Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Rootkit removed by TDSSKiller, but problems persist & Anti-Virus/M


  • This topic is locked This topic is locked

#1
Dom Fontana

Dom Fontana

    Member

  • Member
  • PipPipPip
  • 170 posts
Hello.

Background: I had a Rootkit virus and I removed it with TDSSKiller. I'm not certain, but I may have gotten the Rootkit from a torrent. TDSSKiller now shows a clean scan, but many problems persist. The first problem is that I always get redirects from the Yahoo search engine. Then, I hear the hard drive running furiously in the background, even when I'm not running any programs. When I try to multitask, that's when I have real problems. Everything comes to a standstill and I get messages such as, Internet Explorer has stopped responding and Windows Explorer has stopped responding. Then Task Manager won't start, and then the computer usually hangs and I have to reboot with the power button.

What I Tried: I was using MS Security Essentials and SuperAntiSpyware, but they found nothing. Then I downloaded Avast Free AntiVirus and when I tried a scan, it stopped at 7% and the computer froze. I tried twice and the same thing happened. There was a message that some files could not be scanned (sorry, but I don't remember the names of the files). Then there was an alert from the Windows Action Center that said, someone has plugged something into an Audio Port, which of course I did not do. Then I came here and tried the Malware removal suggestions in the tutorial. I was not able to download the first 2 programs it suggested, but I was able to download VipreRescue. I ran that twice and both times it couldn't finish the scan and froze the computer. Then I downloaded Malwarebytes Anti-Malware and tried to scan twice and both times that couldn't finish the scan and hung the computer. I don't remember the exact name of the file it hung on, but it was something like: c:\\windows\system32\install.??? I also wanted to try all the scans in Safe Mode, but now I cannot even boot into Safe Mode. Also, Windows Update no longer works and all my Restore points were deleted. Finally, I read a similar topic here and EssexBoy suggested using Kaspersky Virus Removal Tool, so I downloaded that. I started the scan and the estimated time was 9 Hours, so I cancelled it. If needed, I will run that, but I figured I would leave this message first to see if that scan is necessary.

Note that I do have Internet access from the infected computer. I am using Windows 7 Ultimate (32-bit) and Internet Explorer 8.

I know this is a long message, but I wanted to be thorough. Any help in getting rid of this Virus/Malware would be very much appreciated. I know you are all volunteers, but I tried my best to fix it on my own and couldn't do it. Thanks.

I did an OTL scan and pasted the log file below:


OTL logfile created on: 11/16/2011 5:37:41 AM - Run 3
OTL by OldTimer - Version 3.2.27.0 Folder = E:\Geeks To Go\OTL
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.44 Gb Total Physical Memory | 2.34 Gb Available Physical Memory | 68.16% Memory free
6.87 Gb Paging File | 5.70 Gb Available in Paging File | 82.93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 45.20 Gb Total Space | 13.74 Gb Free Space | 30.39% Space Free | Partition Type: NTFS
Drive D: | 243.87 Gb Total Space | 29.46 Gb Free Space | 12.08% Space Free | Partition Type: NTFS
Drive E: | 176.69 Gb Total Space | 54.53 Gb Free Space | 30.86% Space Free | Partition Type: NTFS

Computer Name: FONTANA-PC | User Name: Fontana | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/13 13:01:15 | 004,617,600 | ---- | M] (SUPERAntiSpyware.com) -- D:\Programs\SuperAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2011/09/06 16:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- D:\Programs\Avast Anti Virus\AvastUI.exe
PRC - [2011/09/06 16:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- D:\Programs\Avast Anti Virus\AvastSvc.exe
PRC - [2011/09/04 04:31:29 | 000,581,120 | ---- | M] (OldTimer Tools) -- E:\Geeks To Go\OTL\OTL.exe
PRC - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- D:\Programs\SuperAntiSpyware\SASCore.exe
PRC - [2011/08/09 16:38:38 | 000,328,536 | ---- | M] (IObit) -- D:\Programs\Advanced SystemCare 4\ASCService.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/13 05:29:06 | 000,840,000 | ---- | M] (DT Soft Ltd) -- D:\Programs\Daemon Tools Pro\DTAgent.exe
PRC - [2009/09/25 23:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/09/25 23:31:32 | 000,185,640 | ---- | M] (Seagate LLC) -- C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
PRC - [2009/08/28 00:40:50 | 000,606,208 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
PRC - [2009/07/13 20:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2008/11/02 03:38:58 | 000,167,936 | ---- | M] (PowerISO Computing, Inc.) -- D:\Programs\PowerISO\PWRISOVM.EXE
PRC - [2008/01/17 07:22:20 | 004,907,008 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/16 05:31:46 | 000,063,488 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2011/11/16 05:31:46 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2011/11/13 11:45:50 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2011/11/13 11:45:50 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2011/08/09 16:43:20 | 000,130,904 | ---- | M] () -- D:\Programs\Advanced SystemCare 4\ASCv4ExtMenu.dll
MOD - [2009/08/28 00:40:50 | 000,606,208 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
MOD - [2009/07/13 20:08:49 | 000,053,248 | ---- | M] () -- C:\Windows\System32\NlsLeexicons0027.dll
MOD - [2005/10/07 15:05:32 | 000,125,440 | ---- | M] () -- D:\Programs\WinRAR\RarExt.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/09/06 16:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- D:\Programs\Avast Anti Virus\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- D:\Programs\SuperAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/08/09 16:38:38 | 000,328,536 | ---- | M] (IObit) [Auto | Running] -- D:\Programs\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/09/25 23:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)
SRV - [2007/05/31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV - [2011/11/15 09:53:00 | 000,443,448 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2011/11/15 00:19:54 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/09/06 16:38:05 | 000,442,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/09/06 16:37:53 | 000,320,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/09/06 16:36:38 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/09/06 16:36:36 | 000,052,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/09/06 16:36:26 | 000,054,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/09/06 16:36:12 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- D:\Programs\SuperAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- D:\Programs\SuperAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/11/09 13:56:12 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2010/08/12 12:07:48 | 000,298,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET)
DRV - [2010/07/10 05:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/07/13 20:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 20:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 20:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 18:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 18:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 17:13:47 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2009/07/13 17:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009/04/22 14:32:20 | 000,042,552 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2009/02/25 20:22:12 | 000,009,728 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv)
DRV - [2009/02/25 20:22:12 | 000,003,072 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2008/11/02 03:44:10 | 000,056,572 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2008/03/19 07:10:54 | 000,310,016 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MRVW24B.sys -- (MRV6X32U) Marvell TOPDOG 802.11n WLAN Driver for Vista x86 (USB8x)
DRV - [2007/08/12 21:48:45 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-418509072-27328980-3931585012-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://us.mg5.mail.y....com/neo/launch
IE - HKU\S-1-5-21-418509072-27328980-3931585012-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-418509072-27328980-3931585012-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-418509072-27328980-3931585012-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B0 8D 63 5C 2D A2 CC 01 [binary data]
IE - HKU\S-1-5-21-418509072-27328980-3931585012-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: D:\Programs\Avast Anti Virus\WebRep\FF [2011/11/15 10:33:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: D:\Programs\Firefox\components [2011/11/14 10:00:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: D:\Programs\Firefox\plugins [2011/11/14 10:39:52 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/11/15 10:09:57 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {204561F5-5AFA-0956-40CC-7C8320BD642F} - C:\Windows\System32\mstscaax.dll (Microsoft Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Programs\Avast Anti Virus\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Programs\Avast Anti Virus\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] D:\Programs\Adobe Reader\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast] D:\Programs\Avast Anti Virus\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] D:\Programs\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKU\S-1-5-21-418509072-27328980-3931585012-1000..\Run: [DAEMON Tools Pro Agent] D:\Programs\Daemon Tools Pro\DTAgent.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-418509072-27328980-3931585012-1000..\Run: [SUPERAntiSpyware] D:\Programs\SuperAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-418509072-27328980-3931585012-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - D:\Programs\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programs\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B86D9E0A-501F-4BE3-80D5-A10CFDABD981}: DhcpNameServer = 209.18.47.61 209.18.47.62
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - D:\Programs\SuperAntiSpyware\SASWINLO.DLL - D:\Programs\SuperAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - D:\Programs\SuperAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/05/03 08:38:31 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/10/18 20:32:16 | 000,200,524 | ---- | M] () - D:\AUTO.pat -- [ NTFS ]
O32 - AutoRun File - [2010/10/18 20:32:16 | 000,019,488 | ---- | M] () - D:\AUTO.pst -- [ NTFS ]
O32 - AutoRun File - [2009/04/25 07:05:20 | 000,000,000 | R--D | M] - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/03/23 08:54:29 | 000,000,000 | R--D | M] - E:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/16 05:17:58 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/11/16 05:17:49 | 000,000,000 | ---D | C] -- C:\Users\Fontana\AppData\Roaming\Malwarebytes
[2011/11/16 05:17:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/16 05:17:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/16 05:17:38 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/11/16 00:08:35 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011/11/16 00:08:35 | 000,027,984 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\sbbd.exe
[2011/11/16 00:08:26 | 000,000,000 | ---D | C] -- C:\VIPRERESCUE
[2011/11/15 10:34:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/11/15 10:34:55 | 000,320,856 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/11/15 10:34:55 | 000,020,568 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/11/15 10:34:36 | 000,034,392 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/11/15 10:34:30 | 000,052,568 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/11/15 10:34:26 | 000,442,200 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/11/15 10:34:24 | 000,054,616 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/11/15 10:26:29 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/11/15 10:26:28 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/11/15 10:26:20 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/11/15 09:24:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011/11/15 07:57:17 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/11/15 07:56:42 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/11/15 00:36:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 4
[2011/11/15 00:33:25 | 000,000,000 | ---D | C] -- C:\Users\Fontana\AppData\Roaming\IObit
[2011/11/15 00:29:51 | 000,000,000 | ---D | C] -- C:\Users\Fontana\AppData\Roaming\Jasc
[2011/11/15 00:06:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2011/11/14 15:27:24 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2011/11/14 13:15:29 | 000,000,000 | ---D | C] -- C:\Users\Fontana\AppData\Roaming\Fanda Games
[2011/11/14 13:00:20 | 000,000,000 | ---D | C] -- C:\Windows\System32\3019
[2011/11/14 12:47:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
[2011/11/14 12:41:08 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield
[2011/11/14 12:40:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jasc Software
[2011/11/14 12:40:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Jasc Software Inc
[2011/11/14 12:40:37 | 000,000,000 | ---D | C] -- C:\Users\Fontana\AppData\Roaming\Jasc Software Inc
[2011/11/14 12:32:17 | 000,000,000 | ---D | C] -- C:\Users\Fontana\AppData\Roaming\Azureus
[2011/11/14 12:30:37 | 000,000,000 | ---D | C] -- C:\Users\Fontana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FrostWire 5
[2011/11/14 11:57:51 | 000,000,000 | ---D | C] -- C:\Windows\WindowsMobile
[2011/11/14 11:40:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
[2011/11/14 11:36:45 | 000,000,000 | ---D | C] -- C:\Users\Fontana\AppData\Local\Downloaded Installations
[2011/11/14 11:32:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Seagate
[2011/11/14 11:32:45 | 000,000,000 | ---D | C] -- C:\Program Files\Seagate
[2011/11/14 10:41:01 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/11/14 10:38:48 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/11/14 10:02:40 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2011/11/14 10:02:27 | 000,000,000 | -HSD | C] -- C:\Windows\ftpcache
[2011/11/14 10:00:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
[2011/11/14 09:54:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easeus Partition Master
[2011/11/14 09:52:32 | 000,000,000 | ---D | C] -- C:\Users\Fontana\AppData\Roaming\biu software
[2011/11/14 09:51:19 | 000,000,000 | ---D | C] -- C:\Users\Fontana\Documents\My Drivers
[2011/11/14 09:51:19 | 000,000,000 | ---D | C] -- C:\Users\Fontana\AppData\Local\Innovative Solutions
[2011/11/14 09:51:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Innovative Solutions
[2011/11/14 09:51:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverMax
[2011/11/14 09:49:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Disk Heal
[2011/11/14 09:49:28 | 000,000,000 | ---D | C] -- C:\Users\Fontana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Disk Heal
[2011/11/14 09:34:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Pro
[2011/11/14 09:13:33 | 000,000,000 | ---D | C] -- C:\Users\Fontana\AppData\Roaming\DAEMON Tools Pro
[2011/11/14 09:13:33 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Pro
[2011/11/14 09:11:44 | 000,000,000 | ---D | C] -- C:\Users\Fontana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/11/14 07:08:40 | 000,000,000 | ---D | C] -- C:\Users\Fontana\AppData\Roaming\AnvSoft
[2011/11/14 07:08:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnvSoft
[2011/11/14 06:53:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CASIO
[2011/11/14 06:52:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2011/11/14 06:52:10 | 000,000,000 | ---D | C] -- C:\Users\Fontana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/11/14 06:52:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/11/14 06:47:50 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/11/14 06:42:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung CLP-310 Series
[2011/11/14 06:42:44 | 000,000,000 | ---D | C] -- C:\Program Files\SamsungPrinterLiveUpdate
[2011/11/14 06:42:41 | 000,000,000 | ---D | C] -- C:\Windows\Samsung
[2011/11/14 06:41:38 | 000,081,920 | ---- | C] (Samsung Electronics) -- C:\Windows\System32\ssdevm.dll
[2011/11/14 06:41:38 | 000,049,152 | ---- | C] (Samsung Electronics) -- C:\Windows\System32\ssusbpn.dll
[2011/11/14 06:40:34 | 000,151,552 | ---- | C] (SS) -- C:\Windows\System32\cl31cci.exe
[2011/11/14 06:40:34 | 000,065,536 | ---- | C] (SS) -- C:\Windows\System32\cl31cci.dll
[2011/11/14 06:39:42 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung
[2011/11/14 06:30:48 | 000,000,000 | ---D | C] -- C:\Users\Fontana\AppData\Local\AOL
[2011/11/14 06:30:48 | 000,000,000 | ---D | C] -- C:\Users\Fontana\AppData\Local\AIM
[2011/11/14 06:30:48 | 000,000,000 | ---D | C] -- C:\Users\Fontana\AppData\Roaming\acccore
[2011/11/14 06:30:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD
[2011/11/14 06:28:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2011/11/14 06:27:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIM
[2011/11/14 06:27:32 | 000,000,000 | ---D | C] -- C:\ProgramData\AIM
[2011/11/14 06:27:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2011/11/14 06:27:28 | 000,000,000 | ---D | C] -- C:\Program Files\AIM
[2011/11/14 06:27:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AOL
[2011/11/14 06:11:32 | 000,000,000 | ---D | C] -- C:\Users\Fontana\AppData\Local\Adobe
[2011/11/14 06:10:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2011/11/14 06:10:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/11/14 06:00:13 | 000,000,000 | ---D | C] -- C:\Users\Fontana\AppData\Roaming\BitTorrent
[2011/11/14 05:59:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitTorrent
[2011/11/14 05:44:13 | 000,000,000 | ---D | C] -- C:\Users\Fontana\AppData\Roaming\Macromedia
[2011/11/14 05:44:13 | 000,000,000 | ---D | C] -- C:\Users\Fontana\AppData\Roaming\Adobe
[2011/11/14 05:44:07 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2011/11/13 14:15:49 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2011/11/13 14:13:38 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2011/11/13 14:11:57 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2011/11/13 14:11:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/11/13 14:10:47 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2011/11/13 14:10:47 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2011/11/13 14:10:47 | 000,000,000 | ---D | C] -- C:\Program Files\Lame For Audacity
[2011/11/13 14:10:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/11/13 14:05:24 | 000,000,000 | ---D | C] -- C:\Windows.old
[2011/11/13 14:00:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Keyboard
[2011/11/13 14:00:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliType Pro
[2011/11/13 13:58:23 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2011/11/13 13:43:27 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2011/11/13 13:43:23 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2011/11/13 13:27:18 | 000,000,000 | ---D | C] -- C:\Windows\System32\RTCOM
[2011/11/13 13:25:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2011/11/13 13:25:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync
[2011/11/13 13:25:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2011/11/13 13:24:39 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2011/11/13 13:24:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2011/11/13 13:05:06 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\LogiShrd
[2011/11/13 13:03:06 | 000,000,000 | R--D | C] -- C:\Users\Fontana\Links
[2011/11/13 13:03:06 | 000,000,000 | ---D | C] -- C:\Users\Fontana\FrostWire
[2011/11/13 13:02:56 | 000,000,000 | R--D | C] -- C:\Users\Fontana\Searches
[2011/11/13 13:02:56 | 000,000,000 | R--D | C] -- C:\Users\Fontana\Favorites
[2011/11/13 13:02:56 | 000,000,000 | R--D | C] -- C:\Users\Fontana\Downloads
[2011/11/13 13:02:56 | 000,000,000 | R--D | C] -- C:\Users\Fontana\Desktop
[2011/11/13 13:02:56 | 000,000,000 | R--D | C] -- C:\Users\Fontana\Contacts
[2011/11/13 13:02:56 | 000,000,000 | ---D | C] -- C:\Users\Fontana\Desktop\Games
[2011/11/13 13:02:56 | 000,000,000 | ---D | C] -- C:\Users\Fontana\.frostwire5
[2011/11/13 13:02:55 | 000,000,000 | R--D | C] -- C:\Users\Fontana\Saved Games
[2011/11/13 13:02:54 | 000,000,000 | --SD | C] -- C:\Users\Fontana\Documents\Passwords Database
[2011/11/13 13:02:54 | 000,000,000 | R--D | C] -- C:\Users\Fontana\Videos
[2011/11/13 13:02:54 | 000,000,000 | R--D | C] -- C:\Users\Fontana\Pictures
[2011/11/13 13:02:54 | 000,000,000 | R--D | C] -- C:\Users\Fontana\Music
[2011/11/13 13:02:54 | 000,000,000 | ---D | C] -- C:\Users\Fontana\Documents\Shadow at the Water's Edge
[2011/11/13 13:02:54 | 000,000,000 | ---D | C] -- C:\Users\Fontana\Documents\My Widgets
[2011/11/13 13:02:54 | 000,000,000 | ---D | C] -- C:\Users\Fontana\Documents\My PSP Files
[2011/11/13 13:02:54 | 000,000,000 | ---D | C] -- C:\Users\Fontana\Documents\My Games
[2011/11/13 13:02:53 | 000,000,000 | ---D | C] -- C:\Users\Fontana\Documents\Microsoft Hardware
[2011/11/13 13:02:53 | 000,000,000 | ---D | C] -- C:\Users\Fontana\Documents\Jade Rousseau S01E01
[2011/11/13 13:02:53 | 000,000,000 | ---D | C] -- C:\Users\Fontana\Documents\Green Gamer
[2011/11/13 13:02:53 | 000,000,000 | ---D | C] -- C:\Users\Fontana\Documents\Games for Windows - LIVE Demos
[2011/11/13 13:02:53 | 000,000,000 | ---D | C] -- C:\Users\Fontana\Documents\FrostWire
[2011/11/13 13:02:51 | 000,000,000 | ---D | C] -- C:\Users\Fontana\Documents\EA Games
[2011/11/13 13:02:51 | 000,000,000 | ---D | C] -- C:\Users\Fontana\Documents\DVDVideoSoft
[2011/11/13 13:02:51 | 000,000,000 | ---D | C] -- C:\Users\Fontana\Documents\DonationCoder
[2011/11/13 13:02:49 | 000,000,000 | ---D | C] -- C:\Users\Fontana\Documents\Documents on Fontana's Axim X51v
[2011/11/13 13:02:49 | 000,000,000 | ---D | C] -- C:\Users\Fontana\Documents\Disk Doctor
[2011/11/13 13:02:49 | 000,000,000 | ---D | C] -- C:\Users\Fontana\Documents\CoM
[2011/11/13 13:02:49 | 000,000,000 | ---D | C] -- C:\Users\Fontana\Documents\Chronicles of Mystery - The Tree of Life
[2011/11/13 13:02:49 | 000,000,000 | ---D | C] -- C:\Users\Fontana\Documents\Art of Murder - The Secret Files
[2011/11/13 13:02:49 | 000,000,000 | ---D | C] -- C:\Users\Fontana\Documents\Art of Murder - Deadly Secrets
[2011/11/13 13:02:49 | 000,000,000 | ---D | C] -- C:\Users\Fontana\Documents\Any Video Converter
[2011/11/13 13:02:49 | 000,000,000 | ---D | C] -- C:\Users\Fontana\Documents\Any Audio Converter
[2011/11/13 13:02:49 | 000,000,000 | ---D | C] -- C:\Users\Fontana\Documents\Anno 1404
[2011/11/13 13:02:47 | 000,000,000 | ---D | C] -- C:\Users\Fontana\Documents\Amnesia
[2011/11/13 13:02:47 | 000,000,000 | ---D | C] -- C:\Users\Fontana\Documents\AIMLogger
[2011/11/13 13:02:46 | 000,000,000 | R--D | C] -- C:\Users\Fontana\Documents
[2011/11/13 11:48:46 | 000,308,096 | ---- | C] (Marvell Semiconductor, Inc) -- C:\Windows\System32\drivers\WUSB300N.sys
[2011/11/13 11:48:46 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2011/11/13 11:48:45 | 000,000,000 | ---D | C] -- C:\Users\Fontana\AppData\Roaming\InstallShield
[2011/11/13 11:45:45 | 000,000,000 | ---D | C] -- C:\Users\Fontana\AppData\Roaming\SUPERAntiSpyware.com
[2011/11/13 11:45:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/11/13 11:45:27 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/11/13 11:42:45 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2011/11/13 11:42:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/11/13 11:28:32 | 000,000,000 | R--D | C] -- C:\Users\Fontana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/11/13 11:28:32 | 000,000,000 | R--D | C] -- C:\Users\Fontana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/11/13 11:28:32 | 000,000,000 | -H-D | C] -- C:\Users\Fontana\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2011/11/13 11:28:23 | 000,000,000 | ---D | C] -- C:\Users\Fontana\AppData\Roaming\Identities
[2011/11/13 11:28:16 | 000,000,000 | ---D | C] -- C:\Users\Fontana\AppData\Local\VirtualStore
[2011/11/13 11:28:13 | 000,000,000 | --SD | C] -- C:\Users\Fontana\AppData\Roaming\Microsoft
[2011/11/13 11:28:13 | 000,000,000 | R--D | C] -- C:\Users\Fontana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/11/13 11:28:13 | 000,000,000 | R--D | C] -- C:\Users\Fontana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/11/13 11:28:13 | 000,000,000 | -HSD | C] -- C:\Users\Fontana\AppData\Local\Temporary Internet Files
[2011/11/13 11:28:13 | 000,000,000 | -HSD | C] -- C:\Users\Fontana\Templates
[2011/11/13 11:28:13 | 000,000,000 | -HSD | C] -- C:\Users\Fontana\Start Menu
[2011/11/13 11:28:13 | 000,000,000 | -HSD | C] -- C:\Users\Fontana\SendTo
[2011/11/13 11:28:13 | 000,000,000 | -HSD | C] -- C:\Users\Fontana\Recent
[2011/11/13 11:28:13 | 000,000,000 | -HSD | C] -- C:\Users\Fontana\PrintHood
[2011/11/13 11:28:13 | 000,000,000 | -HSD | C] -- C:\Users\Fontana\NetHood
[2011/11/13 11:28:13 | 000,000,000 | -HSD | C] -- C:\Users\Fontana\My Documents
[2011/11/13 11:28:13 | 000,000,000 | -HSD | C] -- C:\Users\Fontana\Local Settings
[2011/11/13 11:28:13 | 000,000,000 | -HSD | C] -- C:\Users\Fontana\AppData\Local\History
[2011/11/13 11:28:13 | 000,000,000 | -HSD | C] -- C:\Users\Fontana\Cookies
[2011/11/13 11:28:13 | 000,000,000 | -HSD | C] -- C:\Users\Fontana\Application Data
[2011/11/13 11:28:13 | 000,000,000 | -HSD | C] -- C:\Users\Fontana\AppData\Local\Application Data
[2011/11/13 11:28:13 | 000,000,000 | -H-D | C] -- C:\Users\Fontana\AppData
[2011/11/13 11:28:13 | 000,000,000 | ---D | C] -- C:\Users\Fontana\AppData\Local\Temp
[2011/11/13 11:28:13 | 000,000,000 | ---D | C] -- C:\Users\Fontana\AppData\Local\Microsoft
[2011/11/13 11:28:13 | 000,000,000 | ---D | C] -- C:\Users\Fontana\AppData\Roaming\Media Center Programs

========== Files - Modified Within 30 Days ==========

[2011/11/16 05:38:37 | 000,020,352 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/16 05:38:37 | 000,020,352 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/16 05:31:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/16 05:31:00 | 2767,052,800 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/16 05:17:58 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/11/16 05:17:41 | 000,000,734 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/16 05:06:04 | 000,626,040 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/16 05:06:04 | 000,107,316 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/16 00:08:39 | 000,000,000 | ---- | M] () -- C:\Windows\System32\SBRC.dat
[2011/11/16 00:07:09 | 105,848,832 | ---- | M] () -- C:\Users\Fontana\Desktop\VIPRERescue11052.exe
[2011/11/15 10:44:25 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/11/15 10:34:57 | 000,000,782 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/11/15 10:09:57 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/11/15 00:19:54 | 000,218,688 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2011/11/14 16:38:57 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At1.job
[2011/11/14 16:38:49 | 000,356,600 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/11/14 12:40:52 | 000,002,625 | ---- | M] () -- C:\Users\Fontana\Application Data\Microsoft\Internet Explorer\Quick Launch\Jasc Paint Shop Pro 9.lnk
[2011/11/14 12:31:20 | 000,001,054 | ---- | M] () -- C:\Users\Fontana\Documents - Shortcut.lnk
[2011/11/14 12:30:37 | 000,000,887 | ---- | M] () -- C:\Users\Fontana\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 5.2.9.lnk
[2011/11/14 12:13:44 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdRapi2_01_00_00.Wdf
[2011/11/14 10:05:34 | 000,004,608 | ---- | M] () -- C:\Users\Fontana\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/14 06:27:36 | 000,001,097 | -H-- | M] () -- C:\IPH.PH
[2011/11/14 06:27:32 | 000,001,880 | ---- | M] () -- C:\Users\Fontana\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2011/11/14 06:02:00 | 000,000,635 | ---- | M] () -- C:\Users\Fontana\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2011/11/13 14:16:59 | 000,042,045 | ---- | M] () -- C:\Windows\System32\license.rtf
[2011/11/13 14:14:20 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011/11/13 14:11:52 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2011/11/13 13:26:40 | 000,000,376 | ---- | M] () -- C:\Windows\ODBC.INI
[2011/11/13 11:48:45 | 000,001,044 | ---- | M] () -- C:\Windows\System32\WLAN.INI
[2011/11/13 11:44:47 | 000,001,408 | ---- | M] () -- C:\Users\Fontana\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/11/13 11:44:39 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/11/13 11:34:45 | 000,000,000 | RHS- | M] () -- C:\winx.ld
[2011/11/13 11:34:44 | 000,203,836 | RHS- | M] () -- C:\grldr
[2011/11/07 23:56:54 | 000,000,721 | ---- | M] () -- C:\Users\Fontana\Desktop\Drawn III.lnk
[2011/10/30 08:14:08 | 000,000,794 | ---- | M] () -- C:\Users\Fontana\Desktop\Heavyweight Thunder.lnk
[2011/10/29 09:26:08 | 000,001,259 | ---- | M] () -- C:\Users\Fontana\Desktop\Diner Dash - Flo On The Go.lnk
[2011/10/29 09:14:17 | 005,760,054 | ---- | M] () -- C:\Users\Fontana\Documents\diner-dash-5-boom-collectors wallpaper6.bmp
[2011/10/29 09:14:09 | 005,760,054 | ---- | M] () -- C:\Users\Fontana\Documents\diner-dash-5-boom-collectors wallpaper5.bmp
[2011/10/29 09:14:01 | 005,760,054 | ---- | M] () -- C:\Users\Fontana\Documents\diner-dash-5-boom-collectors wallpaper4.bmp
[2011/10/29 09:13:52 | 005,760,054 | ---- | M] () -- C:\Users\Fontana\Documents\diner-dash-5-boom-collectors wallpaper3.bmp
[2011/10/29 09:13:41 | 005,760,054 | ---- | M] () -- C:\Users\Fontana\Documents\diner-dash-5-boom-collectors wallpaper2.bmp
[2011/10/29 09:13:13 | 005,760,054 | ---- | M] () -- C:\Users\Fontana\Documents\diner-dash-5-boom-collectors wallpaper1.bmp

========== Files Created - No Company Name ==========

[2011/11/16 05:17:41 | 000,000,734 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/16 00:08:39 | 000,000,000 | ---- | C] () -- C:\Windows\System32\SBRC.dat
[2011/11/16 00:07:09 | 105,848,832 | ---- | C] () -- C:\Users\Fontana\Desktop\VIPRERescue11052.exe
[2011/11/15 10:34:57 | 000,000,782 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/11/14 13:00:20 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At1.job
[2011/11/14 12:41:31 | 000,002,625 | ---- | C] () -- C:\Users\Fontana\Application Data\Microsoft\Internet Explorer\Quick Launch\Jasc Paint Shop Pro 9.lnk
[2011/11/14 12:31:20 | 000,001,054 | ---- | C] () -- C:\Users\Fontana\Documents - Shortcut.lnk
[2011/11/14 12:30:37 | 000,000,887 | ---- | C] () -- C:\Users\Fontana\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 5.2.9.lnk
[2011/11/14 12:14:22 | 000,002,419 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Mobile Device Center.lnk
[2011/11/14 12:13:44 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdRapi2_01_00_00.Wdf
[2011/11/14 10:05:16 | 000,004,608 | ---- | C] () -- C:\Users\Fontana\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/14 09:54:59 | 001,907,712 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2011/11/14 09:54:59 | 000,014,848 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2011/11/14 09:54:57 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2011/11/14 09:54:57 | 000,009,728 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2011/11/14 09:54:57 | 000,003,072 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2011/11/14 09:52:32 | 000,002,999 | ---- | C] () -- C:\Users\Fontana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DVD-Cover Printmaster.lnk
[2011/11/14 07:10:16 | 000,000,623 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[2011/11/14 06:42:47 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe
[2011/11/14 06:40:34 | 000,022,723 | ---- | C] () -- C:\Windows\System32\cl31cl3.dll
[2011/11/14 06:40:34 | 000,000,361 | ---- | C] () -- C:\Windows\System32\cl31cl3.smt
[2011/11/14 06:27:32 | 000,001,880 | ---- | C] () -- C:\Users\Fontana\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2011/11/14 06:11:04 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011/11/14 06:01:01 | 000,000,635 | ---- | C] () -- C:\Users\Fontana\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2011/11/13 14:16:47 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011/11/13 14:16:40 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011/11/13 14:14:20 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011/11/13 13:51:13 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2011/11/13 13:26:40 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/11/13 13:02:56 | 000,001,259 | ---- | C] () -- C:\Users\Fontana\Desktop\Diner Dash - Flo On The Go.lnk
[2011/11/13 13:02:56 | 000,000,794 | ---- | C] () -- C:\Users\Fontana\Desktop\Heavyweight Thunder.lnk
[2011/11/13 13:02:56 | 000,000,721 | ---- | C] () -- C:\Users\Fontana\Desktop\Drawn III.lnk
[2011/11/13 13:02:56 | 000,000,481 | ---- | C] () -- C:\Users\Fontana\Desktop\Win 7 ©.lnk
[2011/11/13 13:02:56 | 000,000,466 | ---- | C] () -- C:\Users\Fontana\Desktop\Programs (D).lnk
[2011/11/13 13:02:56 | 000,000,462 | ---- | C] () -- C:\Users\Fontana\Desktop\Data (E).lnk
[2011/11/13 13:02:56 | 000,000,328 | ---- | C] () -- C:\Users\Fontana\Desktop\DVD Burner (F).lnk
[2011/11/13 13:02:47 | 005,760,054 | ---- | C] () -- C:\Users\Fontana\Documents\DreamChroniclesTheBookOfAir flyingoverwish.bmp
[2011/11/13 13:02:47 | 005,760,054 | ---- | C] () -- C:\Users\Fontana\Documents\diner-dash-5-boom-collectors wallpaper6.bmp
[2011/11/13 13:02:47 | 005,760,054 | ---- | C] () -- C:\Users\Fontana\Documents\diner-dash-5-boom-collectors wallpaper5.bmp
[2011/11/13 13:02:47 | 000,118,259 | ---- | C] () -- C:\Users\Fontana\Documents\Settings.cfg
[2011/11/13 13:02:47 | 000,029,494 | ---- | C] () -- C:\Users\Fontana\Documents\Ethernet
[2011/11/13 13:02:47 | 000,024,008 | ---- | C] () -- C:\Users\Fontana\Documents\Settings.ctb
[2011/11/13 13:02:47 | 000,022,335 | ---- | C] () -- C:\Users\Fontana\Documents\Windows Upgrade Advisor.mht
[2011/11/13 13:02:47 | 000,002,248 | ---- | C] () -- C:\Users\Fontana\Documents\MVP BasFranchise.sav
[2011/11/13 13:02:47 | 000,002,248 | ---- | C] () -- C:\Users\Fontana\Documents\EAmoFranchise.sav
[2011/11/13 13:02:46 | 005,760,054 | ---- | C] () -- C:\Users\Fontana\Documents\diner-dash-5-boom-collectors wallpaper4.bmp
[2011/11/13 13:02:46 | 005,760,054 | ---- | C] () -- C:\Users\Fontana\Documents\diner-dash-5-boom-collectors wallpaper3.bmp
[2011/11/13 13:02:46 | 005,760,054 | ---- | C] () -- C:\Users\Fontana\Documents\diner-dash-5-boom-collectors wallpaper2.bmp
[2011/11/13 13:02:46 | 005,760,054 | ---- | C] () -- C:\Users\Fontana\Documents\diner-dash-5-boom-collectors wallpaper1.bmp
[2011/11/13 13:02:46 | 000,000,090 | -HS- | C] () -- C:\Users\Fontana\Documents\desktop (1).ini
[2011/11/13 13:02:46 | 000,000,000 | -H-- | C] () -- C:\Users\Fontana\Documents\Default.rdp
[2011/11/13 11:48:45 | 000,001,044 | ---- | C] () -- C:\Windows\System32\WLAN.INI
[2011/11/13 11:44:47 | 000,001,408 | ---- | C] () -- C:\Users\Fontana\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/11/13 11:43:11 | 000,001,902 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/11/13 11:39:10 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/11/13 11:28:33 | 000,001,414 | ---- | C] () -- C:\Users\Fontana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/11/13 11:28:13 | 000,000,290 | ---- | C] () -- C:\Users\Fontana\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/11/13 11:28:13 | 000,000,272 | ---- | C] () -- C:\Users\Fontana\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 23:33:53 | 000,356,600 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 21:05:48 | 000,626,040 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,107,316 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 19:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/07/13 19:13:41 | 000,053,248 | ---- | C] () -- C:\Windows\System32\NlsLeexicons0027.dll
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/13 18:32:53 | 000,053,248 | ---- | C] () -- C:\Windows\System32\dppapimig.exe
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== LOP Check ==========

[2011/11/14 06:31:44 | 000,000,000 | ---D | M] -- C:\Users\Fontana\AppData\Roaming\acccore
[2011/11/14 07:13:08 | 000,000,000 | ---D | M] -- C:\Users\Fontana\AppData\Roaming\AnvSoft
[2011/11/14 12:32:17 | 000,000,000 | ---D | M] -- C:\Users\Fontana\AppData\Roaming\Azureus
[2011/11/15 06:05:03 | 000,000,000 | ---D | M] -- C:\Users\Fontana\AppData\Roaming\BitTorrent
[2011/11/14 09:52:32 | 000,000,000 | ---D | M] -- C:\Users\Fontana\AppData\Roaming\biu software
[2011/11/14 09:44:30 | 000,000,000 | ---D | M] -- C:\Users\Fontana\AppData\Roaming\DAEMON Tools Pro
[2011/11/14 13:15:29 | 000,000,000 | ---D | M] -- C:\Users\Fontana\AppData\Roaming\Fanda Games
[2011/11/15 00:33:25 | 000,000,000 | ---D | M] -- C:\Users\Fontana\AppData\Roaming\IObit
[2011/11/15 00:29:51 | 000,000,000 | ---D | M] -- C:\Users\Fontana\AppData\Roaming\Jasc
[2011/11/14 16:38:57 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2009/07/13 23:53:46 | 000,009,214 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

Edited by Dom Fontana, 16 November 2011 - 05:50 AM.

  • 0

Advertisements


#2
azarl

azarl

    GeekU Admin

  • Administrator
  • 25,288 posts
OK, let's see if that rootkit has gone

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it
If it asks you whether to download Avast click "No"
Posted Image

Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log...

Posted Image

... save it to your desktop and post in your next reply
  • 0

#3
Dom Fontana

Dom Fontana

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 170 posts
Hi, azari.

Thanks for the response. I haven't had Internet access and that's why I couldn't respond sooner. I am at my friend's computer now. Please leave the topic open and give me a day or so and I will follow your instructions and get back to you.

Thank you.
  • 0

#4
azarl

azarl

    GeekU Admin

  • Administrator
  • 25,288 posts
OK
  • 0

#5
azarl

azarl

    GeekU Admin

  • Administrator
  • 25,288 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP