c00ty123

Members
  • Content count

    1
  • Joined

  • Last visited

About c00ty123

  • Rank
    New Member
  1. This is my malwarebytes's log Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Database version: 8311 Windows 6.1.7601 Service Pack 1 Internet Explorer 8.0.7601.17514 12/11/2011 10:49:07 AM mbam-log-2011-12-11 (10-49-07).txt Scan type: Quick scan Objects scanned: 171164 Time elapsed: 10 minute(s), 34 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 3 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell.Gen) -> Value: Shell -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\016.exe (Backdoor.CycBot) -> Value: 016.exe -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\B79.exe (Backdoor.CycBot) -> Value: B79.exe -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\program files (x86)\LP\E518\016.exe (Backdoor.CycBot) -> Quarantined and deleted successfully. DDS.Txt log . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_27 Run by Silent at 11:03:04 on 2011-12-11 Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.2046.888 [GMT -8:00] . AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Windows\system32\Dwm.exe C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe C:\Program Files (x86)\GameTracker\GSInGameService.exe C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files (x86)\Giraffic\Veoh_Giraffic.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Simba\Simba.exe C:\Windows\system32\conhost.exe C:\Windows\system32\taskmgr.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\explorer.exe C:\Program Files\TortoiseSVN\bin\TSVNCache.exe C:\Windows\system32\NOTEPAD.EXE C:\Windows\explorer.exe C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.sharewareisland.com mStart Page = hxxp://www.sharewareisland.com uInternet Settings,ProxyOverride = *.local uInternet Settings,ProxyServer = http=127.0.0.1:63535 uSearchAssistant = hxxp://www.sharewareisland.com/quicksearch.aspx mSearchAssistant = hxxp://www.sharewareisland.com/quicksearch.aspx uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll uURLSearchHooks: Veoh Web Player Toolbar: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files (x86)\Veoh_Web_Player\prxtbVeo2.dll mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll mURLSearchHooks: Veoh Web Player Toolbar: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files (x86)\Veoh_Web_Player\prxtbVeo2.dll mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll BHO: Veoh Web Player Toolbar: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files (x86)\Veoh_Web_Player\prxtbVeo2.dll BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll TB: Veoh Web Player Toolbar: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files (x86)\Veoh_Web_Player\prxtbVeo2.dll TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background uRun: [Google Update] "C:\Users\Silent\AppData\Local\Google\Update\GoogleUpdate.exe" /c mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostart mRun: [<NO NAME>] mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" mRun: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript StartupFolder: C:\Users\Silent\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\AUTOSH~1.LNK - C:\Program Files (x86)\Auto Shutdown\AutoShutdown.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: HideSCAHealth = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 10.0.0.1 TCP: Interfaces\{364DEB28-6DEE-44A1-91EA-3D0EF968A93F} : DhcpNameServer = 10.26.32.1 TCP: Interfaces\{55A8E47B-3F02-4ECE-A842-C32F1E49717B} : DhcpNameServer = 10.0.0.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO-X64: SkypeIEPluginBHO - No File BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll BHO-X64: uTorrentBar - No File BHO-X64: Veoh Web Player Toolbar: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files (x86)\Veoh_Web_Player\prxtbVeo2.dll BHO-X64: Veoh Web Player - No File BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll BHO-X64: Ask Toolbar BHO - No File BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO-X64: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll TB-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll TB-X64: Veoh Web Player Toolbar: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files (x86)\Veoh_Web_Player\prxtbVeo2.dll TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll TB-X64: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostart mRun-x64: [(Default)] mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" mRun-x64: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL Hosts: 66.235.120.101 http://www.qbyrd.com/ Hosts: 74.208.10.249 gs.apple.com . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Silent\AppData\Roaming\Mozilla\Firefox\Profiles\vxio2tv6.default\ FF - prefs.js: network.proxy.type - 0 FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll FF - plugin: C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: C:\Users\Silent\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll FF - plugin: C:\Users\Silent\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Myibay Firefox extension: firefox1@myibay.com - %profile%\extensions\firefox1@myibay.com FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} FF - Ext: YouTube to MP3: youtube2mp3@mondayx.de - %profile%\extensions\youtube2mp3@mondayx.de . ---- FIREFOX POLICIES ---- FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false ============= SERVICES / DRIVERS =============== . R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 Giraffic;Veoh Giraffic Video Accelerator;C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe --service --> C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe --service [?] R2 GS In-Game Service;GS In-Game Service;C:\Program Files (x86)\GameTracker\GSInGameService.exe [2011-4-29 1677096] R2 hshld;Hotspot Shield Service;C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe [2011-10-5 288088] R2 HssWd;Hotspot Shield Monitoring Service;C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS --> C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS [?] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-1-7 378984] R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-9-18 2358656] R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?] R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?] R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?] S3 DrvAgent64;DrvAgent64;C:\Windows\SysWOW64\drivers\DrvAgent64.SYS [2011-9-10 21712] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 51740536] S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?] S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?] S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992] S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096] S3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys --> C:\Windows\system32\drivers\synth3dvsc.sys [?] S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?] S3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] . =============== Created Last 30 ================ . 2011-12-11 18:47:54 -------- d-----w- C:\Users\Silent\AppData\Roaming\88A6F 2011-12-11 18:47:37 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C33858A2-CD70-4DD3-84D1-889F33875C1B}\offreg.dll 2011-12-11 18:47:26 8822856 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C33858A2-CD70-4DD3-84D1-889F33875C1B}\mpengine.dll 2011-12-11 18:45:04 -------- d-----w- C:\Program Files (x86)\LP 2011-12-11 15:50:57 -------- d-----w- C:\Program Files (x86)\6F429 2011-12-11 14:32:47 -------- d-----w- C:\Users\Silent\AppData\Local\{AD6271C8-29A4-487C-BD94-61CB00999FA7} 2011-12-11 14:31:13 -------- d-----w- C:\Users\Silent\AppData\Local\{DF1A17C0-AA2B-470C-842D-5CBD4B61AA62} 2011-12-10 15:47:09 -------- d-----w- C:\Users\Silent\AppData\Local\{07A040ED-3E89-47EF-977A-865A32CCC447} 2011-12-10 15:45:35 -------- d-----w- C:\Users\Silent\AppData\Local\{6C5E98F1-960A-439A-89E0-38D2083994FA} 2011-12-09 14:28:56 -------- d-----w- C:\Users\Silent\AppData\Local\{02CEE87E-0A6B-4697-8C77-BD22586A057F} 2011-12-09 14:27:20 -------- d-----w- C:\Users\Silent\AppData\Local\{86BF1420-0103-43A2-ACE2-5CAEDF8A8719} 2011-12-09 08:09:26 -------- d-----w- C:\Users\Silent\AppData\Local\AutoShutdown 2011-12-09 08:08:43 -------- d-----w- C:\Program Files (x86)\Auto Shutdown 2011-12-08 14:19:47 -------- d-----w- C:\Users\Silent\AppData\Local\{5840E828-F538-46B2-9534-CCF6194633A6} 2011-12-08 14:18:11 -------- d-----w- C:\Users\Silent\AppData\Local\{75D5F7BC-4070-4A28-A61E-9B7B949E390C} 2011-12-07 14:17:22 -------- d-----w- C:\Users\Silent\AppData\Local\{A6D32175-14A1-412D-8A08-8134048FAE32} 2011-12-06 14:22:49 -------- d-----w- C:\Users\Silent\AppData\Local\{0FCCFA7E-9DBA-42D7-AB1B-92086D3184A1} 2011-12-06 14:21:13 -------- d-----w- C:\Users\Silent\AppData\Local\{EA6B59C2-F22D-4A33-B495-F28322CDE287} 2011-12-05 14:24:14 -------- d-----w- C:\Users\Silent\AppData\Local\{5640BACE-38E7-4194-8751-E35BB9C3B498} 2011-12-04 23:11:17 -------- d-----w- C:\Program Files (x86)\Key Mouse Genie 2011-12-04 23:11:10 249856 ------w- C:\Windows\Setup1.exe 2011-12-04 23:11:06 73216 ----a-w- C:\Windows\ST6UNST.EXE 2011-12-04 14:57:38 -------- d-----w- C:\Users\Silent\AppData\Local\{4E27D69A-34EF-4BEF-AC72-769F7797F8B5} 2011-12-04 14:55:58 -------- d-----w- C:\Users\Silent\AppData\Local\{430794BB-E058-46A0-B122-6DEE56D7018B} 2011-12-03 15:29:49 -------- d-----w- C:\Users\Silent\AppData\Local\{114AFBFA-9199-4718-B986-FFE11B05D363} 2011-12-03 15:28:17 -------- d-----w- C:\Users\Silent\AppData\Local\{89AF5009-CE93-4FEB-9180-3FE3418733CE} 2011-12-03 02:13:01 -------- d-----w- C:\Users\Silent\AppData\Local\{3758CEBA-5ED7-466F-859F-E5687B46B250} 2011-12-03 02:12:32 -------- d-----w- C:\Users\Silent\AppData\Local\{01AF1BB8-748D-4AC4-A548-88BC83963F1B} 2011-12-02 20:31:45 -------- d-----w- C:\Users\Silent\AppData\Local\TSVNCache 2011-12-02 20:25:36 -------- d-----w- C:\Users\Silent\AppData\Roaming\TortoiseSVN 2011-12-02 20:21:04 -------- d-----w- C:\Users\Silent\AppData\Roaming\Subversion 2011-12-02 20:20:42 -------- d-----w- C:\Program Files (x86)\Common Files\TortoiseOverlays 2011-12-02 20:20:39 -------- d-----w- C:\Program Files\Common Files\TortoiseOverlays 2011-12-02 20:20:38 -------- d-----w- C:\Program Files\TortoiseSVN 2011-12-02 19:56:26 -------- d-----w- C:\Simba 2011-12-02 19:44:59 348160 ----a-w- C:\Windows\system\msvcr71.dll 2011-12-02 14:12:05 -------- d-----w- C:\Users\Silent\AppData\Local\{99FD21BD-C48F-4EDD-8800-E0F84733B854} 2011-12-02 14:10:44 -------- d-----w- C:\Users\Silent\AppData\Local\{45ED114B-DADF-4182-8AFB-844AF684560D} 2011-12-02 08:18:41 348160 ----a-w- C:\Windows\System32\msvcr71.dll 2011-12-01 07:53:18 -------- d-----w- C:\Users\Silent\AppData\Local\{A943FB5C-5BB1-4CB2-982F-CC4A28ED0CC4} 2011-12-01 07:51:30 -------- d-----w- C:\Users\Silent\AppData\Local\{1214FD65-123E-4541-966B-B6F9131619D9} 2011-11-30 15:50:08 -------- d-----w- C:\Users\Silent\AppData\Local\{856AC223-E866-4CF7-9EC5-706BAA5B1A27} 2011-11-30 15:49:57 -------- d-----w- C:\Users\Silent\AppData\Local\{4D08F30A-1738-4A68-AFBE-357A1FAEE695} 2011-11-30 03:49:29 -------- d-----w- C:\Users\Silent\AppData\Local\{8F1109CE-D850-4CD3-A156-A63F680246F2} 2011-11-30 03:47:54 -------- d-----w- C:\Users\Silent\AppData\Local\{AC484A02-E3F7-4151-ACAE-4AD75DD11841} 2011-11-29 14:19:17 -------- d-----w- C:\Users\Silent\AppData\Local\{B1579EEB-35E1-4444-8B37-09203C95E676} 2011-11-29 14:17:40 -------- d-----w- C:\Users\Silent\AppData\Local\{359AFCAF-0E65-4C83-A1DC-3934E027F0A4} 2011-11-28 14:03:52 -------- d-----w- C:\Users\Silent\AppData\Local\{2DF8C178-D6AE-4298-A65F-EC73EA943B79} 2011-11-28 14:02:34 -------- d-----w- C:\Users\Silent\AppData\Local\{E4E12018-1112-407B-AD55-0D500C99E7FC} 2011-11-27 14:11:46 -------- d-----w- C:\Users\Silent\AppData\Local\{82054EF3-3DF8-489C-A634-7545C4D21525} 2011-11-27 14:10:25 -------- d-----w- C:\ProgramData\DivX 2011-11-27 14:10:11 -------- d-----w- C:\Users\Silent\AppData\Local\{5C1A9FEA-142E-4ABA-8DA9-D4D499C42A76} 2011-11-27 01:19:38 158056 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10139.bin 2011-11-27 00:30:32 -------- d-----w- C:\Users\Silent\AppData\Local\{8A9F3A84-5BF8-4A00-AA8B-CC7EBA3A6AEE} 2011-11-27 00:28:58 -------- d-----w- C:\Users\Silent\AppData\Local\{B070C566-8A0A-48CC-8388-BA6AAA64CE19} 2011-11-27 00:26:26 -------- d-----w- C:\Users\Silent\AppData\Local\{ABA75D94-7F41-47F3-A27D-C3DE1CEF9FEB} 2011-11-24 05:52:34 -------- d-----w- C:\Users\Silent\AppData\Local\{8319C73E-A60E-44AD-92C6-5FDAD4073533} 2011-11-24 05:51:07 -------- d-----w- C:\Users\Silent\AppData\Local\{5A95D510-E74E-4177-94D1-295D58E8C9C9} 2011-11-24 05:47:35 -------- d-----w- C:\Users\Silent\AppData\Local\{7C46EAA1-479D-4517-8C40-17465492823A} 2011-11-24 05:45:53 -------- d-----w- C:\Users\Silent\AppData\Local\{86F1F1AF-3B8D-4FB1-8E5A-564C8A7F7508} 2011-11-23 17:40:39 -------- d-----w- C:\Users\Silent\AppData\Local\{EA554292-F823-4941-9195-3204EA67A222} 2011-11-23 17:39:18 -------- d-----w- C:\Users\Silent\AppData\Local\{14FA9EA3-1A32-4F05-B4BB-D7E82C6B578B} 2011-11-23 14:37:05 -------- d-----w- C:\Users\Silent\AppData\Local\{C2106C28-16AF-406D-AC0F-C5ABA1842376} 2011-11-23 14:22:18 -------- d-----w- C:\Users\Silent\AppData\Local\{C68BED96-6E4E-4970-886C-2F1FD6ADF6CA} 2011-11-22 14:21:32 -------- d-----w- C:\Users\Silent\AppData\Local\{1A7E6184-05E0-4E75-8E48-B56D293AA843} 2011-11-22 14:19:57 -------- d-----w- C:\Users\Silent\AppData\Local\{B51CBAB2-2A88-48F9-9CC9-CD1FB9B2A571} 2011-11-21 14:37:46 -------- d-----w- C:\Users\Silent\AppData\Local\{86DC5C39-4B04-437A-8F33-AB93A092E136} 2011-11-21 14:36:09 -------- d-----w- C:\Users\Silent\AppData\Local\{43BF3E9E-3582-4D4F-A59D-BFD3717B12C3} 2011-11-21 02:33:42 -------- d-----w- C:\Users\Silent\AppData\Local\{562143CB-E961-4530-BF3C-8E447FB2D419} 2011-11-20 14:33:16 -------- d-----w- C:\Users\Silent\AppData\Local\{7F434A88-77F5-474B-A96E-38E7A748C403} 2011-11-20 14:31:39 -------- d-----w- C:\Users\Silent\AppData\Local\{86EBBED9-6D28-440C-87D8-B9964884C6FC} 2011-11-20 01:14:39 -------- d-----w- C:\Users\Silent\AppData\Local\{B709793F-3293-45BB-952A-89C1CC26BF87} 2011-11-20 01:13:35 -------- d-----w- C:\Users\Silent\AppData\Local\{979DACAD-7629-4A2D-AAC3-13C8DBFEBFC3} 2011-11-19 13:13:09 -------- d-----w- C:\Users\Silent\AppData\Local\{2FBFA570-0B4D-4B78-B40A-88DAB8D47573} 2011-11-19 13:11:31 -------- d-----w- C:\Users\Silent\AppData\Local\{0E072B45-EA9C-4EBD-90A4-A631ADB1D4C2} 2011-11-18 13:55:24 -------- d-----w- C:\Users\Silent\AppData\Local\{F88635B3-5098-48B6-B3A8-AF4A4852C01D} 2011-11-18 13:53:43 -------- d-----w- C:\Users\Silent\AppData\Local\{2099F93D-1656-4771-89BE-C937A4FF7D86} 2011-11-17 14:11:48 -------- d-----w- C:\Users\Silent\AppData\Local\{2F41527A-0370-41B3-B250-007EA4C47F39} 2011-11-17 14:11:37 -------- d-----w- C:\Users\Silent\AppData\Local\{6109CA15-96C3-42A9-8765-9DDAE374ED05} 2011-11-17 06:49:47 -------- d-----w- C:\Program Files (x86)\Ask.com 2011-11-17 02:11:11 -------- d-----w- C:\Users\Silent\AppData\Local\{A30487F8-09D2-4FE9-9CCF-0742556DA597} 2011-11-17 02:10:59 -------- d-----w- C:\Users\Silent\AppData\Local\{A69399A4-56BC-4989-9010-4763AFD2702D} 2011-11-16 14:10:32 -------- d-----w- C:\Users\Silent\AppData\Local\{7250D029-7D46-453D-A37A-66027367AA51} 2011-11-16 14:09:06 -------- d-----w- C:\Users\Silent\AppData\Local\{E6361CFE-A2E3-45FB-B8D4-0100DDADE154} 2011-11-15 13:55:45 -------- d-----w- C:\Users\Silent\AppData\Local\{21CF04CD-3421-49B4-AB63-2D34811909D2} 2011-11-15 13:54:32 -------- d-----w- C:\Users\Silent\AppData\Local\{7ADC17FF-81C9-4240-9FA9-4C1985CCB3EA} 2011-11-14 18:43:13 -------- d-----w- C:\Users\Silent\AppData\Local\{8527D8C6-ED59-450A-BFC7-2CD02990403D} 2011-11-14 18:42:25 -------- d-----w- C:\Users\Silent\AppData\Local\{41B8CDBE-45C9-4554-B394-9C20F1DC08A4} 2011-11-14 17:45:58 -------- d-----w- C:\Users\Silent\AppData\Local\{8564A08F-63C1-4C57-96DB-C69DE65314E8} 2011-11-14 17:45:12 -------- d-----w- C:\Users\Silent\AppData\Local\{0193752F-C3A0-4262-8A19-34F7867D0907} 2011-11-14 17:30:12 -------- d-----w- C:\Users\Silent\AppData\Local\{48C30FAE-A5B0-4446-AC2F-A269FC4A7195} 2011-11-14 17:29:25 -------- d-----w- C:\Users\Silent\AppData\Local\{787A3405-0187-4C24-BDB7-B5B8923F27B4} 2011-11-14 16:51:58 -------- d-----w- C:\Users\Silent\AppData\Local\{86B46405-ED0B-46E1-9203-87F1B7FC7EB8} 2011-11-14 16:41:47 -------- d-----w- C:\Users\Silent\AppData\Local\{E990242F-C9A7-486C-9B32-735BAAC1D796} 2011-11-14 16:40:16 -------- d-----w- C:\Users\Silent\AppData\Local\{613F863A-DA1B-4B27-89E8-3022F5274EF9} 2011-11-14 15:14:58 -------- d-----w- C:\Users\Silent\AppData\Local\{ED1A7BED-9685-4E52-91B2-C2C83D65B35D} 2011-11-14 14:32:48 -------- d-----w- C:\Users\Silent\AppData\Local\{B1D6F34B-C62B-4070-8FE4-A7C0F79EE8E9} 2011-11-14 14:08:07 -------- d-----w- C:\Users\Silent\AppData\Local\{7E9DD49C-8EA6-47A6-BE80-4F5876F7CA48} 2011-11-14 14:06:31 -------- d-----w- C:\Users\Silent\AppData\Local\{E76D1207-FA79-49AD-B8CB-A7D6658D31FC} 2011-11-13 14:29:01 -------- d-----w- C:\Users\Silent\AppData\Local\{99817E7B-F048-4044-BF59-DE70704B2267} 2011-11-13 14:27:23 -------- d-----w- C:\Users\Silent\AppData\Local\{76B2232B-BD99-4FC2-8394-275B3AF6389E} 2011-11-12 13:46:19 -------- d-----w- C:\Users\Silent\AppData\Local\{6A30E6F3-EE22-4F8B-A3C3-95CDFB8CA0CE} 2011-11-12 13:44:50 -------- d-----w- C:\Users\Silent\AppData\Local\{4F91C24E-AC57-444D-B3A8-1EA730ED526E} 2011-11-12 04:23:05 -------- d-----r- C:\Program Files (x86)\Skype 2011-11-11 19:17:23 -------- d-----w- C:\Users\Silent\AppData\Local\{1B726F14-B8F5-487E-B4BF-8B350BB689A5} 2011-11-11 19:16:04 -------- d-----w- C:\Users\Silent\AppData\Local\{67F5A944-EB6F-4B7E-87FA-B369C0DD6BBA} . ==================== Find3M ==================== . 2011-10-03 23:41:58 165680 ----a-w- C:\Windows\System32\drivers\VBoxNetFlt.sys 2011-10-03 23:41:58 146736 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys 2011-10-03 23:41:56 320816 ----a-w- C:\Windows\System32\VBoxNetFltNobj.dll 2011-10-03 23:41:56 224048 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys 2011-10-03 23:41:56 130864 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys 2011-10-01 03:25:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb 2011-10-01 02:42:56 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2011-09-29 16:29:28 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2011-09-29 04:03:32 3144704 ----a-w- C:\Windows\System32\win32k.sys . ============= FINISH: 11:04:19.39 =============== ESET scanner picked up some more viruses. C:\Program Files (x86)\6F429\lvvm.exe a variant of Win32/Kryptik.XCM trojan C:\Program Files (x86)\Cheat Engine 6.1\cheatengine-i386.exe a variant of Win32/HackTool.CheatEngine.AB application C:\Program Files (x86)\LP\E518\1E49.tmp a variant of Win32/Kryptik.XCM trojan Attach.txt