | ---- | M] () -- C:\Program Files\Readme.txt

< %APPDATA%\Update\*.* >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/05/06 15:53:13 | 000,000,221 | -HS- | M] () -- C:\Users\Joshua\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/05/09 15:57:13 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Users\Joshua\Desktop\aswMBR.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 17:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2011/04/14 12:25:40 | 000,125,912 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
[2011/04/14 12:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2011/04/14 12:25:55 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
[2011/04/14 12:25:59 | 000,261,080 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2011/05/06 16:20:45 | 000,000,290 | ---- | M] () -- C:\Users\Joshua\Favorites\NCH Audio and Telephony Software.lnk
[2011/05/06 16:20:45 | 000,000,276 | ---- | M] () -- C:\Users\Joshua\Favorites\NCH Software Download Site.lnk

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2011/03/09 00:53:44 | 000,462,848 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\System32\ATIDEMGX.dll
[2009/07/13 21:15:36 | 000,226,816 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\LocationApi.dll
[2009/07/13 21:16:18 | 000,489,472 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\win32spl.dll

< %systemroot%\system32\*.exe /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.sys >
[2009/07/13 17:40:41 | 000,009,029 | ---- | M] () -- C:\Windows\System32\ANSI.SYS
[2009/07/13 21:26:21 | 000,249,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys
[2009/07/13 17:40:44 | 000,027,097 | ---- | M] () -- C:\Windows\System32\country.sys
[1996/04/03 15:33:26 | 000,005,248 | ---- | M] () -- C:\Windows\System32\giveio.sys
[2009/07/13 17:40:40 | 000,004,768 | ---- | M] () -- C:\Windows\System32\HIMEM.SYS
[2009/07/13 17:40:43 | 000,042,809 | ---- | M] () -- C:\Windows\System32\KEY01.SYS
[2009/07/13 17:40:43 | 000,042,537 | ---- | M] () -- C:\Windows\System32\KEYBOARD.SYS
[2009/07/13 17:40:23 | 000,027,866 | ---- | M] () -- C:\Windows\System32\NTDOS.SYS
[2009/07/13 17:40:31 | 000,029,146 | ---- | M] () -- C:\Windows\System32\NTDOS404.SYS
[2009/07/13 17:40:35 | 000,029,370 | ---- | M] () -- C:\Windows\System32\NTDOS411.SYS
[2009/07/13 17:40:39 | 000,029,274 | ---- | M] () -- C:\Windows\System32\NTDOS412.SYS
[2009/07/13 17:40:27 | 000,029,146 | ---- | M] () -- C:\Windows\System32\NTDOS804.SYS
[2009/07/13 17:40:11 | 000,033,952 | ---- | M] () -- C:\Windows\System32\NTIO.SYS
[2009/07/13 17:40:15 | 000,034,672 | ---- | M] () -- C:\Windows\System32\NTIO404.SYS
[2009/07/13 17:40:17 | 000,035,776 | ---- | M] () -- C:\Windows\System32\NTIO411.SYS
[2009/07/13 17:40:19 | 000,035,536 | ---- | M] () -- C:\Windows\System32\NTIO412.SYS
[2009/07/13 17:40:13 | 000,034,672 | ---- | M] () -- C:\Windows\System32\NTIO804.SYS
[2010/12/18 07:03:56 | 000,021,696 | ---- | M] (Almico Software) -- C:\Windows\System32\speedfan.sys
[2011/03/02 23:31:32 | 002,331,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

< %systemroot%\system32\drivers\*.dll >
[2011/03/09 00:16:14 | 000,053,248 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\ati2erec.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2010/04/24 05:00:00 | 000,027,648 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\1_CNMPDA1.DLL
[2010/04/24 05:00:00 | 000,027,648 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNMPDA1.DLL
[2010/04/24 05:00:00 | 000,070,656 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNMPPA1.DLL
[2009/07/13 21:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2009/07/13 21:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll

< %SYSTEMDRIVE%\*.* >
[2011/03/27 16:59:44 | 000,000,000 | ---- | M] () -- C:\AdobeDebug.txt
[2009/06/10 17:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/06/10 17:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2011/05/09 06:26:42 | 2616,053,760 | -HS- | M] () -- C:\hiberfil.sys
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2010/09/12 08:48:52 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/09/12 08:48:52 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/05/09 06:26:54 | 3488,075,776 | -HS- | M] () -- C:\pagefile.sys
[2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI
[2011/04/30 23:54:14 | 000,002,176 | ---- | M] () -- C:\{04B372BB-9D3F-4B0A-A99B-E85BD336C611}
[2011/04/30 23:59:18 | 000,002,768 | ---- | M] () -- C:\{05D3D81F-6C61-436D-8855-E6FE0D23E19A}
[2011/05/01 00:13:36 | 000,002,360 | ---- | M] () -- C:\{58AC47FD-3877-43C9-A21E-2302E2BD896E}
[2011/04/30 21:48:02 | 000,002,432 | ---- | M] () -- C:\{5FFC0665-C65C-4624-B416-BA6572CE4447}
[2011/02/13 14:29:24 | 000,002,192 | ---- | M] () -- C:\{656DCD19-705A-4B24-AA71-4B72E33C34EF}
[2011/05/01 00:20:53 | 000,003,184 | ---- | M] () -- C:\{6797077F-C94A-4D3A-A4AA-2FD034CFCE45}
[2011/05/01 00:03:43 | 000,002,744 | ---- | M] () -- C:\{971539BF-9DCC-460F-8DF7-0C40FE4132E8}
[2011/05/01 00:08:09 | 000,001,768 | ---- | M] () -- C:\{A3B536D6-64E3-4A05-90D2-0E4377C8F83E}
[2011/03/11 10:26:13 | 000,002,280 | ---- | M] () -- C:\{B9C8C532-E2BC-403B-BB55-26CF52CE8659}
[2011/05/01 00:17:15 | 000,003,224 | ---- | M] () -- C:\{CE230612-2481-47AA-BE5E-D4F144C6F8E6}
[2011/05/01 00:12:11 | 000,002,536 | ---- | M] () -- C:\{E0704891-4DB8-4769-B31A-9A0B4096DA1E}

< %PROGRAMFILES%\*. >
[2010/08/11 17:36:54 | 000,000,000 | ---D | M] -- C:\Program Files\7-Zip
[2010/10/17 14:50:39 | 000,000,000 | ---D | M] -- C:\Program Files\Activision
[2010/11/16 21:42:46 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2011/02/06 10:52:59 | 000,000,000 | ---D | M] -- C:\Program Files\AMD
[2011/04/25 19:02:28 | 000,000,000 | ---D | M] -- C:\Program Files\AMD APP
[2010/08/02 22:17:04 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2011/02/18 08:14:13 | 000,000,000 | ---D | M] -- C:\Program Files\ATI
[2011/04/25 19:01:33 | 000,000,000 | ---D | M] -- C:\Program Files\ATI Technologies
[2010/10/10 10:04:09 | 000,000,000 | ---D | M] -- C:\Program Files\Battlestations Midway
[2010/09/05 12:14:17 | 000,000,000 | ---D | M] -- C:\Program Files\Bethesda Softworks
[2011/04/24 18:20:33 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2010/09/24 22:24:12 | 000,000,000 | ---D | M] -- C:\Program Files\BRS
[2010/12/12 12:38:43 | 000,000,000 | ---D | M] -- C:\Program Files\Bullfrog
[2010/10/04 20:01:42 | 000,000,000 | -H-D | M] -- C:\Program Files\CanonBJ
[2011/04/26 07:43:49 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2011/05/05 17:05:43 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2011/05/05 17:27:04 | 000,000,000 | ---D | M] -- C:\Program Files\Creative
[2011/05/05 17:08:15 | 000,000,000 | -H-D | M] -- C:\Program Files\Creative Installation Information
[2010/09/20 18:15:48 | 000,000,000 | ---D | M] -- C:\Program Files\Davi Rich
[2011/04/24 08:25:14 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
[2010/11/07 21:23:54 | 000,000,000 | ---D | M] -- C:\Program Files\DVD Maker
[2010/10/20 18:55:49 | 000,000,000 | ---D | M] -- C:\Program Files\DVDlab
[2011/05/08 16:57:04 | 000,000,000 | ---D | M] -- C:\Program Files\Electronic Arts
[2010/11/02 20:46:20 | 000,000,000 | ---D | M] -- C:\Program Files\GameSpy Arcade
[2010/10/08 18:17:30 | 000,000,000 | ---D | M] -- C:\Program Files\GoldWave
[2011/05/05 17:33:58 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2011/05/05 17:28:23 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2011/05/06 15:50:16 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2011/04/24 18:23:35 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2011/04/24 18:24:12 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2011/02/28 19:56:46 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2011/05/01 08:29:01 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/17 14:00:05 | 000,000,000 | ---D | M] -- C:\Program Files\Mattel Interactive
[2010/12/09 19:49:32 | 000,000,000 | ---D | M] -- C:\Program Files\MAXON
[2011/04/23 17:58:02 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee Security Scan
[2011/04/20 14:43:57 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2010/10/02 22:52:31 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2011/05/06 07:55:23 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games for Windows - LIVE
[2010/10/04 18:51:45 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2011/04/21 16:19:41 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2010/08/07 14:27:23 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010/10/04 18:51:42 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2010/10/04 19:51:09 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2011/04/12 16:16:41 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft XNA
[2010/10/04 18:51:29 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010/11/27 17:14:00 | 000,000,000 | ---D | M] -- C:\Program Files\Moon Tycoon
[2010/10/20 18:50:35 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker 2.6
[2011/05/08 09:45:33 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2011/04/30 08:46:07 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Thunderbird
[2009/07/14 00:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2010/10/22 16:51:30 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Toolbar Installer
[2011/05/01 18:06:21 | 000,000,000 | ---D | M] -- C:\Program Files\Mumble
[2010/12/31 10:46:22 | 000,000,000 | ---D | M] -- C:\Program Files\NCH Software
[2011/01/26 19:10:36 | 000,000,000 | ---D | M] -- C:\Program Files\NCH Swift Sound
[2010/08/02 21:19:34 | 000,000,000 | ---D | M] -- C:\Program Files\Norton Internet Security
[2010/08/02 21:19:25 | 000,000,000 | ---D | M] -- C:\Program Files\NortonInstaller
[2010/08/22 21:00:43 | 000,000,000 | ---D | M] -- C:\Program Files\NVIDIA Corporation
[2010/09/24 22:23:34 | 000,000,000 | ---D | M] -- C:\Program Files\OpenAL
[2011/05/05 16:45:53 | 000,000,000 | ---D | M] -- C:\Program Files\Paint.NET
[2011/01/17 18:24:29 | 000,000,000 | ---D | M] -- C:\Program Files\Pamela
[2010/08/30 16:41:32 | 000,000,000 | ---D | M] -- C:\Program Files\PopCap Games
[2010/12/31 10:45:47 | 000,000,000 | ---D | M] -- C:\Program Files\Quick Memory Editor
[2011/05/05 16:45:53 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2009/07/14 00:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2010/08/19 13:24:42 | 000,000,000 | ---D | M] -- C:\Program Files\Saitek
[2011/04/19 16:38:14 | 000,000,000 | ---D | M] -- C:\Program Files\Sierra
[2011/04/22 20:11:17 | 000,000,000 | ---D | M] -- C:\Program Files\Sierra On-Line
[2011/04/12 15:49:23 | 000,000,000 | ---D | M] -- C:\Program Files\Six Updater
[2010/09/14 18:29:24 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
[2011/04/18 11:13:03 | 000,000,000 | ---D | M] -- C:\Program Files\Sony
[2010/10/11 18:26:54 | 000,000,000 | ---D | M] -- C:\Program Files\Speccy
[2011/04/23 20:17:37 | 000,000,000 | ---D | M] -- C:\Program Files\SpeedFan
[2011/05/01 09:22:29 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2011/05/08 20:11:58 | 000,000,000 | ---D | M] -- C:\Program Files\Steam
[2011/05/05 16:42:08 | 000,000,000 | ---D | M] -- C:\Program Files\StepMania
[2011/05/02 18:30:10 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec
[2011/02/24 20:20:19 | 000,000,000 | ---D | M] -- C:\Program Files\SystemRequirementsLab
[2010/08/08 20:21:10 | 000,000,000 | ---D | M] -- C:\Program Files\THQ
[2010/08/03 13:17:37 | 000,000,000 | ---D | M] -- C:\Program Files\TortoiseSVN
[2010/10/18 19:33:38 | 000,000,000 | ---D | M] -- C:\Program Files\Ventrilo
[2011/03/08 17:24:15 | 000,000,000 | ---D | M] -- C:\Program Files\VTFEdit
[2011/02/01 21:16:47 | 000,000,000 | ---D | M] -- C:\Program Files\Winamp Detect
[2009/07/14 00:56:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2009/07/14 03:50:32 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2011/03/29 20:14:58 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2010/12/14 22:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2010/11/07 13:52:22 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/07/14 00:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2009/07/14 00:56:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Viewer
[2009/07/14 00:52:32 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
[2010/11/02 19:59:39 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2011/01/13 17:55:51 | 000,000,000 | ---D | M] -- C:\Program Files\Xfire

< %appdata%\*.* >
[2011/05/08 17:33:05 | 000,138,056 | ---- | M] () -- C:\Users\Joshua\AppData\Roaming\PnkBstrK.sys
[2011/02/28 19:20:17 | 016,002,589 | ---- | M] () -- C:\Users\Joshua\AppData\Roaming\SMRBackup161.dat


< MD5 for: AGP440.SYS >
[2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

< MD5 for: DISK.SYS >
[2009/07/13 21:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- C:\Windows\System32\drivers\disk.sys
[2009/07/13 21:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_x86_neutral_b431b61a11f8df6c\disk.sys
[2009/07/13 21:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_f99cd807d58018cb\disk.sys

< MD5 for: IASTORV.SYS >
[2011/03/11 01:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011/03/11 01:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\drivers\iaStorV.sys
[2011/03/11 01:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0033117673c16921\iaStorV.sys
[2011/03/11 01:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011/03/11 01:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009/07/13 21:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/13 21:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2011/03/11 01:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2011/03/11 01:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011/03/11 01:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\drivers\nvstor.sys
[2011/03/11 01:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_38e464dbe521cc7f\nvstor.sys
[2011/03/11 01:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011/03/11 01:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011/03/11 01:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2009/07/13 21:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 21:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

< MD5 for: USBSTOR.SYS >
[2011/03/11 00:08:24 | 000,075,776 | ---- | M] (Microsoft Corporation) MD5=1C4287739A93594E57E2A9E6A3ED7353 -- C:\Windows\System32\drivers\USBSTOR.SYS
[2011/03/11 00:08:24 | 000,075,776 | ---- | M] (Microsoft Corporation) MD5=1C4287739A93594E57E2A9E6A3ED7353 -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_x86_neutral_9d88b35623781f49\USBSTOR.SYS
[2011/03/11 00:08:24 | 000,075,776 | ---- | M] (Microsoft Corporation) MD5=1C4287739A93594E57E2A9E6A3ED7353 -- C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.1.7600.16778_none_486a7d3bf91bd564\USBSTOR.SYS
[2011/03/10 23:48:12 | 000,076,288 | ---- | M] (Microsoft Corporation) MD5=6A3DB51D317307F3AC65CB127B9A2BEB -- C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.1.7601.21680_none_4ac7a4d10f6f3253\USBSTOR.SYS
[2009/07/13 19:51:19 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=D8889D56E0D27E57ED4591837FE71D27 -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_x86_neutral_83027f5d5b2468d3\USBSTOR.SYS
[2009/07/13 19:51:19 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=D8889D56E0D27E57ED4591837FE71D27 -- C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.1.7600.16385_none_485ca4d9f926b0b4\USBSTOR.SYS
[2011/03/11 00:14:58 | 000,075,776 | ---- | M] (Microsoft Corporation) MD5=E3D648EBD6EAAE3C1A93E640C467D625 -- C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.1.7600.20921_none_492329831217353f\USBSTOR.SYS
[2011/03/11 00:01:12 | 000,076,288 | ---- | M] (Microsoft Corporation) MD5=F991AB9CC6B908DB552166768176896A -- C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.1.7601.17577_none_4a4fd9f7f64327f9\USBSTOR.SYS

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-05-06 19:48:54

< End of report >

Tankman

Newbie Surfer
Newbie Surfer

Posts : 19
Joined : 2011-05-10
Operating System : Windows 7 x32 Bit

View user profile

Back to top Go down

Solved Re: W32.Shadesrat and other possible infection.

Post by Belahzur on Wed 11 May 2011, 1:37 am

Please post the aswmbr log as well.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Solved Re: W32.Shadesrat and other possible infection.

Post by Tankman on Wed 11 May 2011, 6:26 am

I apologize, I had forgotten.
aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-05-09 15:59:47
-----------------------------
15:59:47.508 OS Version: Windows 6.1.7600
15:59:47.508 Number of processors: 2 586 0x1706
15:59:47.509 ComputerName: JOSHUA-PC UserName: Joshua
16:00:15.371 Initialize success
16:00:42.123 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-6
16:00:42.124 Disk 0 Vendor: ST31000528AS CC38 Size: 953869MB BusType: 11
16:00:44.167 Disk 0 MBR read successfully
16:00:44.169 Disk 0 MBR scan
16:00:44.170 Disk 0 Windows 7 default MBR code
16:00:46.201 Disk 0 scanning sectors +1953521664
16:00:46.238 Disk 0 scanning C:\Windows\system32\drivers
16:01:10.011 Service scanning
16:01:19.393 Disk 0 trace - called modules:
16:01:19.405 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys
16:01:19.408 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8666c828]
16:01:19.411 3 CLASSPNP.SYS[8ce9559e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-6[0x8615a908]
16:01:19.414 Scan finished successfully
16:01:26.056 Disk 0 MBR has been saved successfully to "C:\Users\Joshua\Desktop\MBR.dat"
16:01:26.096 The log file has been saved successfully to "C:\Users\Joshua\Desktop\aswMBR.txt"



Tankman

Newbie Surfer
Newbie Surfer

Posts : 19
Joined : 2011-05-10
Operating System : Windows 7 x32 Bit

View user profile

Back to top Go down

Solved Re: W32.Shadesrat and other possible infection.

Post by Belahzur on Wed 11 May 2011, 7:06 am

Hello.

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com


Rename ComboFix.exe to commy.exe before you save it to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  • Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Solved Re: W32.Shadesrat and other possible infection.

Post by Tankman on Wed 11 May 2011, 8:04 am

Well after i disabled my norton it disconnected my internet and made my pc run really slowly. But i got your logs.
ComboFix 11-05-09.03 - Joshua 05/10/2011 16:37:20.1.2 - x86 NETWORK
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3326.2487 [GMT -4:00]
Running from: c:\users\Joshua\Desktop\commy.exe.exe
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files\INSTALL.LOG
c:\users\Joshua\AppData\Roaming\Microsoft\AdjMmsVista.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-04-10 to 2011-05-10 )))))))))))))))))))))))))))))))
.
.
2011-05-10 20:51 . 2011-05-10 20:53 -------- d-----w- c:\users\Joshua\AppData\Local\temp
2011-05-10 20:51 . 2011-05-10 20:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-08 20:58 . 2011-05-08 20:58 -------- d-----w- c:\users\Joshua\AppData\Local\Electronic Arts
2011-05-08 20:37 . 2011-05-08 20:37 -------- d-sh--w- c:\programdata\DSS
2011-05-08 20:35 . 2011-05-08 20:35 -------- d-----w- c:\windows\1C4551A64743409391E41477CD655043.TMP
2011-05-08 02:13 . 2011-05-08 02:13 -------- d-----w- c:\users\Joshua\AppData\Local\EA Games
2011-05-08 02:10 . 2011-05-08 02:10 -------- d-----w- c:\programdata\Solidshield
2011-05-08 01:46 . 2011-05-08 01:46 -------- d-----w- c:\users\Joshua\AppData\Local\{7208BC7F-77D9-4943-A5F3-A04269F2103C}
2011-05-06 20:23 . 2011-05-06 20:23 -------- d-----w- c:\users\Joshua\AppData\Local\{B1E2ED00-80C5-4055-A389-DC9A7FA69A74}
2011-05-05 21:32 . 2011-05-05 21:32 -------- d-----w- c:\windows\system32\Defaults
2011-05-05 21:26 . 2009-03-26 18:46 148480 ----a-w- c:\windows\system32\APOMngr.DLL
2011-05-05 21:26 . 2009-02-06 22:52 73728 ----a-w- c:\windows\system32\CmdRtr.DLL
2011-05-05 21:13 . 2001-09-05 07:18 225280 ------w- c:\program files\Common Files\InstallShield\IScript\iscript.dll
2011-05-05 21:13 . 2001-09-05 07:14 176128 ------w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\iuser.dll
2011-05-05 21:13 . 2001-09-05 07:13 32768 ------w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\objectps.dll
2011-05-05 21:13 . 2001-09-05 07:18 77824 ----a-w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\ctor.dll
2011-05-05 21:12 . 2006-10-06 18:17 53248 ------w- c:\windows\Ctregrun.exe
2011-05-05 21:12 . 2000-05-22 20:58 647872 ------w- c:\windows\system32\Mscomct2.ocx
2011-05-05 21:11 . 2011-05-05 21:11 -------- d-----w- c:\programdata\Creative Labs
2011-05-05 21:05 . 2011-05-05 21:05 -------- d-----w- c:\program files\Common Files\Creative
2011-05-05 21:05 . 2011-05-05 21:08 -------- d--h--w- c:\program files\Creative Installation Information
2011-05-05 20:58 . 2011-05-05 21:12 -------- d-----w- c:\programdata\Creative
2011-05-05 20:51 . 2003-06-13 03:25 7062 ----a-w- c:\windows\system32\audiopid.vxd
2011-05-05 20:50 . 2011-05-05 20:50 -------- d-----w- c:\program files\Common Files\Creative Labs Shared
2011-05-05 20:47 . 2011-05-05 21:27 -------- d-----w- c:\program files\Creative
2011-05-05 20:38 . 2003-11-10 22:14 729088 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2011-05-05 20:38 . 2003-11-10 22:13 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2011-05-05 20:38 . 2003-11-10 22:12 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2011-05-05 20:38 . 2003-11-10 22:12 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2011-05-05 20:38 . 2003-11-10 22:11 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2011-05-05 20:38 . 2003-11-10 22:10 32768 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2011-05-05 20:38 . 2011-05-05 20:38 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2011-05-05 20:38 . 2011-05-05 20:38 188548 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2011-05-02 22:29 . 2011-05-03 10:30 -------- d-----w- c:\windows\system32\drivers\NIS\1206000.01D
2011-05-01 22:06 . 2011-05-01 22:06 -------- d-----w- c:\program files\Mumble
2011-05-01 15:12 . 2011-05-03 21:24 -------- d-----w- C:\Fraps
2011-05-01 13:42 . 2011-05-04 23:16 -------- d-----w- c:\users\Joshua\AppData\Roaming\QuickScan
2011-04-30 12:46 . 2011-04-30 12:46 -------- d-----w- c:\users\Joshua\AppData\Roaming\Thunderbird
2011-04-30 12:46 . 2011-04-30 12:46 -------- d-----w- c:\users\Joshua\AppData\Local\Thunderbird
2011-04-30 12:46 . 2011-04-30 12:46 -------- d-----w- c:\program files\Mozilla Thunderbird
2011-04-30 12:42 . 2011-04-14 16:26 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-04-30 12:42 . 2011-04-14 16:25 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-04-30 12:42 . 2011-04-14 16:25 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-04-30 12:42 . 2011-04-14 16:25 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-04-30 12:42 . 2011-04-14 16:25 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-04-30 12:42 . 2011-04-14 16:25 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-04-30 12:42 . 2010-01-01 08:00 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-04-30 12:42 . 2010-01-01 08:00 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-04-26 11:43 . 2011-04-26 11:43 -------- d-----w- c:\program files\CCleaner
2011-04-25 23:03 . 2011-04-25 23:03 -------- d-----w- c:\programdata\ATI
2011-04-25 23:02 . 2011-04-25 23:02 -------- d-----w- c:\program files\AMD APP
2011-04-24 22:23 . 2011-04-24 22:24 -------- d-----w- c:\program files\iTunes
2011-04-24 22:23 . 2011-04-24 22:23 -------- d-----w- c:\program files\iPod
2011-04-24 22:20 . 2011-04-24 22:20 -------- d-----w- c:\program files\Bonjour
2011-04-24 12:40 . 2011-05-06 20:00 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2011-04-23 00:11 . 2011-04-23 00:11 -------- d-----w- C:\Sierra
2011-04-23 00:11 . 2011-04-23 00:11 -------- d-----w- c:\program files\Sierra On-Line
2011-04-21 21:00 . 2011-04-24 00:17 -------- d-----w- c:\program files\SpeedFan
2011-04-20 19:06 . 2011-04-20 19:06 -------- d-----w- c:\programdata\McAfee Security Scan
2011-04-20 19:06 . 2011-04-23 21:58 -------- d-----w- c:\program files\McAfee Security Scan
2011-04-19 21:25 . 1999-03-08 11:19 276992 ----a-w- c:\windows\system32\a3dapi.dll
2011-04-19 20:38 . 2011-04-19 20:38 -------- d-----w- c:\program files\Sierra
2011-04-19 16:09 . 2011-04-19 16:09 -------- d-----w- c:\windows\system32\%LOCALAPPDATA%
2011-04-18 15:13 . 2011-04-18 15:13 -------- d-----w- c:\program files\Sony
2011-04-18 13:38 . 2011-04-18 13:40 -------- d-----w- c:\windows\system32\Adobe
2011-04-18 13:31 . 2011-04-18 13:31 -------- d-----w- c:\users\Joshua\AppData\Local\{2486393B-829A-4154-AB0E-2984E66B39A8}
2011-04-17 15:24 . 2011-04-17 15:24 -------- d-----w- c:\users\Joshua\AppData\Local\{855E9C59-7F37-404A-B573-F45E1A79DF1C}
2011-04-16 22:51 . 2011-04-16 22:51 -------- d-----w- c:\users\Joshua\AppData\Local\{94D7BE5D-A2FB-4F89-9C6B-9AAD723FC717}
2011-04-14 07:39 . 2011-04-14 07:39 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-04-14 07:39 . 2011-04-14 07:39 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2011-04-13 23:39 . 2011-04-13 23:39 -------- d-sh--w- c:\programdata\SecuROM
2011-04-12 20:16 . 2011-04-12 20:16 -------- d-----w- c:\program files\Microsoft XNA
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-09 23:10 . 2010-08-05 21:27 138440 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-05-09 23:10 . 2010-08-05 21:41 270856 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-05-09 23:10 . 2010-08-05 21:27 270856 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-05-08 23:34 . 2010-08-05 21:27 270856 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-05-08 21:33 . 2010-08-05 21:27 138056 ----a-w- c:\users\Joshua\AppData\Roaming\PnkBstrK.sys
2011-05-08 20:09 . 2010-10-05 00:42 2601752 ----a-w- c:\windows\system32\pbsvc_moh.exe
2011-05-05 21:26 . 2010-08-03 00:44 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2011-05-05 21:26 . 2010-08-03 00:44 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2011-05-02 22:30 . 2010-08-03 01:19 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-04-09 22:55 . 2011-04-09 22:55 15453336 ----a-w- c:\windows\system32\xlive.dll
2011-04-09 22:55 . 2011-04-09 22:55 13642904 ----a-w- c:\windows\system32\xlivefnt.dll
2011-04-06 20:20 . 2011-04-06 20:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 20:20 . 2011-04-06 20:20 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 20:20 . 2011-04-06 20:20 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 20:20 . 2011-04-06 20:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-03-31 03:04 . 2011-02-25 00:29 35960 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2011-03-21 23:56 . 2011-03-21 23:56 59904 ----a-w- c:\windows\system32\OVDecode.dll
2011-03-21 23:55 . 2011-03-21 23:55 12385792 ----a-w- c:\windows\system32\amdocl.dll
2011-03-16 22:16 . 2010-06-24 15:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-09 09:21 . 2011-03-09 09:21 7723008 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-03-09 05:19 . 2011-03-09 05:19 17397248 ----a-w- c:\windows\system32\atioglxx.dll
2011-03-09 04:57 . 2011-03-09 04:57 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2011-03-09 04:56 . 2010-07-07 01:54 679424 ----a-w- c:\windows\system32\aticfx32.dll
2011-03-09 04:53 . 2011-03-09 04:53 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-03-09 04:53 . 2011-03-09 04:53 393216 ----a-w- c:\windows\system32\atieclxx.exe
2011-03-09 04:52 . 2011-03-09 04:52 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2011-03-09 04:51 . 2011-03-09 04:51 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2011-03-09 04:51 . 2011-03-09 04:51 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2011-03-09 04:51 . 2011-03-09 04:51 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2011-03-09 04:51 . 2011-03-09 04:51 15872 ----a-w- c:\windows\system32\atimuixx.dll
2011-03-09 04:51 . 2011-03-09 04:51 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-03-09 04:48 . 2010-07-07 01:46 4277760 ----a-w- c:\windows\system32\atidxx32.dll
2011-03-09 04:34 . 2011-03-09 04:34 46080 ----a-w- c:\windows\system32\aticalrt.dll
2011-03-09 04:34 . 2011-03-09 04:34 44032 ----a-w- c:\windows\system32\aticalcl.dll
2011-03-09 04:32 . 2011-03-09 04:32 5618688 ----a-w- c:\windows\system32\aticaldd.dll
2011-03-09 04:30 . 2010-07-07 01:28 4294656 ----a-w- c:\windows\system32\atiumdag.dll
2011-03-09 04:18 . 2011-03-09 04:18 258048 ----a-w- c:\windows\system32\atiadlxx.dll
2011-03-09 04:17 . 2011-03-09 04:17 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2011-03-09 04:17 . 2011-03-09 04:17 32768 ----a-w- c:\windows\system32\atigktxx.dll
2011-03-09 04:17 . 2011-03-09 04:17 239616 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-03-09 04:17 . 2010-07-07 01:14 31232 ----a-w- c:\windows\system32\atiuxpag.dll
2011-03-09 04:16 . 2010-07-07 01:14 28672 ----a-w- c:\windows\system32\atiu9pag.dll
2011-03-09 04:16 . 2011-03-09 04:16 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-03-09 04:11 . 2010-07-07 01:24 52736 ----a-w- c:\windows\system32\coinst.dll
2011-03-09 03:42 . 2011-03-09 03:42 1912832 ----a-w- c:\windows\system32\atiumdmv.dll
2011-03-09 03:34 . 2010-07-07 01:23 3471872 ----a-w- c:\windows\system32\atiumdva.dll
2011-03-09 03:18 . 2011-03-09 03:18 52736 ----a-w- c:\windows\system32\atimpc32.dll
2011-03-09 03:18 . 2011-03-09 03:18 52736 ----a-w- c:\windows\system32\amdpcom32.dll
2011-02-19 05:33 . 2011-03-09 20:46 802304 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 05:32 . 2011-03-09 20:46 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 05:32 . 2011-03-09 20:46 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-02-18 21:36 . 2011-02-18 21:36 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-02-18 21:36 . 2011-02-18 21:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-11 06:54 . 2011-02-25 12:58 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{109834D1-1624-4836-8ECF-9C4BDEB36F17}\mpengine.dll
2011-04-14 16:26 . 2011-04-30 12:42 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"CreativeTaskScheduler"="c:\program files\Creative\Shared Files\CTSched.exe" [2006-11-17 53341]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SaiVolume"="c:\program files\Saitek\CyborgKeyboard\SaiVolume.exe" [2008-01-18 126976]
"ProfilerU"="c:\program files\Saitek\SD6\Software\ProfilerU.exe" [2008-01-18 233472]
"SaiMfd"="c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2008-01-18 131072]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-04-09 19968]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-11 67488]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-09 336384]
"CTHelper"="CTHELPER.EXE" [2010-03-18 19456]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110430.001\BHDrvx86.sys [2011-04-15 802936]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110506.001\IDSvix86.sys [2011-03-14 353912]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1206000.01D\Ironx86.SYS [2011-01-27 136312]
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NIS\1206000.01D\SYMNETS.SYS [2011-03-22 296568]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-03-09 176128]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-03 136176]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe [2011-04-17 130008]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-03-09 7723008]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-03-09 239616]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-11-17 101392]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\System32\drivers\COMMONFX.SYS [2010-03-19 99416]
R3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.SYS [2010-03-19 99416]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-05-05 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-05-05 79360]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\System32\drivers\CTAUDFX.SYS [2010-03-19 555096]
R3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.SYS [2010-03-19 555096]
R3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\System32\drivers\CTERFXFX.SYS [2010-03-19 100952]
R3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.SYS [2010-03-19 100952]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\System32\drivers\CTSBLFX.SYS [2010-03-19 566360]
R3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.SYS [2010-03-19 566360]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-05-10 105592]
R3 gpcmcia;gpcmcia;c:\users\Joshua\AppData\Local\Temp\gpcmcia.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-03 136176]
R3 jatmlano;jatmlano;c:\users\Joshua\AppData\Local\Temp\jatmlano.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 SaiHFFB5;SaiHFFB5;c:\windows\system32\DRIVERS\SaiHFFB5.sys [2008-04-04 136832]
R3 SaiIFFB5;Immersion's HID USB Driver (FFB5);c:\windows\system32\DRIVERS\SaiIFFB5.sys [2008-04-04 16384]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2010-07-01 34896]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\DRIVERS\vcsvad.sys [2008-12-26 17792]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-03 1343400]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1206000.01D\SYMDS.SYS [2011-01-27 340088]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1206000.01D\SYMEFA.SYS [2011-03-15 744568]
S3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2007-08-02 22784]
S3 SaiK0728;SaiK0728;c:\windows\system32\DRIVERS\SaiK0728.sys [2008-01-21 104960]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-09 c:\windows\Tasks\Crysis Wars(R) Updates.job
- c:\windows\Installer\Crysis Wars(R) Updates for All Users.lnk [2010-08-07 21:40]
.
2011-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-03 02:53]
.
2011-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-03 02:53]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Joshua\AppData\Roaming\Mozilla\Firefox\Profiles\lii1xsux.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{9565115d-c7d6-46d3-bd63-b67b481a4368} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{9565115D-C7D6-46D3-BD63-B67B481A4368} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
HKLM-RunOnce- - (no file)
Notify-WBSrv - (no file)
AddRemove-{C8C8387B-A98B-44E8-807A-1A9B7F51FFDA} - c:\users\Joshua\AppData\Local\{784E3329-1B2A-421E-9427-596088B766F6}\setup_blazemp.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3284630030-790311955-1874459609-1000\Software\SecuROM\License information*]
"datasecu"=hex:d6,4b,d5,df,ab,0e,cf,79,99,ed,89,d9,8e,d3,50,d9,87,71,50,70,65,
f4,1e,48,6f,61,54,f8,49,2f,57,84,0a,c4,5b,ab,51,a9,0c,51,e8,73,6f,fe,4a,7d,\
"rkeysecu"=hex:77,ff,ad,c3,50,b2,20,09,df,18,ed,e2,d5,f6,58,d1
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-05-10 16:54:29
ComboFix-quarantined-files.txt 2011-05-10 20:54
.
Pre-Run: 646,558,392,320 bytes free
Post-Run: 657,192,177,664 bytes free
.
- - End Of File - - 6A285B5D50B5E96C18C8175487DB51CA

Tankman

Newbie Surfer
Newbie Surfer

Posts : 19
Joined : 2011-05-10
Operating System : Windows 7 x32 Bit

View user profile

Back to top Go down

Solved Re: W32.Shadesrat and other possible infection.

Post by Tankman on Wed 11 May 2011, 8:21 am

Im afraid that AdjMmsVista.dll is a keystealer. should i go and change my passwords?

Tankman

Newbie Surfer
Newbie Surfer

Posts : 19
Joined : 2011-05-10
Operating System : Windows 7 x32 Bit

View user profile

Back to top Go down

Solved Re: W32.Shadesrat and other possible infection.

Post by Belahzur on Wed 11 May 2011, 8:43 am

It's not, your fine.

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Solved Re: W32.Shadesrat and other possible infection.

Post by Tankman on Wed 11 May 2011, 10:41 am

Sorry for the 2 hour wait -_- its at 99% so any minute now. Anyways for that Vista.dll thing, Ive heard its supposed to be in system32, this one was in appdata. Fake?

Tankman

Newbie Surfer
Newbie Surfer

Posts : 19
Joined : 2011-05-10
Operating System : Windows 7 x32 Bit

View user profile

Back to top Go down

Solved Re: W32.Shadesrat and other possible infection.

Post by Tankman on Wed 11 May 2011, 10:50 am

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=2d974d8b1f701844862e11aef6304ccc
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-05-10 11:48:02
# local_time=2011-05-10 07:48:02 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=3584 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776574 100 94 5507359 56608861 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=415218
# found=0
# cleaned=0
# scan_time=7211

Tankman

Newbie Surfer
Newbie Surfer

Posts : 19
Joined : 2011-05-10
Operating System : Windows 7 x32 Bit

View user profile

Back to top Go down

Solved Re: W32.Shadesrat and other possible infection.

Post by Belahzur on Wed 11 May 2011, 10:53 am

That's fine, hows the machine running now?


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Solved Re: W32.Shadesrat and other possible infection.

Post by Tankman on Wed 11 May 2011, 11:08 am

The machine is running fine as it was before and during the problem believe it or not. The virus(s) haven't affected the speed but more on the data damage side. They sabotaged 24 applications and made fake icons and im the process of reconstruction. The reason im paranoid about a keylogger is because ive had one before and it hijacked my paypal and took out 231 dollars. Not cool Im not sure theres any other way to find out if i have something or not. What im worried the most about right now is GGG.exe No virus scanners have found it yet and its the one responsible for the fake icons. I found this out by looking at the properties of the file and tracing it back by searching ggg.exe on my pc. One of my friends has had this before and he says it goes by the name of Bitfrost are there any symptoms i should be looking for?

=EDIT=
I started my pc up this morning and it took forever on the win7 welcome screen. When it got to the desktop, it took dwm.exe FOREVER to start.

Tankman

Newbie Surfer
Newbie Surfer

Posts : 19
Joined : 2011-05-10
Operating System : Windows 7 x32 Bit

View user profile

Back to top Go down

Solved Re: W32.Shadesrat and other possible infection.

Post by Tankman on Wed 11 May 2011, 10:41 pm

Im now thinking about reformatting the drive
It may take a while but it might be the only way to be sure i dont have anything else. Suggestions?

Tankman

Newbie Surfer
Newbie Surfer

Posts : 19
Joined : 2011-05-10
Operating System : Windows 7 x32 Bit

View user profile

Back to top Go down

Solved Re: W32.Shadesrat and other possible infection.

Post by Belahzur on Thu 12 May 2011, 1:26 am

You can delete any fake icons made by the malware.

Yes that file was a fake in the wrong place. The slowness on startup could be because of the amount of startup items loading, we can stop them however.

Delete ggg.exe, it sounds like it's probably malware.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Solved Re: W32.Shadesrat and other possible infection.

Post by Tankman on Thu 12 May 2011, 6:47 am

Oh i fixed the startup issue, it was my Camcorder being plugged in XD.
About the fake file, its in quarantine, should i remove it?
Im not going to reformat so thats good.
And about ggg.exe. I cant find it tips?

Tankman

Newbie Surfer
Newbie Surfer

Posts : 19
Joined : 2011-05-10
Operating System : Windows 7 x32 Bit

View user profile

Back to top Go down

Solved Re: W32.Shadesrat and other possible infection.

Post by Belahzur on Thu 12 May 2011, 8:35 am

You can delete the quarantine if you want to, it's dead so it can't harm your PC anymore.

If you can't find it, then it should be gone.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Solved Re: W32.Shadesrat and other possible infection.

Post by Tankman on Thu 12 May 2011, 10:55 am

Ok thanks so much for all your help man! It was a real scare there so i appreciate your help! Thank you!

Tankman

Newbie Surfer
Newbie Surfer

Posts : 19
Joined : 2011-05-10
Operating System : Windows 7 x32 Bit

View user profile

Back to top Go down

Solved Re: W32.Shadesrat and other possible infection.

Post by Sponsored content Today at 7:58 pm


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum