View Full Version : Infected with several rootkits
Hello,
My system has been acting slow lately, but nothing could detect the cause, so i gave Spybot Search & Destroy 2 Beta a whirl, and chose the Rootkit quick scan and what do you know it found several rootkits in my system, particularly:
C:\Windows\0
C:\Windows\system32\5-18
and C:\windows\<some weird characters here>, i have added the logs requested, please help
Also note that i ran Combofix and it found some other malware but nothing related to what S&D 2.0 found
Regards,
DDS (Ver_2012-11-07.01) - NTFS_x86
Internet Explorer: 9.0.8112.16450 BrowserJavaVersion: 10.9.2
Run by R0M at 4:47:49 on 2012-11-12
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.3070.1359 [GMT -5:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Rising\RSD\RsMgrSvc.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\NetWorx\networx.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Windows\System32\ico.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Rising\RSD\popwndexe.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\GetRight\GetRight.exe
C:\Program Files\Teco Image Systems\iCan-Print_Setup\pjsua_Win.exe
C:\Windows\system32\dns-sd.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\Pmxmiced.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\mobsync.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Users\R0M\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\R0M\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\R0M\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\R0M\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\R0M\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Emsisoft Anti-Malware\a2service.exe
C:\Windows\system32\taskeng.exe
C:\Users\R0M\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\R0M\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\R0M\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\R0M\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = about:blank
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: IE to GetRight Helper: {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - c:\program files\getright\xx2gr.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\dell\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: &NetWorx Desk Band: {FEEA54B4-D80F-41C7-87B9-DC08E6D3255F} - c:\program files\networx\deskband.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
uRun: [Facebook Update] "c:\users\r0m\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [NetWorx] "c:\program files\networx\networx.exe" /auto
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [Ad-Aware Browsing Protection] "c:\programdata\ad-aware browsing protection\adawarebp.exe"
mRun: [PMX Daemon] ICO.EXE
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [RSDTRAY] "c:\program files\rising\rsd\popwndexe.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [emsisoft anti-malware] "c:\program files\emsisoft anti-malware\a2guard.exe" /d=60
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\getright.lnk - c:\program files\getright\GetRight.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\ican-print server.lnk - c:\windows\installer\{c09424a2-9938-4370-884e-f33b753f511e}\_25EFA6BAAAE534F92BD016.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download with GetRight - c:\program files\getright\GRdownload.htm
IE: Open with GetRight Browser - c:\program files\getright\GRbrowse.htm
IE: Send To &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: NameServer = 24.201.245.77 24.200.241.37 24.200.243.189
TCP: Interfaces\{5AA86C8E-11D9-49BC-B0A3-5A4DAFD1F8E7} : DHCPNameServer = 24.201.245.77 24.200.243.189 24.200.241.37
TCP: Interfaces\{873CAC62-B718-47D2-82ED-BE05D4BF6D88} : DHCPNameServer = 24.201.245.77 24.200.241.37 24.200.243.189
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\r0m\appdata\roaming\mozilla\firefox\profiles\3ha9f3yu.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\r0m\appdata\local\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: !HIDDEN! 2010-01-14 17:28; http://forums.spybot.info/misc.php?do=email_dev&email=c21hcnR3ZWJwcmludGluZ0BocC5jb20=; c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [2012-6-12 16064]
R1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\emsisoft anti-malware\a2ddax86.sys [2012-11-11 17904]
R1 ggc;ggc;c:\windows\system32\drivers\ggc.sys [2012-3-7 49864]
R1 networx;networx;c:\windows\system32\drivers\networx.sys [2011-10-18 51976]
R2 a2AntiMalware;Emsisoft Anti-Malware 7.0 - Service;c:\program files\emsisoft anti-malware\a2service.exe [2012-11-11 3084176]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-7-4 217088]
R2 catflt;catflt;c:\windows\system32\drivers\catflt.sys [2011-12-22 110408]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2011-9-26 374704]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2011-9-16 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2011-10-21 47640]
R2 ReflectService.exe;Macrium Reflect Image Mounting Service;c:\program files\macrium\reflect\ReflectService.exe [2012-6-12 224960]
R2 rsdsys;rsd protect;c:\windows\system32\drivers\protreg.sys [2012-10-29 21208]
R2 RsMgrSvc;Rsd Service;c:\program files\rising\rsd\RsMgrSvc.exe [2012-10-29 150168]
R2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt60.sys [2008-10-8 27648]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2012-8-28 92632]
R2 WDDriveService;WD Drive Manager;c:\program files\western digital\wd drive manager\WDDriveService.exe [2012-6-13 248248]
R3 pmxmouse;PMXMOUSE;c:\windows\system32\drivers\pmxmouse.sys [2008-10-8 18432]
R3 pmxusblf;PMXUSBLF;c:\windows\system32\drivers\pmxusblf.sys [2008-10-8 19008]
R3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [2008-10-27 127496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe -product hss --> c:\program files\hotspot shield\bin\hsswd.exe -product HSS [?]
S3 a2acc;a2acc;c:\program files\emsisoft anti-malware\a2accx86.sys [2012-11-11 54072]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [2008-12-7 30088]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2009-8-13 13224]
S3 PCDSRVC{E9D79540-57D5953E-06020200}_0;PCDSRVC{E9D79540-57D5953E-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc.pkms [2012-8-17 22640]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2012-2-6 27192]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [2008-10-15 90536]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [2008-10-15 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [2008-10-15 122152]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [2008-10-15 115496]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [2008-10-15 25768]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [2008-10-15 111912]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [2008-10-15 117672]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2011-12-16 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2008-10-8 73728]
.
=============== Created Last 30 ================
.
2012-11-12 03:24:25 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2012-11-12 02:54:44 -------- d-----w- C:\TDSSKiller_Quarantine
2012-11-11 23:39:39 -------- d-----w- c:\users\r0m\appdata\local\temp
2012-11-11 23:38:09 -------- d-sh--w- C:\$RECYCLE.BIN
2012-11-11 23:01:33 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2012-11-11 23:01:33 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2012-11-11 23:01:33 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2012-11-11 23:01:33 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2012-11-11 23:01:33 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2012-11-11 23:01:33 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2012-11-11 23:01:33 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2012-11-09 17:19:55 6918632 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{ad0b4ccd-724e-4a54-b2b0-b517de94a2ce}\mpengine.dll
2012-10-31 23:58:38 -------- d-----w- c:\program files\Teco Image Systems
2012-10-30 02:56:33 -------- d-----r- C:\RavBin
2012-10-30 02:54:58 21208 ----a-w- c:\windows\system32\drivers\protreg.sys
2012-10-30 02:54:58 -------- d-----w- c:\program files\Rising
2012-10-30 02:54:41 -------- d-----w- c:\programdata\Rising
2012-10-28 20:41:38 -------- d-----w- c:\programdata\GFI Software
2012-10-26 21:41:49 -------- d-----w- c:\program files\common files\Western Digital
2012-10-26 21:41:48 -------- d-----w- c:\program files\Western Digital
2012-10-26 21:40:49 -------- d-----w- c:\users\r0m\appdata\local\Western Digital
2012-10-25 08:12:26 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-10-25 08:12:26 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-10-20 10:29:05 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
==================== Find3M ====================
.
2012-11-12 03:05:04 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-12 03:05:04 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-05 20:32:56 83912 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-11-05 20:32:56 52648 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2012-11-05 20:32:55 92072 ----a-w- c:\windows\system32\LMIinit.dll
2012-11-05 20:32:55 31144 ----a-w- c:\windows\system32\LMIport.dll
2012-09-13 13:28:08 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-05 08:08:30 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-05 08:08:28 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-31 20:02:43 108048 ----a-w- c:\windows\RegBootClean.exe
2012-08-29 11:27:41 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-29 11:27:41 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-24 15:53:29 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-08-24 06:59:17 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-21 17:01:22 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 17:01:22 106928 ----a-w- c:\windows\system32\GEARAspi.dll
.
============= FINISH: 4:48:11.93 ===============
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-12 04:50:29
-----------------------------
04:50:29.311 OS Version: Windows 6.0.6002 Service Pack 2
04:50:29.311 Number of processors: 4 586 0xF0B
04:50:29.312 ComputerName: ROMSTER2 UserName: R0M
04:50:30.993 Initialize success
04:50:55.166 AVAST engine defs: 12111101
04:51:00.456 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
04:51:00.457 Disk 0 Vendor: SAMSUNG_HD502IJ 1AA01113 Size: 476940MB BusType: 3
04:51:00.460 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-2
04:51:00.462 Disk 1 Vendor: ST31000340AS SD1A Size: 953869MB BusType: 3
04:51:00.464 Disk 2 \Device\Harddisk2\DR2 -> \Device\0000007a
04:51:00.467 Disk 2 Vendor: Size: 953869MB BusType: 0
04:51:00.469 Disk 3 \Device\Harddisk3\DR3 -> \Device\0000007b
04:51:00.472 Disk 3 Vendor: Size: 953869MB BusType: 0
04:51:00.475 Disk 4 \Device\Harddisk4\DR4 -> \Device\0000007c
04:51:00.478 Disk 4 Vendor: Size: 953869MB BusType: 0
04:51:00.481 Disk 5 \Device\Harddisk5\DR5 -> \Device\0000007d
04:51:00.484 Disk 5 Vendor: Size: 953869MB BusType: 0
04:51:00.488 Disk 6 \Device\Harddisk6\DR6 -> \Device\00000085
04:51:00.493 Disk 6 Vendor: Size: 953869MB BusType: 0
04:51:00.514 Disk 0 MBR read successfully
04:51:00.518 Disk 0 MBR scan
04:51:00.524 Disk 0 Windows VISTA default MBR code
04:51:00.529 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 62 MB offset 63
04:51:00.538 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15360 MB offset 129024
04:51:00.553 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 461516 MB offset 31586304
04:51:00.571 Disk 0 scanning sectors +976771072
04:51:00.695 Disk 0 scanning C:\Windows\system32\drivers
04:51:11.830 Service scanning
04:51:33.878 Modules scanning
04:51:42.230 Disk 0 trace - called modules:
04:51:42.286 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys
04:51:42.290 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x860a54c0]
04:51:42.294 3 CLASSPNP.SYS[8ada48b3] -> nt!IofCallDriver -> [0x8522c538]
04:51:42.299 5 acpi.sys[830956bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84ff0b98]
04:51:43.779 AVAST engine scan C:\Windows
04:51:52.920 AVAST engine scan C:\Windows\system32
04:54:22.138 AVAST engine scan C:\Windows\system32\drivers
04:54:33.384 AVAST engine scan C:\Users\R0M
06:19:08.902 AVAST engine scan C:\ProgramData
06:21:16.968 Scan finished successfully
12:35:53.441 Disk 0 MBR has been saved successfully to "C:\Users\R0M\Desktop\MBR.dat"
12:35:53.508 The log file has been saved successfully to "C:\Users\R0M\Desktop\aswMBR.txt"
Facebook.Messenger: [SBI $63375265] User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2255320971-820056546-208935856-1000\Software\Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}
Facebook.Messenger: [SBI $9191B288] User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2255320971-820056546-208935856-1000\Software\Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}
Facebook.Messenger: [SBI $6D1029B1] User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2255320971-820056546-208935856-1000\Software\Classes\FacebookUpdate.OnDemandCOMClassUser
Facebook.Messenger: [SBI $7F45EA00] User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2255320971-820056546-208935856-1000\Software\Classes\FacebookUpdate.OnDemandCOMClassUser.1.0
Facebook.Messenger: [SBI $59117437] User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2255320971-820056546-208935856-1000\Software\Facebook
Facebook.Messenger: [SBI $62F77180] Settings (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}
Facebook.Messenger: [SBI $9051916D] Settings (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}
Facebook.Messenger: [SBI $573FFD1B] Settings (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{132885F2-8DE9-40F2-BEAE-1B31FDBAB159}
Facebook.Messenger: [SBI $BAA66334] Settings (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{3B692A7D-330E-4388-A955-724500AC0BC5}
Facebook.Messenger: [SBI $C061D222] Settings (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{649D9E01-9847-4EE9-9145-2CB4BC8298D0}
Facebook.Messenger: [SBI $6B188C64] Settings (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{71692661-DCBA-484A-BD41-A39404532B52}
Facebook.Messenger: [SBI $D849531E] Settings (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{B72C7377-0AA5-4F52-BDA2-85C4D1DB930E}
Facebook.Messenger: [SBI $06D47759] Settings (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{D0843545-5E7C-4C6D-B4E2-05948F759440}
Uniblue.DriverScanner: [SBI $5530A65D] Program directory (Directory, nothing done)
C:\Users\R0M\AppData\Roaming\Uniblue\
Uniblue.DriverScanner: [SBI $DE69382C] Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Uniblue
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-01-26 TeaTimer.exe (1.6.4.26)
2012-11-12 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2012-10-31 Includes\Adware.sbi (*)
2012-11-07 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2012-09-26 Includes\DialerC.sbi (*)
2012-01-31 Includes\HeavyDuty.sbi (*)
2012-10-16 Includes\Hijackers.sbi (*)
2012-11-07 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2012-03-13 Includes\Keyloggers.sbi (*)
2012-03-13 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2012-08-28 Includes\Malware.sbi (*)
2012-11-07 Includes\MalwareC.sbi (*)
2012-10-24 Includes\PUPS.sbi (*)
2012-10-30 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2012-06-19 Includes\Security.sbi (*)
2011-12-13 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2012-09-05 Includes\Spyware.sbi (*)
2012-09-04 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2011-09-28 Includes\Trojans.sbi (*)
2012-10-31 Includes\TrojansC-02.sbi (*)
2012-11-07 Includes\TrojansC-03.sbi (*)
2012-10-24 Includes\TrojansC-04.sbi (*)
2012-08-31 Includes\TrojansC-05.sbi (*)
2012-10-31 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
---------------------------------------------
Edit
Waiting for help in the Malware Forum FOUR days or longer? (http://forums.spybot.info/showthread.php?t=1137)
shelf life
2012-11-20, 21:24
hi oyehia,
Your post is a few days old. If you still need help simply reply back.
Yes i still need help, been waiting enough :)
shelf life
2012-11-21, 02:25
ok. The version of Spybot you have is a beta version. The stable version was released a few days ago. I would uninstall it via add/remove programs panel, reboot your machine then download and install the current version (http://www.safer-networking.org/) and run it.
K i get the following when i run Rootkit Scan
The quickscan found evidence suggesting a possible rootkit infection!
Detected items:
C:\windows\system32\5-18
C:\windows\system32\null
C:\windows\system32\??
Btw the system took a long time to boot after i uninstalled the old version
Regards,
shelf life
2012-11-21, 17:11
Thats not a lot to go on. You ran tdsskiller, did it remove anything? You can find its log in your root drive, usually C:
TDSSKILLER.2.8.13.0_15.10.2012_17.34.06_log.txt (name,version#,date,time)
Please post the log.
Also looking in your root drive you will find a folder called Qoobox, inside this folder theres a text file called Combofix-quarantined-files.txt
Please copy/paste that log in your reply also.
It says the file is too huge to attach as txt, and i cannot paste it here again too large...
2012-11-11 18:16:09 . 2012-11-11 18:16:09 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMHFB01.tmp.vir
2012-11-11 18:15:45 . 2012-11-11 18:15:45 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH9E88.tmp.vir
2012-11-11 18:15:14 . 2012-11-11 18:15:14 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH251B.tmp.vir
2012-11-11 18:11:35 . 2012-11-11 18:11:36 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMHCE34.tmp.vir
2012-11-11 18:07:55 . 2012-11-11 18:07:55 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH70C9.tmp.vir
2012-11-11 18:05:55 . 2012-11-11 18:05:56 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH9DAB.tmp.vir
2012-11-11 18:04:34 . 2012-11-11 18:04:34 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH5FB9.tmp.vir
2012-11-11 18:04:20 . 2012-11-11 18:04:20 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH26C9.tmp.vir
2012-11-11 18:04:06 . 2012-11-11 18:04:06 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMHF25E.tmp.vir
2012-11-11 18:02:20 . 2012-11-11 18:02:20 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH5383.tmp.vir
2012-11-11 17:58:39 . 2012-11-11 17:58:39 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMHF4EF.tmp.vir
2012-11-10 18:53:13 . 2012-11-10 18:53:13 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMHCBD8.tmp.vir
2012-11-10 18:51:45 . 2012-11-10 18:51:45 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH76CF.tmp.vir
2012-11-10 18:51:08 . 2012-11-10 18:51:08 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMHE64B.tmp.vir
2012-11-10 18:46:42 . 2012-11-10 18:46:42 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMHD70A.tmp.vir
2012-11-10 18:46:33 . 2012-11-10 18:46:33 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMHB207.tmp.vir
2012-11-10 18:43:35 . 2012-11-10 18:43:35 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMHFA1C.tmp.vir
2012-11-10 18:43:21 . 2012-11-10 18:43:22 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMHC62B.tmp.vir
2012-11-10 18:42:55 . 2012-11-10 18:42:55 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH5D51.tmp.vir
2012-11-10 18:40:31 . 2012-11-10 18:40:31 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH29FA.tmp.vir
2012-11-10 18:37:21 . 2012-11-10 18:37:21 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH468F.tmp.vir
2012-11-10 18:36:38 . 2012-11-10 18:36:38 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH9C5F.tmp.vir
2012-11-10 18:34:45 . 2012-11-10 18:34:45 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMHE52C.tmp.vir
2012-11-10 18:33:49 . 2012-11-10 18:33:49 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH9A7.tmp.vir
2012-11-10 18:32:00 . 2012-11-10 18:32:00 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH5D72.tmp.vir
2012-11-10 18:30:27 . 2012-11-10 18:30:27 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMHF3EB.tmp.vir
2012-11-10 18:29:31 . 2012-11-10 18:29:31 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH17AC.tmp.vir
2012-11-10 18:28:28 . 2012-11-10 18:28:28 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH2252.tmp.vir
2012-11-10 18:27:52 . 2012-11-10 18:27:52 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH964C.tmp.vir
2012-11-10 18:25:52 . 2012-11-10 18:25:52 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMHC24D.tmp.vir
2012-11-09 21:06:51 . 2012-10-15 19:32:21 39,544 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\4c60eb11-6b95-4209-bb3d-73f364248e17.dll.vir
2012-11-09 21:06:50 . 2012-10-15 19:30:11 39,544 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\8c199aef-9eca-4ab6-863d-c9136ebec654.dll.vir
2012-11-09 21:06:49 . 2012-10-29 23:35:26 39,544 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\eb115e4d-8592-4082-bffa-e65ae6b21e95.dll.vir
2012-11-09 21:06:48 . 2012-10-29 23:21:06 39,544 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\087abda5-3ca9-433a-8a4e-6b9fc9285607.dll.vir
2012-11-09 21:06:48 . 2012-10-29 18:42:41 39,544 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\ed26c1b3-d9f9-42e8-80e0-cd62e65fd901.dll.vir
2012-11-09 21:06:47 . 2012-10-29 17:56:59 39,544 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\2f733848-355c-4a6f-89a5-08a4dcc89c5c.dll.vir
2012-11-09 21:06:46 . 2012-10-29 17:15:41 39,544 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\dbecb802-efe1-453f-828f-29af4ab73508.dll.vir
2012-11-09 21:06:45 . 2012-11-07 23:20:30 39,544 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\7119bf4b-d404-4b31-8779-44fac71761fa.dll.vir
2012-11-09 21:06:44 . 2012-10-29 16:29:14 39,544 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\b510dd11-341c-4dfa-9f1e-dd5ddcc444f4.dll.vir
2012-11-09 21:06:43 . 2012-10-29 16:09:42 39,544 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\3c49c05a-0eb3-4044-a0f8-d4ea2a439295.dll.vir
2012-11-09 21:06:42 . 2012-10-29 15:47:59 39,544 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\4704833a-6508-40cc-b98b-5ebd235e52ca.dll.vir
2012-11-09 21:06:41 . 2012-10-29 15:31:01 39,544 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\f28ef68b-8cc4-4c00-891d-473fb67bd0b0.dll.vir
2012-11-09 21:06:40 . 2012-10-29 15:16:52 39,544 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\a875f6ee-9729-4447-8d2c-63bd2e6396c1.dll.vir
2012-11-09 21:06:39 . 2012-10-29 14:56:50 39,544 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\e1ce76af-328a-41dc-b2c4-0dd9771f6aa1.dll.vir
2012-11-09 21:06:39 . 2012-10-27 00:22:07 39,544 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\5cd81d7c-326c-42d2-8929-1ee85c69dc1d.dll.vir
2012-11-09 21:06:38 . 2012-10-26 23:47:23 39,544 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\5f169f6e-cfce-411e-b266-aa53ac35ce83.dll.vir
2012-11-09 21:06:37 . 2012-10-26 23:18:39 39,544 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\cf9bce06-e765-4c6f-afa9-0d82a3adc417.dll.vir
2012-11-09 21:06:35 . 2012-10-26 23:07:14 39,544 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\e3e252fe-80ab-4f89-82a9-b607007220bd.dll.vir
2012-11-09 21:06:34 . 2012-10-23 22:29:19 64,120 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\a7201707-7895-43cf-9119-8a0279b75d4c.dll.vir
2012-11-09 21:06:34 . 2012-10-19 22:01:38 26,232 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\305a1406-381f-449d-9486-32504a38e5b0.dll.vir
2012-11-09 21:06:34 . 2012-10-19 18:36:29 26,232 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\3b429c4f-8ba9-4a7d-bbb4-4548bb6d2539.dll.vir
2012-11-09 21:06:33 . 2012-10-16 00:36:02 26,232 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\af728edb-0984-4c06-9a4b-0878bcfa9a26.dll.vir
2012-11-09 18:33:07 . 2012-11-09 18:33:07 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH60A.tmp.vir
2012-11-09 18:32:25 . 2012-11-09 18:32:25 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH62CB.tmp.vir
2012-11-09 18:29:22 . 2012-11-09 18:29:22 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH9867.tmp.vir
2012-11-09 18:29:09 . 2012-11-09 18:29:09 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH6699.tmp.vir
2012-11-09 18:28:22 . 2012-11-09 18:28:22 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMHADD9.tmp.vir
2012-11-09 18:27:41 . 2012-11-09 18:27:41 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMHE12.tmp.vir
2012-11-09 18:26:36 . 2012-11-09 18:26:36 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH1062.tmp.vir
2012-11-09 18:21:09 . 2012-11-09 18:21:09 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH13E5.tmp.vir
2012-11-09 18:16:41 . 2012-11-09 18:16:41 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMHF921.tmp.vir
2012-11-09 18:16:26 . 2012-11-09 18:16:26 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMHC0AE.tmp.vir
2012-11-09 18:15:50 . 2012-11-09 18:15:50 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH33EA.tmp.vir
2012-11-09 18:13:44 . 2012-11-09 18:13:44 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH489F.tmp.vir
2012-11-09 18:12:31 . 2012-11-09 18:12:31 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH2BA5.tmp.vir
2012-11-09 18:11:30 . 2012-11-09 18:11:30 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH3BBD.tmp.vir
2012-11-09 18:10:19 . 2012-11-09 18:10:19 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH2682.tmp.vir
2012-11-09 18:09:39 . 2012-11-09 18:09:39 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH8902.tmp.vir
2012-11-09 18:09:16 . 2012-11-09 18:09:16 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH2E8D.tmp.vir
2012-11-09 18:07:14 . 2012-11-09 18:07:14 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH546A.tmp.vir
2012-11-09 18:05:33 . 2012-11-09 18:05:33 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMHC749.tmp.vir
2012-11-09 18:03:23 . 2012-11-09 18:03:23 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMHCAFF.tmp.vir
2012-11-09 18:00:58 . 2012-11-09 18:00:58 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH955D.tmp.vir
2012-11-09 17:59:52 . 2012-11-09 17:59:52 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH9450.tmp.vir
2012-11-09 17:59:36 . 2012-11-09 17:59:36 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH55D5.tmp.vir
2012-11-09 17:58:54 . 2012-11-09 17:58:54 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMHB38F.tmp.vir
2012-11-09 17:32:01 . 2012-11-09 17:32:01 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH128D.tmp.vir
2012-11-09 17:30:54 . 2012-11-09 17:30:54 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMHF9E.tmp.vir
2012-11-09 17:30:28 . 2012-11-09 17:30:28 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMHA898.tmp.vir
2012-11-09 17:30:13 . 2012-11-09 17:30:13 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH6D77.tmp.vir
2012-11-09 17:29:58 . 2012-11-09 17:29:58 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH3275.tmp.vir
2012-11-09 17:28:56 . 2012-11-09 17:28:56 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH4152.tmp.vir
2012-11-09 17:28:27 . 2012-11-09 17:28:27 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMHD07C.tmp.vir
2012-11-09 17:27:10 . 2012-11-09 17:27:10 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMHA2B7.tmp.vir
2012-11-09 17:26:54 . 2012-11-09 17:26:54 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH63BF.tmp.vir
2012-11-09 17:26:39 . 2012-11-09 17:26:39 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH2B6C.tmp.vir
2012-11-09 17:25:16 . 2012-11-09 17:25:16 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMHE4AD.tmp.vir
2012-11-08 17:38:27 . 2012-11-08 17:38:27 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH99C5.tmp.vir
2012-11-08 17:36:54 . 2012-11-08 17:36:54 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH2F3E.tmp.vir
2012-11-08 17:35:16 . 2012-11-08 17:35:16 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMHAE77.tmp.vir
2012-11-08 17:33:25 . 2012-11-08 17:33:25 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMHFFD7.tmp.vir
2012-11-08 17:32:34 . 2012-11-08 17:32:34 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH37DB.tmp.vir
2012-11-08 17:29:46 . 2012-11-08 17:29:46 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMHA682.tmp.vir
2012-11-08 17:28:24 . 2012-11-08 17:28:24 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH662B.tmp.vir
2012-11-08 17:27:05 . 2012-11-08 17:27:05 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH30B4.tmp.vir
2012-11-08 17:26:39 . 2012-11-08 17:26:39 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMHCA1B.tmp.vir
2012-11-08 17:25:35 . 2012-11-08 17:25:35 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMHD000.tmp.vir
2012-11-08 17:24:15 . 2012-11-08 17:24:16 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH9AD3.tmp.vir
2012-11-08 17:23:30 . 2012-11-08 17:23:30 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMHE81C.tmp.vir
2012-11-08 17:23:12 . 2012-11-08 17:23:12 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMHA407.tmp.vir
2012-11-08 17:22:24 . 2012-11-08 17:22:24 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMHE6A4.tmp.vir
2012-11-08 17:21:01 . 2012-11-08 17:21:01 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMHA20A.tmp.vir
2012-11-08 17:17:39 . 2012-11-08 17:17:39 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH8C88.tmp.vir
2012-11-08 17:16:59 . 2012-11-08 17:16:59 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMHEF6F.tmp.vir
2012-11-08 17:16:42 . 2012-11-08 17:16:42 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMHAFDC.tmp.vir
2012-11-08 17:14:40 . 2012-11-08 17:14:40 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMHD293.tmp.vir
2012-11-08 17:11:46 . 2012-11-08 17:11:46 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH28A5.tmp.vir
2012-11-08 17:11:15 . 2012-11-08 17:11:15 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMHB012.tmp.vir
2012-11-08 17:10:43 . 2012-11-08 17:10:43 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH3444.tmp.vir
2012-11-08 17:10:33 . 2012-11-08 17:10:33 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMHEC5.tmp.vir
2012-11-08 17:10:22 . 2012-11-08 17:10:22 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMHE080.tmp.vir
2012-11-08 17:08:06 . 2012-11-08 17:08:06 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMHCFE9.tmp.vir
2012-11-08 17:07:51 . 2012-11-08 17:07:51 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH9268.tmp.vir
2012-11-07 18:00:20 . 2012-11-07 18:00:20 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH838D.tmp.vir
2012-11-07 17:57:42 . 2012-11-07 17:57:42 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH1A46.tmp.vir
2012-11-07 17:57:24 . 2012-11-07 17:57:24 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMHD101.tmp.vir
2012-11-07 17:56:52 . 2012-11-07 17:56:52 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH54A8.tmp.vir
2012-11-07 17:52:36 . 2012-11-07 17:52:36 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH6C56.tmp.vir
2012-11-07 17:52:20 . 2012-11-07 17:52:21 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH30D9.tmp.vir
2012-11-07 17:50:53 . 2012-11-07 17:50:53 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMHDC86.tmp.vir
2012-11-07 17:48:18 . 2012-11-07 17:48:18 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH7C02.tmp.vir
2012-11-07 17:47:38 . 2012-11-07 17:47:38 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMHE034.tmp.vir
2012-11-07 17:47:20 . 2012-11-07 17:47:20 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH9A89.tmp.vir
2012-11-07 17:43:27 . 2012-11-07 17:43:27 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMHC57.tmp.vir
2012-11-07 17:41:47 . 2012-11-07 17:41:47 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH84A3.tmp.vir
2012-11-07 17:41:34 . 2012-11-07 17:41:34 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH5219.tmp.vir
2012-11-07 17:40:22 . 2012-11-07 17:40:22 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH38F5.tmp.vir
2012-11-07 17:38:30 . 2012-11-07 17:38:30 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH8484.tmp.vir
2012-11-07 17:37:06 . 2012-11-07 17:37:07 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH3D8F.tmp.vir
2012-11-07 17:36:32 . 2012-11-07 17:36:32 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMHB6BA.tmp.vir
2012-11-07 17:35:28 . 2012-11-07 17:35:29 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMHBEA9.tmp.vir
2012-11-07 17:34:49 . 2012-11-07 17:34:49 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH24BC.tmp.vir
2012-11-07 17:34:16 . 2012-11-07 17:34:16 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMHA3D0.tmp.vir
2012-11-07 17:31:35 . 2012-11-07 17:31:35 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH2DE5.tmp.vir
2012-11-07 17:31:19 . 2012-11-07 17:31:19 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMHF025.tmp.vir
2012-11-07 17:29:54 . 2012-11-07 17:29:54 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMHA339.tmp.vir
2012-11-07 17:29:24 . 2012-11-07 17:29:24 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH2F19.tmp.vir
2012-11-07 17:21:10 . 2012-11-07 17:21:10 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMHA5FA.tmp.vir
2012-11-07 17:20:47 . 2012-11-07 17:20:47 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH49E0.tmp.vir
2012-11-07 17:18:40 . 2012-11-07 17:18:40 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH5B3F.tmp.vir
2012-11-07 17:15:03 . 2012-11-07 17:15:03 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH9CE.tmp.vir
2012-11-07 17:14:50 . 2012-11-07 17:14:50 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMHD716.tmp.vir
2012-11-07 17:08:02 . 2012-11-07 17:08:02 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH9C4B.tmp.vir
2012-11-07 17:06:12 . 2012-11-07 17:06:12 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMHEF65.tmp.vir
2012-11-07 17:05:34 . 2012-11-07 17:05:34 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH5B6B.tmp.vir
2012-11-05 16:42:45 . 2012-11-05 16:42:45 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH336E.tmp.vir
2012-11-05 16:39:49 . 2012-11-05 16:39:49 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH8341.tmp.vir
2012-11-05 16:37:36 . 2012-11-05 16:37:36 0 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH7BA3.tmp.vir
2012-11-04 21:16:39 . 2012-11-04 21:16:39 916 ----a-w- C:\Qoobox\Quarantine\Registry_backups\ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}.reg.dat
2012-09-11 14:26:07 . 2012-09-11 14:26:07 558 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-28434373.sys.reg.dat
2012-09-08 08:03:04 . 2012-09-07 22:15:32 26,232 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\44ddba62-3b58-480f-a775-ae7e9dd9d5df.dll.vir
2012-09-07 21:36:37 . 2012-09-05 18:51:41 26,232 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\684a43a7-04d5-4797-bc20-4db8a316286c.dll.vir
2012-09-01 13:02:29 . 2012-07-13 21:16:44 39,544 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\4a6ad3dd-db4c-4c85-a238-f9483baae32d.dll.vir
2012-09-01 13:02:29 . 2012-07-13 21:15:19 39,544 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\140239b3-d59a-46fa-b856-17682a46cb44.dll.vir
2012-09-01 13:02:29 . 2012-07-11 18:04:05 39,544 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\a2192d8a-3d73-4ff7-be9b-02134f41db63.dll.vir
2012-09-01 13:02:28 . 2012-07-10 16:15:44 25,720 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\246b20c1-8ea9-4148-a34e-d03c8a1d5a76.dll.vir
2012-09-01 13:02:28 . 2012-07-10 16:02:48 25,720 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\27e5bc9a-105f-4d7f-8352-e6ef1c8933dd.dll.vir
2012-09-01 13:02:28 . 2012-01-19 21:45:33 26,192 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\8d357f17-07ad-4392-ba06-fb67564c98cd.dll.vir
2012-09-01 13:02:28 . 2012-01-19 21:27:18 35,408 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\d1f4dc82-bc4c-4916-b37c-3ab9c30ae468.dll.vir
2012-09-01 13:02:28 . 2011-10-17 21:29:28 39,504 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\16837627-a839-41c5-a88f-3a0335128383.dll.vir
2012-09-01 13:02:27 . 2011-09-30 20:04:38 47,696 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\f9dc840b-c6f7-42a5-acec-50cc7a2827fd.dll.vir
2012-09-01 13:02:27 . 2011-08-24 20:34:44 39,504 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\0d85b53c-d766-4bf0-8940-17b534910268.dll.vir
2012-09-01 13:02:27 . 2011-07-19 22:58:09 31,312 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\ae67b364-b69e-471e-b177-2459120b84d4.dll.vir
2012-09-01 13:02:26 . 2011-07-19 20:21:07 59,984 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\daf30858-49d8-434b-b4b1-068b5dc9267c.dll.vir
2012-09-01 13:02:26 . 2011-07-20 15:50:28 47,696 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\bbfa36b0-30b0-4e36-8d8c-69df1d87626b.dll.vir
2012-09-01 13:02:26 . 2011-06-24 20:25:37 64,080 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\cf3463d8-8828-4f50-98c8-d04ca1fe42f3.dll.vir
2012-09-01 13:02:26 . 2011-06-15 19:27:44 26,192 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\5e1c102f-bfde-420c-87c0-64fe851888e5.dll.vir
2012-09-01 13:02:26 . 2011-06-15 19:24:07 26,192 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\3e4c86d5-a5c1-4c3f-8fc7-6258992b16c5.dll.vir
2012-09-01 13:02:26 . 2011-06-15 19:21:06 26,192 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\3a79f062-8f3e-464f-9815-2c45840494ee.dll.vir
2012-09-01 13:02:26 . 2011-06-15 19:15:41 26,192 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\7014e871-cc3b-4dec-b82b-bc70222b40ed.dll.vir
2012-09-01 13:02:26 . 2011-06-15 19:12:01 26,192 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\e9bb45d9-5a2b-47e8-9c48-168276d422cc.dll.vir
2012-09-01 13:02:26 . 2011-06-15 19:07:28 26,192 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\2ee79d71-badc-46b4-b731-42b15f3cd1c3.dll.vir
2012-09-01 13:02:25 . 2011-06-15 16:49:58 26,192 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\a4930af9-016c-4915-a740-a3364e7618aa.dll.vir
2012-09-01 13:02:25 . 2011-06-14 21:52:29 23,632 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\493f295d-1a46-46f6-926c-63b474cedab4.dll.vir
2012-09-01 13:02:25 . 2011-06-08 15:58:11 23,632 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\3972fea3-214c-4935-a7d1-96bf66115683.dll.vir
2012-09-01 13:02:25 . 2011-06-03 22:58:24 39,504 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\b2ed8d53-41ce-48e6-b4ac-8b8e5e1a4fdf.dll.vir
2012-09-01 13:02:25 . 2011-05-19 15:43:17 26,192 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\7dbfef1a-6148-4748-a1b3-71627763a45a.dll.vir
2012-09-01 13:02:25 . 2011-05-17 20:45:07 26,704 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\bf647bd7-dfb5-4746-a6b4-b7c2fdbbf3b1.dll.vir
2012-09-01 13:02:24 . 2011-05-03 15:53:41 26,192 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\f06c5597-1a85-4d1f-ac16-a6fdd2a6bedc.dll.vir
2012-09-01 13:02:24 . 2011-05-03 15:47:20 26,192 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\813755dc-2229-47a2-b85b-19d0aaa641c9.dll.vir
2012-09-01 13:02:24 . 2011-05-06 19:56:12 39,504 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\6820b110-e483-4f1e-9b48-438f7916f078.dll.vir
2012-09-01 13:02:24 . 2011-05-06 15:01:51 39,504 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\4546f2bc-b9d9-4667-abe7-b0bacc90279e.dll.vir
2012-09-01 13:02:23 . 2011-05-03 18:56:09 39,504 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\f80d4ad1-1fad-43b5-b6f3-347848b5ddd5.dll.vir
2012-09-01 13:02:23 . 2011-04-26 19:48:08 26,704 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\1e0aaf9a-9947-4a7b-b1ae-8a89919438ed.dll.vir
2012-09-01 13:02:22 . 2011-04-26 19:41:21 26,704 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\cdda52ec-6ccd-425a-8c72-b7bbdc8b3acd.dll.vir
2012-09-01 13:02:22 . 2011-04-19 23:28:55 26,704 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\a9de0c84-9a7c-4638-9653-13aa8cf56e80.dll.vir
2012-09-01 13:02:22 . 2011-04-19 22:35:27 26,704 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\6f4fb483-ce30-493a-8cb4-3e530ab1be5b.dll.vir
2012-09-01 13:02:22 . 2011-04-19 22:27:55 26,704 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\263d6ac9-4f87-466c-947c-bd9af71d7035.dll.vir
2012-09-01 13:02:22 . 2011-04-14 19:50:42 26,704 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\4818e109-9489-4cd8-9044-44defd8ec187.dll.vir
2012-09-01 13:02:22 . 2011-04-14 18:13:04 26,704 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\6b5978fa-48d7-4309-a523-7e157768c0d8.dll.vir
2012-09-01 13:02:21 . 2011-04-14 17:43:30 26,704 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\872965c7-08b7-47fc-a74c-ff167590b71a.dll.vir
2012-09-01 13:02:20 . 2011-04-12 20:44:49 26,704 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\e45cd45a-4d7c-4802-881f-74582b847e5c.dll.vir
2012-09-01 13:02:20 . 2011-04-11 16:48:37 26,192 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\67c3d4fe-b638-467a-9fe2-c5813ade3330.dll.vir
2012-09-01 13:02:19 . 2011-04-11 16:41:44 26,704 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\ef78c3e8-1d94-4219-8070-7617e119bba4.dll.vir
2012-09-01 13:02:19 . 2011-04-11 16:16:57 26,704 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\3b1c7acd-5e3e-4459-ab98-5109117e2341.dll.vir
2012-09-01 13:02:19 . 2011-04-11 16:12:06 26,704 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\c4211805-b43b-471d-81af-4e0589f8607b.dll.vir
2012-09-01 13:02:18 . 2011-04-11 16:07:14 26,192 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\0d461521-7dbf-4cec-a29e-936c88cdf8c9.dll.vir
2012-09-01 13:02:18 . 2011-04-11 16:01:58 26,192 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\b4cc2a4a-87f5-49cd-935c-18f1a80e65b7.dll.vir
2012-09-01 13:02:18 . 2011-04-11 15:52:23 26,192 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\100c3865-0c76-461b-b2fd-042d6d5fa7f6.dll.vir
2012-09-01 13:02:18 . 2011-04-08 20:42:57 26,192 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\b2152f30-7380-4987-8fcf-e4c06952615d.dll.vir
2012-09-01 13:02:17 . 2011-04-08 20:20:45 26,704 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\bc6fc708-5b6b-4a72-b336-09b3089baa7a.dll.vir
2012-09-01 13:02:17 . 2011-04-08 20:12:16 26,192 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\3410f47b-5e8c-47c6-bf2c-234af4121d4c.dll.vir
2012-09-01 13:02:17 . 2011-04-08 20:04:03 26,704 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\d34c0cf7-889f-43dd-9283-b2b6f442aae3.dll.vir
2012-09-01 13:02:17 . 2011-04-08 19:56:03 26,192 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\4804ced5-915b-48a3-a465-b8a5e02714bf.dll.vir
2012-09-01 13:02:17 . 2011-04-08 18:27:10 26,192 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\378deb7f-049e-4a5e-83b2-5381dcd9e928.dll.vir
2012-09-01 13:02:17 . 2011-04-08 18:12:56 26,704 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\62d1f0b0-bc9a-4f6c-bad7-93b19a91276a.dll.vir
2012-09-01 13:02:16 . 2011-04-08 17:57:00 26,192 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\934f6059-2d35-4bd9-a130-a17cb5563507.dll.vir
2012-09-01 13:02:16 . 2011-04-08 17:28:00 26,704 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\173c4dd2-e93c-4725-b006-db1d8f465192.dll.vir
2012-09-01 13:02:16 . 2011-04-08 16:59:03 26,192 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\739db3eb-d3cd-4c86-a6ea-01a49984fa3b.dll.vir
2012-09-01 13:02:16 . 2011-04-07 00:24:19 26,192 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\ddb9fe5d-525c-4d5d-ac37-0bd10f2864f8.dll.vir
2012-09-01 13:02:15 . 2011-04-07 00:09:39 26,192 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\7bd83798-7a02-4f50-83a2-b91cabcbd1f9.dll.vir
2012-09-01 13:02:13 . 2011-03-24 17:41:34 719,440 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\PCDr\6032\AddOnDownloaded\a61f44a8-21a3-4c4a-a04b-993dfb73bf96.dll.vir
2012-08-31 20:47:07 . 2012-08-31 20:47:07 550 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-BsScanner.reg.dat
2012-08-31 20:46:57 . 2012-08-31 20:46:57 184 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-G Data AntiVirus Tray Application.reg.dat
2012-08-31 20:46:55 . 2012-08-31 20:46:55 173 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-Skype.reg.dat
2012-08-31 20:46:55 . 2012-08-31 20:46:55 191 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-Facebook Update.reg.dat
2012-08-31 20:46:55 . 2012-08-31 20:46:55 171 ----a-w- C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{124D001A-BDCB-472F-AA59-BBE7E4BC3204}.reg.dat
2012-08-31 20:40:20 . 2012-11-11 23:35:33 11,995 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2012-08-31 20:26:13 . 2012-11-11 23:24:25 299 ----a-w- C:\Qoobox\Quarantine\catchme.log
2012-08-29 04:44:46 . 2012-08-29 19:49:58 217,088 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Roaming\Skype\Phone\Skype.exe.vir
2012-05-06 16:27:40 . 2012-05-06 16:27:41 117,723 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Roaming\yuvcodecs-1.3.exe.vir
2012-05-06 16:27:35 . 2012-05-06 16:27:39 5,514,668 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Roaming\ImgBurn.exe.vir
2012-04-13 19:04:50 . 2012-04-13 19:04:50 87,608 ----a-w- C:\Qoobox\Quarantine\C\Users\R0M\AppData\Roaming\inst.exe.vir
I manage to zip it after copying it, so see attachment...
thanks,
I also have these logs:
RootAlyzer Quick Scan Results
Files in Windows folder
----------------------------------------
145 files were tested.
No hidden files detected.
========================================
Files in System folder
----------------------------------------
3 hidden out of 2804 files were detected.
Hidden files: 5-18,null,ޝ
C:\Windows\System32\5-18
C:\Windows\System32\null
C:\Windows\System32\ޝ
========================================
Global run entries
----------------------------------------
No hidden entries detected.
========================================
Winlogon entries
----------------------------------------
No hidden entries detected.
========================================
Invisible processes (from handles)
----------------------------------------
0 handle process IDs for 84 processes.
No hidden processes detected.
========================================
Invisible processes (from threads)
----------------------------------------
84 processes tested.
No hidden processes detected.
========================================
Master Boot Records
----------------------------------------
2 MBRs checked.
No unknown MBRs detected.
========================================
// info: Rootkit removal help file
// copyright: (c) 2008-2012 Safer-Networking Ltd. All rights reserved.
:: RootAlyzer Results
File:"Hidden file","C:\Windows\System32\5-18"
File:"Hidden file","C:\Windows\System32\null"
File:"Hidden file","C:\Windows\System32\ޝ"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{0309A9A2-E90E-4B47-9CC0-603E94EF27B1}-32475_10150224466860721_573800720_12972837_6783194_n_Underpainting_1 [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{037A0AA9-2BE0-4D6D-9969-41345A4C67A1}-n733135516_4033371_719_Cartoonizer_2 [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{056686A3-D0F8-4CD4-B5E7-42BA8243F89C}-Isza Lagce4.jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{0619EF6C-15E4-4A43-813E-CA6CE428FE8D}-Tony [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{06D77211-C508-4A2F-9D0B-B841A7C47523}-peinture [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{07338F92-5905-4194-8B8F-E813722D8D38}-Shandi2 [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{07679C4A-239C-4EA1-A760-E671AC03BC0A}-hotStufff4.jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{0ABB9406-53CC-43A1-A7D6-715E96BF829B}-Melissa Cote.jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{0ACD7377-87F2-422A-8749-5F3CB0D55763}-Kathleen [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{0D3AE1F8-4164-4C6F-87BC-336487FF10A9}-29136_1204209083615_1780271549_377410_7428358_n_Grunge_4 [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{0D434CAB-EEAA-4BCF-A5F2-BEDD7F1B1EC0}-Rachel [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{0E498728-83BC-42CE-AD2F-19D0C9FFE5D4}-n575780000_2700127_9391_Underpainting_1 [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{10063775-9A52-495E-AD0E-BE4B121F1622}-Katryna [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{10C2480D-B007-45DA-8B95-AA7545089088}-ClaudiaL [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{11071066-D777-43F8-98B7-3DDD714075D9}-Lorena [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{112D6BAB-E53D-4875-A5F4-670F08424773}-Fanny [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{11B84664-58B5-472B-8513-F559982AC943}-HotStufff5.jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{1377DDDB-5C8A-4286-8273-81239811E2D7}-befunky_artwork [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{1683575B-643A-4F23-9C0C-D4BBF88D4511}-Jessica Cullen.jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{16864F17-D542-45C2-96D9-0CFCDED2C48E}-Charlie [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{17D4D076-A66B-4F3F-8119-3D608E2B602C}-30129_10150219570445193_530450192_12986068_6014639_n_Underpainting_1 [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{1896F291-E33B-46C4-8368-2C4EFFB5DC91}-SAM_1568 [1600x1200].JPG:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{1AAA26E7-619F-45DD-A66B-79B0876A4ABE}-befunky_artwork [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{1D3FAF0D-91DF-4C1A-A537-302EBD5D631F}-Julie Comics.jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{1D95A805-608E-4854-AB94-CB621383D07C}-befunky_artwork [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{1E2E7444-90CD-4136-8626-DA1E0AE10251}-Josianne [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{1F8309C0-9297-4182-BFC0-DAE2082BFCAA}-6300_120708975893_712255893_2868198_4842978_n [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{20D417CA-7B7D-4ADF-B667-BC80693D0086}-Tania [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{222BEF4B-348D-461B-AA92-6D621E8C33F3}-goldfinger [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{22478CA3-CD22-473F-803D-CFB0D3CFF7F6}-Rachy [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{22E9C6C1-F7CD-442C-B75F-17389D93CACF}-Aryane Dery.jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{250252A1-22AF-4811-9596-631C7546DACF}-befunky_artwork [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{26409094-18E6-4129-B634-CCC8C7D357F9}-Isza [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{270C25B2-4D74-4B85-83E0-BF816F4C3318}-Julien [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{28F54EA6-BFCF-40DD-AC29-186D769418C4}-Manon Guay Robillard 2 [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{29FF7087-2424-4ACE-B152-F95CF0F27DF7}-befunky_artwork [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{2C15DACA-1353-4ED9-8349-17CE4C249A86}-Carianne Legare.jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{2DEBA30A-3EB1-4A27-ADBF-608D47680A29}-JessicaC [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{2EDF316B-9FAF-4C70-B795-713A03E769BF}-Christine Benjamin.jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{2EFF1978-75E7-4E4A-B613-88C9B73E6BB9}-befunky_artwork [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{2F0600AA-63BF-4FA8-9EF5-F597FFFE21FF}-6290_125502975046_563605046_2918249_5598068_n [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{2F99C606-C4A9-4F71-A4CD-AB3AE4A91384}-26693_134812806546260_100000526255100_272930_7822449_n [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{2FD10C1D-5925-4513-B748-9616CE5CC1B6}-Amilouis Bujold.jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{30B65421-F1DE-4106-A424-93FABE29A694}-32079_10150207737490193_530450192_12617558_6549675_n [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{30FF6953-2D52-4836-9182-1E7291118437}-Dave McLellan.jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{31F2A73D-E669-40A2-8540-B205FA26B8D2}-29445_443979009808_656964808_5621240_7406873_n_Grunge_7 [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{3473E0D4-4AB7-43EE-8081-19E8D6F02F59}-Jimmy [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{373E265E-EE40-4145-928F-24CCED42D491}-Philippe Valancourt.jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{37B9789C-D145-43F7-9668-CEF5B59BDBD8}-befunky_artwork [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{3848679F-770F-42CB-A5E5-D735C048CC4B}-befunky_artwork [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{39E9E454-56ED-4237-9F41-4096D8BADA1C}-Jolyne [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{3A7DDD45-D16A-42F0-B0C4-A0FBFF098E82}-Valery [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{3A9543CD-7A7C-4D35-BA58-B43CC961A822}-Tascha [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{3D10015F-3D52-4F1A-AB02-CCA4B4FF7F15}-coeur [1600x1200] (2).jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{3EAA8304-7D2C-4D9B-987F-D24BA19D4E66}-Myriam [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{3F5D3029-D095-4CC1-9740-A8965B858B48}-14349_180654726287_570841287_3517452_3357405_n [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{40735087-F687-4BA0-9C3F-9EFA786A79BD}-Dom H.jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{41E6E6FC-D261-438A-8BDE-2085412B2886}-hotStuff [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{43C1D3F0-D8CD-4D6A-BAD9-881B82CE7087}-Mandy Lussier.jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{44532E00-99C2-4733-90D4-D36F0E42BFFA}-Andrea [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{46467985-1A73-49CD-A63E-B848955E4D2A}-Bio Hazard.jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{4BE902BC-BEB4-4C92-8C39-82F799BC8DA0}-Fanny Wonder.jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{4E3A88B8-B869-45CD-9E74-1A0682F034C3}-Peter Parker.jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{4FAABA9C-90B9-47A7-8A9C-9C87864680DA}-Shandi [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{4FDD166A-07A9-4850-BE15-1AA7563A6981}-Steph Rock N Roll [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{51A655E9-9333-48F6-A9CE-0ED0CDB7B535}-Hotty Vaness [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{5645206C-520F-4487-9F2E-5574651A4949}-Dominique [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{5A70F5A4-ADB1-412C-A4C5-2A7404150AAC}-17069_244625307638_522837638_3399072_7792450_n [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{5CE59D89-6183-4BA6-827A-0FCCA11A4521}-Rebeca Tarta.jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{5D60F854-BE58-4959-834E-310BC113CAC4}-Anne-Sophie [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{5E34288A-F7BD-4387-8210-518E8AEB1952}-Karine Vandal.jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{5E83F947-723A-4D38-8C4E-887465CA5710}-SAM_1565 [1600x1200].JPG:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{5F45E5B6-C515-4DA6-9DD2-E016A5BEE6BD}-StephanieP [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{616741CE-06C8-4690-B3BF-C0D37D397F63}-Marie [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{61A0B21D-8864-4C22-B12D-49F0918C5966}-Ashley [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{65FC0D80-7A2B-42D2-9834-E61D2B06BC34}-Isza Lagce4.jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{662BE7F1-12BF-47CE-B370-D71A05BE552E}-24861_359871080078_607705078_4204839_6101661_n [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{691A5D4B-AE70-4E5A-B004-F39322E68D87}-Carolann [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{69FCD9AA-5516-46CE-9F39-2AB06AAE01C0}-Vero [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{6D085BD1-A8F7-4FB3-88B4-08604B327A01}-Tania [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{6DD935D5-240A-47B2-BF4C-03E8C7A84ECD}-28126_429024810029_634965029_5936947_2221121_n [1600x1200]_Sunburst_4 [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{6F37D3F5-6F29-4C8B-A91F-91DAE2C894A1}-Isza4 [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{6F7873E7-B078-47CB-87F1-C37FA7C87F68}-coeur [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{700027AF-783E-47BE-BD5B-96926BB325AE}-Tony [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{70CFF3F5-994C-430C-85E6-490F6AC9A008}-Isza Lagce4.jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{734D36BB-FC9F-4469-A24E-97291B5091E2}-Johnny [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{7680C6F8-2C28-49C8-BA31-DE16A3CBE148}-KaryneG [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{778CD583-D930-4934-AB64-3D7192D9696A}-JessicaH [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{7966021F-797F-4F9C-B1DF-AD199F15EBBC}-noncerner.jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{797A3286-DA3E-46C5-A5B5-8DE3A6B80392}-Fanny Lapointe.jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{7A098D52-D963-4BC7-810F-8B85D3747C56}-29136_1204209083615_1780271549_377410_7428358_n_Grunge_4 [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{7A9BEAF3-A2D6-499C-99A1-CF012F43EB7B}-Rachel Doyer.jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{7C79725F-F48D-4B22-ACC5-68038F8F0696}-Andrew Searles.jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{8094F38E-DFEB-45E6-99A1-89149CC9FD0C}-Stacey Shine.jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{863D4663-6B8A-4453-985B-5BAC7534C9DB}-5187_93420152985_513412985_2138705_6008627_n [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{86631D5C-830E-4600-85CA-22007F2E41B3}-Julie Pontbriand.jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{868F0314-2DCD-441B-AFF8-91F38E4ED2FA}-Mamzell NonNon.jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{87801F8E-BE86-4EF3-9E04-F18B514EC822}-Anny [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{880832E3-6E6D-444A-9D36-945134604143}-5774_123969658716_706618716_2503273_2563082_n (1) [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{88710021-F653-4BFE-9744-CFF431D680BD}-Julie Charbonneau [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{8AD0251C-B994-408B-B6FA-8A3177BE22F4}-Roxanne Vie.jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{8DDE6710-2CE7-4044-8CA0-5B79F7463A67}-n1048299949_30145876_9788 [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{8ECB50A3-B754-41E8-9C53-3FFC87FF0213}-Emilie [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{9043C6C5-F765-4A94-B71E-908C59FDF419}-Meow [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{9154FE71-9347-4391-AA6F-51CED23A75ED}-25919_377240012081_727872081_4705044_4567766_n_Underpainting_1 [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{92032CF6-B012-49DD-A0DB-DF1941B9BC33}-Isza Lagace 3.jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{9580A29D-ABC9-4294-B183-88DB60361916}-MelissaG [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{9B2EA937-27BF-4890-82C2-9E4C790FA671}-34218_411454081051_513686051_4402636_4848296_n_Sunburst_2 [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{9D7D9AFB-84BB-4C3A-B5FC-D3F21E6E4143}-NicolaB [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{9D8BFC65-5B34-4B4A-BA19-DF9D1FA25110}-SAM_0669_Cartoonizer_2 [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{9EC141D0-52B5-49E0-BD76-3DF37590C030}-Jonathan Latour.jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{9F705F08-98A1-406D-BEAB-06579D66BEE0}-Roxanne Vie.jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{9FF33A2A-C544-47B5-9F84-17DADAA8F27E}-Anne-Sophie Rivest [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{A158B4FE-B233-4C53-B930-EA69DF059086}-5180_103336466287_570841287_2590868_6926508_n [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{A2C6E346-50A9-43D3-9E3F-027D67DEE4F7}-Tony [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{A48DEE78-7925-4CF7-B934-F91F26351C83}-19051_466196125720_573800720_10780011_3238167_n [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{A5FE0248-EB03-4942-8F70-1B47CFCEFB8D}-Tasha [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{AAA6DADD-7B05-469C-A24D-6F13AF21FA89}-oops [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{AB13F844-5873-48FA-89E9-0725FBBCC5DD}-Anais [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{AB956BAB-A181-4248-B3DF-63C5033F2BA5}-28976_10150177967560542_691895541_12263889_285050_n_Underpainting_1 [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{ABBF77F0-F0E8-4795-9B92-5276CEE55B70}-befunky_artwork [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{ACC84FB7-4BE4-45CC-8BA7-9262ED5BA96F}-Veronique [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{ACDE46DD-1706-494F-A74F-C4C39B05A2F0}-Julie_Comics [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{AD6CC754-0ADE-408E-89F3-AC3A39AC7C6B}-Andrea [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{AEC5C334-AA49-40A7-8521-893D81EAD6C5}-Yann Roux Poulette.jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{B1B91330-F24F-48C5-9B99-92E36503CF9D}-Jimmy Black.jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{B2D5D9B0-A38F-4F14-BF8C-C84F42F2C99B}-Jamila [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{B2DF8C89-E8B6-4E1D-BD93-DAD05331F063}-Christelle [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{B2E6CDE4-7707-41BC-BCCA-458A53E9DA64}-32079_10150207737490193_530450192_12617558_6549675_n_Sunburst_4 [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{B318F3BE-D2C1-42BF-9BF4-E1583558903F}-Cyn [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{B5853C9F-C045-400F-8AB3-1088C2E46752}-ClaudiaLa [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{B5B22391-02AB-439E-BA84-FA7A1F078FAD}-Kath [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{B8E0D50F-575D-4BA3-A55D-3D9DA3817619}-Roxanne L [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{BCEC21FF-1E88-4E06-AFDE-DD3293213149}-STA70662_Cartoonizer_2 [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{BFAABC61-4EC2-4D57-BA72-4EAEABB1D670}-Kasia [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{C3BC5B16-9609-4EA9-8E04-ACD3874DC660}-Clara Officiel.jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{C54CE8DC-A4CF-4469-BB57-0F88DB398B23}-Isza Lagce4.jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{C5EBFAA3-133B-44A5-9F60-9BD22A656746}-JessicaH [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{C85AF807-BBD7-41AF-9D73-BEC6B7FF15AA}-Myriam [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{C88762C9-23DE-4A6E-B7B9-A8C99BAA21E4}-6656_133491224808_656964808_3071578_7338191_n [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{C9142A9F-EB06-408A-A36A-FDB32F935F9B}-Isza Lagce4 - Copy.jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{CA39E00F-5A5E-4595-8BFD-F4FD2017BE97}-befunky_artwork [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{CA49DCDF-82E0-408C-8D9F-68A1A4E6611D}-FannyL [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{CBE0BCA9-D250-4E79-9914-F16FFD65F765}-27873_10150165035055367_721165366_12213627_161534_n [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{CFC589D5-0ABE-443C-9926-8B85CDE93D60}-HotStufff3.jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{D167994B-7D7A-47FE-B14B-A6EEA67D4DB8}-Isza4 [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{D175E45C-C48C-4B1C-8173-1D91CE22005A}-Tania Wilson.jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{D197487D-A200-4584-9F9A-44C50E8D5159}-15010_102753249769399_100001041735820_18809_2346521_n_Underpainting_1 [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{D24E7F0A-1C66-4CBA-B614-D9D7E93B07D9}-Catherine Therrien.jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{D79913D8-46F5-4930-B653-59F8521D1352}-Hotstuff2 [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{DA410A49-DCC6-4157-ACDD-8BB06567EE36}-Test [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{DAA5D1A9-1A26-4186-B015-5B83883ADE6D}-pitoune [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{DABF0581-515A-410E-BE37-13AFFB0B33D2}-Bio [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{DCCF3D53-882D-462D-B5D5-B6108CE16F04}-Joyce [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{DD6AE7F5-BC5F-4E0D-A7B8-14D20A71636A}-Test [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{DFD6D035-68A7-42A6-B994-66EF2EA6B16F}-Vero [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{E50F7448-DF89-4521-B554-FAFD39E77399}-5650_109693505046_563605046_2673195_4186981_n [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{E55AD825-FC3F-4874-ACD6-B0021384C6E2}-befunky_artwork [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{E5E6851F-5F37-4C2B-90E7-E32CDE1A58BD}-Vanessa Essiambre.jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{E6C75920-81B6-4D23-8A70-5733A365344C}-Cover [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{E98AEC95-4930-40F1-BFA8-B4E9814E8B17}-Myriam_Calendar [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{EA874586-5550-4E7C-ABDE-AD9E9DB44918}-9035_178982596130_583511130_4196164_1520356_n_Underpainting_1 [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{EBDAECAF-9005-4842-B143-9BC2B7D6A676}-Charlie [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{EBF183CE-5600-4B30-A747-0AE716B0055C}-Anne-Sophie Rivest.jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{ECF05B7C-82D2-4B83-B96D-AEDB3C6B5773}-Isza2 [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{EF226893-D5DD-4DDB-8B48-EF6644727FE9}-Joanie [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{F4204042-6E25-4170-865C-9A47CDB7F68C}-30995_10150199442325721_573800720_12263465_44015040000_n_Underpainting_1 [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{FA2DF512-994C-4EC2-AAA9-29AAC1FA9C66}-JulieC [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{FCF44703-B5D5-47FE-A539-7B15F1A4C416}-Tania Wilson.jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{FE6F821C-4782-4AD2-A76D-FA09D5CB22FD}-RachelG [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{FFB2D9D1-F7EC-483F-86E2-8862302D3CEE}-Jo [1600x1200].jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\R0M\AppData\Local\Microsoft\Windows Photo Gallery\Original Images\{FFCFE5FB-878C-4898-A0F3-F96B7BBFDD95}-Tony Dinero.jpg:VsoSummaryInformation:$DATA"
File:"Unknown ADS","C:\Users\All Users\TEMP:0B4227B4:$DATA"
File:"Unknown ADS","C:\Users\All Users\TEMP:8FF81EB0:$DATA"
File:"Unknown ADS","C:\Users\All Users\TEMP:D1B5B4F1:$DATA"
File:"No admin in ACL","C:\Users\All Users\TuneUp Software\TuneUp Utilities 2012\TTUSvc.tt"
File:"Unknown ADS","C:\Users\All Users\Symantec\hpc:2704092260:$DATA"
File:"No admin in ACL","C:\Users\All Users\Cisco Systems\Cisco Connect\Log\logfile.CiscoConnect_exe.txt"
File:"No admin in ACL","C:\ProgramData\TuneUp Software\TuneUp Utilities 2012\TTUSvc.tt"
File:"Unknown ADS","C:\ProgramData\Symantec\hpc:2704092260:$DATA"
File:"No admin in ACL","C:\ProgramData\Cisco Systems\Cisco Connect\Log\logfile.CiscoConnect_exe.txt"
RegyValue:"Zero char in key name","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\","Environment\0"
// Attention: entries with a zero character will not be displayed correctly and may not work!
shelf life
2012-11-21, 23:19
You dont have any rootkits based on those logs, you mentioned your machine seemed to be running slower?
Yes a lot of lag when i type, Chrome crashing a lot, lag when editing my pictures etc etc...
shelf life
2012-11-21, 23:43
That was fast. Looks like you have Defender, Ad-aware, Emisoft and Spybot. Iam not sure if all these have real time protection features. If they do it means they are running in the background, most likely you would see there icon down by the clock. If thats the case, having 4 running is to much. They will chew up systems resources. Its also not necessary because they often over lap in what they provide.
You can check them for the option not to start with Windows. One along with your AV is plenty. You could use the others for on demand scanning.
Hmm, defender i am pretty sure i disabled it unless it was enabled somehow, ad-aware i uninstalled it long time ago, perhaps there are remains of the application in the registry. Spyboy i only installed it cos you asked me to, otherwise i would only be running Emisoft :) But still i get the same symptoms without these applications, i am pretty sure i am infected with something, probably deep within :)
shelf life
2012-11-22, 01:17
Your right those are registry entries, I was working from memory. Those tools you have run are for detecting and removing rootkits which are as you say " deep within" the OS. We can get one more to run:
Please download aswmbr.exe (http://public.avast.com/~gmerek/aswMBR.exe) to your desktop.
Nevermind, you've run that already. Log looks ok. Are you getting web page redirection?
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-12 04:50:29
-----------------------------
04:50:29.311 OS Version: Windows 6.0.6002 Service Pack 2
04:50:29.311 Number of processors: 4 586 0xF0B
04:50:29.312 ComputerName: ROMSTER2 UserName: R0M
04:50:30.993 Initialize success
04:50:55.166 AVAST engine defs: 12111101
04:51:00.456 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
04:51:00.457 Disk 0 Vendor: SAMSUNG_HD502IJ 1AA01113 Size: 476940MB BusType: 3
04:51:00.460 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-2
04:51:00.462 Disk 1 Vendor: ST31000340AS SD1A Size: 953869MB BusType: 3
04:51:00.464 Disk 2 \Device\Harddisk2\DR2 -> \Device\0000007a
04:51:00.467 Disk 2 Vendor: Size: 953869MB BusType: 0
04:51:00.469 Disk 3 \Device\Harddisk3\DR3 -> \Device\0000007b
04:51:00.472 Disk 3 Vendor: Size: 953869MB BusType: 0
04:51:00.475 Disk 4 \Device\Harddisk4\DR4 -> \Device\0000007c
04:51:00.478 Disk 4 Vendor: Size: 953869MB BusType: 0
04:51:00.481 Disk 5 \Device\Harddisk5\DR5 -> \Device\0000007d
04:51:00.484 Disk 5 Vendor: Size: 953869MB BusType: 0
04:51:00.488 Disk 6 \Device\Harddisk6\DR6 -> \Device\00000085
04:51:00.493 Disk 6 Vendor: Size: 953869MB BusType: 0
04:51:00.514 Disk 0 MBR read successfully
04:51:00.518 Disk 0 MBR scan
04:51:00.524 Disk 0 Windows VISTA default MBR code
04:51:00.529 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 62 MB offset 63
04:51:00.538 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15360 MB offset 129024
04:51:00.553 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 461516 MB offset 31586304
04:51:00.571 Disk 0 scanning sectors +976771072
04:51:00.695 Disk 0 scanning C:\Windows\system32\drivers
04:51:11.830 Service scanning
04:51:33.878 Modules scanning
04:51:42.230 Disk 0 trace - called modules:
04:51:42.286 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys
04:51:42.290 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x860a54c0]
04:51:42.294 3 CLASSPNP.SYS[8ada48b3] -> nt!IofCallDriver -> [0x8522c538]
04:51:42.299 5 acpi.sys[830956bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84ff0b98]
04:51:43.779 AVAST engine scan C:\Windows
04:51:52.920 AVAST engine scan C:\Windows\system32
04:54:22.138 AVAST engine scan C:\Windows\system32\drivers
04:54:33.384 AVAST engine scan C:\Users\R0M
06:19:08.902 AVAST engine scan C:\ProgramData
06:21:16.968 Scan finished successfully
12:35:53.441 Disk 0 MBR has been saved successfully to "C:\Users\R0M\Desktop\MBR.dat"
12:35:53.508 The log file has been saved successfully to "C:\Users\R0M\Desktop\aswMBR.txt"
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-21 21:24:43
-----------------------------
21:24:43.169 OS Version: Windows 6.0.6002 Service Pack 2
21:24:43.169 Number of processors: 4 586 0xF0B
21:24:43.171 ComputerName: ROMSTER2 UserName: R0M
21:25:49.823 Initialize success
22:06:20.818 AVAST engine defs: 12112101
22:07:54.646 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
22:07:54.648 Disk 0 Vendor: SAMSUNG_HD502IJ 1AA01113 Size: 476940MB BusType: 3
22:07:54.651 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-2
22:07:54.653 Disk 1 Vendor: ST31000340AS SD1A Size: 953869MB BusType: 3
22:07:54.656 Disk 2 \Device\Harddisk2\DR2 -> \Device\0000007c
22:07:54.658 Disk 2 Vendor: Size: 953869MB BusType: 0
22:07:54.660 Disk 3 \Device\Harddisk3\DR3 -> \Device\0000007d
22:07:54.663 Disk 3 Vendor: Size: 953869MB BusType: 0
22:07:54.667 Disk 4 \Device\Harddisk4\DR4 -> \Device\0000007e
22:07:54.670 Disk 4 Vendor: Size: 953869MB BusType: 0
22:07:54.673 Disk 5 \Device\Harddisk5\DR5 -> \Device\0000007f
22:07:54.676 Disk 5 Vendor: Size: 953869MB BusType: 0
22:07:54.680 Disk 6 \Device\Harddisk6\DR6 -> \Device\00000085
22:07:54.685 Disk 6 Vendor: Size: 953869MB BusType: 0
22:07:54.697 Disk 0 MBR read successfully
22:07:54.702 Disk 0 MBR scan
22:07:54.779 Disk 0 Windows VISTA default MBR code
22:07:54.784 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 62 MB offset 63
22:07:54.804 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15360 MB offset 129024
22:07:54.818 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 461516 MB offset 31586304
22:07:54.826 Disk 0 scanning sectors +976771072
22:07:54.901 Disk 0 scanning C:\Windows\system32\drivers
22:08:05.150 Service scanning
22:08:28.750 Modules scanning
22:08:33.491 Disk 0 trace - called modules:
22:08:33.549 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys
22:08:33.554 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x860a8770]
22:08:33.558 3 CLASSPNP.SYS[8ada58b3] -> nt!IofCallDriver -> [0x85e67220]
22:08:33.563 5 acpi.sys[8309e6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85dcd820]
22:08:35.518 AVAST engine scan C:\Windows
22:08:41.953 AVAST engine scan C:\Windows\system32
22:11:58.077 AVAST engine scan C:\Windows\system32\drivers
22:12:09.505 AVAST engine scan C:\Users\R0M
23:52:50.137 AVAST engine scan C:\ProgramData
23:55:38.871 Scan finished successfully
03:54:34.129 Disk 0 MBR has been saved successfully to "C:\Users\R0M\Desktop\MBR.dat"
03:54:34.894 The log file has been saved successfully to "C:\Users\R0M\Desktop\aswMBR.txt"
Very rarely i get redirection, why?
I am more concerned about the hidden directories found in my c:\windows\system32 how come we don't get rid of them?
shelf life
2012-11-22, 16:44
hi oyehia,
Redirection could be a sign of a rootkit. Really it would like your browser had a mind of its own ending up at sites you had no intention of going to.
Those files found by rootalyzer, I cant say what the significance is or if they are actual files. Iam not familiar with rootalyzer or its findings. If they had identifiable extensions like .dll or .sys then they most likely would have shown up in the other tools you ran.
So what is the next step, and who can help with the rootanalyzer program it seems we are going in a circle here...
shelf life
2012-11-23, 04:19
There is a forum here (http://forums.spybot.info/forumdisplay.php?f=46) for rootalyzer help.