rootkit virus

Forum Guidelines

Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Posted Image

Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.

Posted Image

DO NOT RUN ComboFix unless requested to.

Posted Image

Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

Posted Image

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Posted Image

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

3 Pages
1
2
3
→

You cannot start a new topic
This topic is locked

rootkit virus cannot remove.....

#1 afchad

Member

Group: Members
Posts: 16
Joined: 11-December 11

Posted 11 December 2011 - 08:25 PM

pc doctor says i have rootkit.tds.v3 I have been fighting this for a week and a half. Ill admit I should have tried this approach before attempting myself. I came home one night and my comp had a million popups saying I was infected and needed to buy something to remove it. I finally was able run kaspersky free virus remover and removed ome java related viruses. After that i thought cool..its gone...wrong! I started getting redirects with all search engines. I have tried combofix and unhackme...luckily i didnt screw anything up....I promise not to go rogue again..i will follow he person kind enough to help me to the letter! I had Mcafee installed i could not start the firewall on it or for windows. I had iexplorer 9 update...i tried removing that to reset my search stuff.....im in the military and about to be gone for 6 months...i need this laptop to skype with my kiddos. please let me know if you need any more info.

Attached File(s)

Attach.txt (4.29K)
Number of downloads: 0
DDS.txt (18.21K)
Number of downloads: 4

This post has been edited by afchad: 11 December 2011 - 08:28 PM

#2 gringo_pr

Bleepin Gringo

Group: Malware Response Team
Posts: 85,549
Joined: 03-July 08
Gender:Male
Location:Puerto rico

Posted 14 December 2011 - 10:25 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

Do not run any other tool untill instructed to do so!
please Do not Attach logs or put in code boxes.
Tell me about any problems that have occurred during the fix.
Tell me of any other symptoms you may be having as these can help also.
Do not run anything while running a fix.
Do not run any other tool untill instructed to do so!

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.

Link 1

Link 2

Link 3

1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

Log from Combofix
let me know of any problems you may have had
How is the computer doing now?

Gringo

I will be online from 5-31 to 6-4 in a very limited amount

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->

<-- Don't worry every little bit helps.

#3 afchad

Member

Group: Members
Posts: 16
Joined: 11-December 11

Posted 15 December 2011 - 03:54 AM

ComboFix 11-12-13.03 - Chad 12/15/2011 2:47.6.4 - x64
Running from: c:\users\Chad\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-11-15 to 2011-12-15 )))))))))))))))))))))))))))))))
.
.
2011-12-15 08:18 . 2011-12-15 08:18 -------- d-----w- c:\users\Mcx1-CHAD-PC\AppData\Local\temp
2011-12-15 08:18 . 2011-12-15 08:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-15 08:00 . 2011-12-15 08:00 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2011-12-15 06:41 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2011-12-15 06:41 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-12-15 06:41 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-15 06:41 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-12-11 23:00 . 2011-12-02 12:49 69376 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-12-11 23:00 . 2011-12-11 23:00 -------- d-----w- c:\program files (x86)\Lavasoft
2011-12-11 23:00 . 2011-12-11 23:00 -------- d-----w- c:\programdata\Lavasoft
2011-12-11 22:56 . 2011-12-11 22:56 -------- d-----w- c:\users\Chad\Pavark
2011-12-11 19:34 . 2011-12-11 19:34 -------- d-----w- c:\program files\CCleaner
2011-12-11 16:44 . 2011-12-11 16:44 -------- d-----w- c:\users\Chad\AppData\Local\Registry_Cleaner_Pro
2011-12-11 16:44 . 2011-12-11 16:44 -------- d-----w- c:\users\Chad\AppData\Local\Registry Cleaner Pro
2011-12-11 16:44 . 2011-12-11 16:51 -------- d-----w- c:\program files (x86)\Registry Cleaner Pro
2011-12-11 01:17 . 2011-12-11 01:17 39192 ----a-w- c:\windows\system32\Partizan.exe
2011-12-11 01:16 . 2011-12-11 01:16 2 --shatr- c:\windows\winstart.bat
2011-12-11 01:16 . 2011-12-11 16:50 -------- d-----w- c:\program files (x86)\UnHackMe
2011-12-10 22:12 . 2011-12-10 22:12 -------- d-----w- c:\users\Chad\AppData\Roaming\PCTools
2011-12-10 22:12 . 2011-12-10 22:12 -------- d-----w- c:\users\Chad\AppData\Roaming\isoburnerdata
2011-12-10 21:15 . 2011-12-10 21:15 -------- d-----w- c:\program files\Java
2011-12-10 21:11 . 2011-12-10 21:11 -------- d-----w- c:\program files (x86)\Java
2011-12-10 20:25 . 2011-11-23 00:42 230952 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
2011-12-10 20:25 . 2011-11-23 00:41 14776 ----a-w- c:\windows\system32\drivers\pctBTFix64.sys
2011-12-10 19:20 . 2011-12-10 19:20 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-12-10 16:42 . 2011-12-10 17:50 -------- d-----w- C:\help
2011-12-10 06:28 . 2011-05-12 19:03 6144 ------w- c:\windows\system32\FD52.tmp
2011-12-10 06:26 . 2011-05-12 19:03 6144 ------w- c:\windows\system32\5D6B.tmp
2011-12-10 06:18 . 2011-12-10 20:56 -------- d-----w- c:\users\Chad\AppData\Roaming\PerformerSoft
2011-12-10 06:18 . 2011-12-02 23:04 19000 ----a-w- c:\windows\system32\roboot64.exe
2011-12-10 06:18 . 2011-12-10 06:18 -------- d-----w- c:\program files (x86)\InstallBrainService
2011-12-10 06:11 . 2011-12-10 06:11 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-12-10 00:49 . 2011-12-10 00:49 -------- d-----w- c:\users\Chad\AppData\Roaming\TestApp
2011-12-07 07:41 . 2010-12-03 20:34 767952 ----a-w- c:\windows\BDTSupport.dll1204.old
2011-12-07 07:41 . 2010-12-03 20:34 149456 ----a-w- c:\windows\SGDetectionTool.dll1203.old
2011-12-07 07:41 . 2011-11-22 23:20 706776 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2011-12-07 07:41 . 2011-11-22 23:20 65664 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2011-12-07 07:41 . 2011-11-22 23:20 41968 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2011-12-07 07:41 . 2010-12-09 15:48 1996752 ----a-w- c:\windows\PCTBDCore.dll1203.old
2011-12-07 07:22 . 2011-12-10 21:51 452872 ----a-w- c:\windows\system32\drivers\pctDS64.sys
2011-12-07 07:22 . 2011-10-07 22:52 816016 ----a-w- c:\windows\system32\drivers\pctEFA64.sys
2011-12-07 07:22 . 2011-11-23 00:38 141312 ----a-w- c:\windows\system32\drivers\pctwfpfilter64.sys
2011-12-07 07:22 . 2011-11-23 00:38 337048 ----a-w- c:\windows\system32\drivers\pctgntdi64.sys
2011-12-07 07:22 . 2011-11-14 20:12 367912 ----a-w- c:\windows\system32\drivers\PCTCore64.sys
2011-12-07 07:22 . 2011-11-23 00:43 92896 ----a-w- c:\windows\system32\drivers\pctplsg64.sys
2011-12-07 07:21 . 2011-12-12 08:18 -------- d-----w- c:\program files (x86)\PC Tools Security
2011-12-07 07:21 . 2011-12-10 20:43 -------- d-----w- c:\programdata\PC Tools
2011-12-07 07:21 . 2011-12-10 06:08 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2011-12-07 07:21 . 2011-12-07 07:21 -------- d-----w- c:\users\Chad\AppData\Roaming\PC Tools
2011-12-06 18:44 . 2011-12-10 06:08 -------- d-----w- c:\program files (x86)\Common Files\McAfee
2011-12-06 18:44 . 2011-10-15 18:16 10248 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-12-06 18:44 . 2011-10-15 18:16 75808 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2011-12-06 18:44 . 2011-10-15 18:16 65264 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-12-06 18:44 . 2011-10-15 18:16 481768 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-12-06 18:44 . 2011-10-15 18:16 284648 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2011-12-06 18:44 . 2011-10-15 18:16 229528 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-12-06 18:44 . 2011-10-15 18:16 100912 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-12-06 18:44 . 2011-12-10 06:08 -------- d-----w- c:\program files\Common Files\McAfee
2011-12-06 18:44 . 2011-12-10 06:08 -------- d-----w- c:\program files\McAfee
2011-12-06 18:43 . 2011-12-10 17:24 -------- d-----w- c:\program files (x86)\McAfee
2011-12-06 18:37 . 2011-10-18 19:32 161168 ----a-w- c:\windows\system32\mfevtps.exe
2011-12-06 06:47 . 2011-05-12 19:03 6144 ------w- c:\windows\system32\9FF5.tmp
2011-12-06 06:46 . 2011-05-12 19:03 6144 ------w- c:\windows\system32\5203.tmp
2011-12-06 06:46 . 2011-12-06 06:46 -------- d-----w- c:\program files (x86)\Sophos
2011-12-06 05:58 . 2011-12-06 05:58 -------- d-----w- c:\users\Chad\AppData\Roaming\SUPERAntiSpyware.com
2011-12-06 05:57 . 2011-12-10 18:28 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-12-04 22:45 . 2011-12-05 01:37 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-12-03 22:14 . 2011-12-03 22:14 45056 ----a-r- c:\users\Chad\AppData\Roaming\Microsoft\Installer\{42929F0F-CE14-47AF-9FC7-FF297A603021}\NewShortcut1_42929F0FCE1447AF9FC7FF297A603021_1.exe
2011-12-03 22:14 . 2011-12-03 22:14 -------- d-----w- c:\windows\SysWow64\vmm32
2011-12-03 05:15 . 2011-12-03 05:15 -------- d-----w- c:\programdata\Kaspersky Lab
2011-12-02 18:31 . 2011-12-02 18:31 -------- d-----w- C:\7f20571658d47cc62829f4858b660f3e
2011-12-01 09:52 . 2011-12-01 09:52 0 ----a-w- c:\windows\SysWow64\shoCB1C.tmp
2011-12-01 09:28 . 2011-12-01 09:28 -------- d-----w- c:\users\Chad\AppData\Roaming\McAfee
2011-12-01 08:17 . 2011-12-01 08:17 -------- d-----w- c:\windows\Sun
2011-11-30 06:44 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{89951854-C33C-4788-BADC-F4F5751FA1D5}\mpengine.dll
2011-11-30 06:36 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-30 06:36 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-30 06:36 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-30 06:36 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys
2011-11-29 17:59 . 2011-11-30 05:45 -------- d--h--w- c:\users\Chad\AppData\Roaming\E75A7064
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 21:15 . 2010-09-21 19:33 525544 ----a-w- c:\windows\system32\deployJava1.dll
2011-12-10 21:11 . 2011-05-22 21:07 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-11-13 05:52 . 2011-11-13 05:52 4283672 ---ha-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-11-13 05:52 . 2011-11-13 05:52 42776 ---ha-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-10-30 00:09 . 2011-05-17 14:51 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-15 18:16 . 2011-03-13 16:20 647080 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-10-15 18:16 . 2011-03-13 16:20 160280 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
.
.
((((((((((((((((((((((((((((( SnapShot_2011-12-11_12.59.41 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-13 23:43 . 2009-07-14 01:14 77824 c:\windows\SysWOW64\SetIEInstalledDate.exe
+ 2011-03-05 01:43 . 2010-11-20 12:17 83968 c:\windows\SysWOW64\RegisterIEPKEYs.exe
+ 2009-07-13 23:42 . 2009-07-14 01:16 46592 c:\windows\SysWOW64\pngfilt.dll
+ 2009-07-13 23:42 . 2009-07-14 01:06 48128 c:\windows\SysWOW64\mshtmler.dll
+ 2011-12-12 02:33 . 2011-08-20 04:27 67072 c:\windows\SysWOW64\mshtmled.dll
+ 2009-07-13 23:42 . 2009-07-14 01:14 47104 c:\windows\SysWOW64\mshta.exe
+ 2011-03-05 01:43 . 2010-11-20 12:17 12800 c:\windows\SysWOW64\msfeedssync.exe
+ 2011-03-05 01:43 . 2010-11-20 12:19 64512 c:\windows\SysWOW64\msfeedsbs.dll
+ 2011-12-12 02:33 . 2011-08-20 04:31 68608 c:\windows\SysWOW64\migration\WininetPlugin.dll
+ 2011-03-05 01:43 . 2010-11-20 12:19 44544 c:\windows\SysWOW64\licmgr10.dll
+ 2011-12-12 02:33 . 2011-08-20 04:27 48128 c:\windows\SysWOW64\jsproxy.dll
+ 2011-03-05 01:43 . 2010-11-20 12:19 96256 c:\windows\SysWOW64\inseng.dll
+ 2011-03-05 01:43 . 2010-11-20 12:19 34304 c:\windows\SysWOW64\imgutil.dll
+ 2009-07-13 23:42 . 2009-07-14 01:15 72192 c:\windows\SysWOW64\iesetup.dll
+ 2009-07-13 23:42 . 2009-07-14 01:15 56320 c:\windows\SysWOW64\iernonce.dll
+ 2009-07-13 23:42 . 2009-07-14 01:15 61952 c:\windows\SysWOW64\icardie.dll
+ 2009-07-13 23:43 . 2009-07-14 01:15 18432 c:\windows\SysWOW64\corpol.dll
- 2011-12-11 05:37 . 2011-12-11 05:37 11799 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2011-12-12 08:16 . 2011-12-12 08:16 11799 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2011-12-07 07:24 . 2011-12-11 05:54 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2011-12-07 07:24 . 2011-12-12 08:20 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 04:54 . 2011-12-11 05:54 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-12-12 08:20 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-12-12 08:20 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-12-11 05:54 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-12-12 08:20 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-13 23:42 . 2009-07-14 01:14 73216 c:\windows\SysWOW64\admparse.dll
+ 2011-12-15 08:00 . 2011-12-15 08:03 16384 c:\windows\SysWOW64\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
+ 2009-04-29 12:31 . 2011-12-11 22:15 57360 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-12-12 00:52 37328 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-09-30 03:27 . 2011-12-12 00:52 14960 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-178208952-3989718700-2541972233-1000_UserData.bin
+ 2009-07-13 23:58 . 2009-07-14 01:39 93184 c:\windows\system32\SetIEInstalledDate.exe
+ 2011-03-05 01:43 . 2010-11-20 13:25 98816 c:\windows\system32\RegisterIEPKEYs.exe
+ 2009-07-13 23:58 . 2009-07-14 01:41 62976 c:\windows\system32\pngfilt.dll
+ 2009-07-13 23:58 . 2009-07-14 01:29 48128 c:\windows\system32\mshtmler.dll
+ 2011-12-12 02:33 . 2011-08-20 05:34 97280 c:\windows\system32\mshtmled.dll
+ 2009-07-13 23:58 . 2009-07-14 01:39 43520 c:\windows\system32\mshta.exe
+ 2011-03-05 01:43 . 2010-11-20 13:24 12288 c:\windows\system32\msfeedssync.exe
+ 2011-03-05 01:43 . 2010-11-20 13:27 82944 c:\windows\system32\msfeedsbs.dll
+ 2011-12-12 02:33 . 2011-08-20 05:37 95232 c:\windows\system32\migration\WininetPlugin.dll
+ 2011-03-05 01:43 . 2010-11-20 13:26 57856 c:\windows\system32\licmgr10.dll
+ 2011-12-12 02:33 . 2011-08-20 05:33 64512 c:\windows\system32\jsproxy.dll
+ 2009-07-13 23:58 . 2009-07-14 01:41 52736 c:\windows\system32\imgutil.dll
+ 2009-07-13 23:58 . 2009-07-14 01:41 72704 c:\windows\system32\iernonce.dll
+ 2009-07-13 23:58 . 2009-07-14 01:39 73728 c:\windows\system32\ie4uinit.exe
+ 2009-07-13 23:58 . 2009-07-14 01:41 84480 c:\windows\system32\icardie.dll
+ 2011-12-11 23:00 . 2011-12-02 12:49 69376 c:\windows\system32\DRVSTORE\lbd_483F0BF7A3AD4ED71EB7FC6065CFD6B9C37DEB69\Lbd.sys
- 2009-07-14 05:30 . 2011-12-06 18:44 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2011-12-11 19:26 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-13 23:58 . 2009-07-14 01:40 22016 c:\windows\system32\corpol.dll
- 2010-09-29 20:04 . 2011-12-11 01:00 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-29 20:04 . 2011-12-15 08:00 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-09-29 20:04 . 2011-12-11 01:00 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-09-29 20:04 . 2011-12-15 08:00 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-12-15 08:00 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-12-11 01:00 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-13 23:58 . 2009-07-14 01:40 90112 c:\windows\system32\admparse.dll
- 2010-10-23 03:26 . 2010-10-23 03:26 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-10-23 03:26 . 2011-12-12 08:17 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:46 . 2011-12-13 03:37 96016 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2010-10-23 03:26 . 2011-12-12 08:17 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-10-23 03:26 . 2010-10-23 03:26 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-10-23 03:26 . 2010-10-23 03:26 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-10-23 03:26 . 2011-12-12 08:17 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-09-29 19:13 . 2011-12-15 08:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-09-29 19:13 . 2011-11-07 05:39 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-29 19:13 . 2011-12-15 08:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-09-29 19:13 . 2011-05-24 02:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-15 14:09 . 2011-12-15 08:03 34144 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\oisicon.exe
- 2010-11-15 14:09 . 2011-11-30 06:44 34144 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\oisicon.exe
- 2010-11-15 14:09 . 2011-11-30 06:44 42848 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\msouc.exe
+ 2010-11-15 14:09 . 2011-12-15 08:03 42848 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\msouc.exe
+ 2010-11-15 14:09 . 2011-12-15 08:03 19296 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\cagicon.exe
- 2010-11-15 14:09 . 2011-11-30 06:44 19296 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\cagicon.exe
+ 2011-03-05 01:42 . 2010-11-20 12:57 69120 c:\windows\diagnostics\system\IESecurity\DiagPackage.dll
+ 2011-03-05 01:42 . 2010-11-20 12:57 92160 c:\windows\diagnostics\system\IEBrowseWeb\DiagPackage.dll
+ 2011-12-15 08:00 . 2011-12-15 08:03 2526 c:\windows\SoftwareDistribution\PostRebootEventCache\{E3062C48-C129-4DB3-9573-98432975B9F1}.bin
+ 2011-12-12 08:17 . 2011-12-12 08:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-12-11 05:50 . 2011-12-11 05:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-12-12 08:17 . 2011-12-12 08:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-12-11 05:50 . 2011-12-11 05:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-12-12 02:33 . 2011-08-20 04:31 981504 c:\windows\SysWOW64\wininet.dll
+ 2009-07-13 23:42 . 2009-07-14 01:14 151552 c:\windows\SysWOW64\wextract.exe
+ 2011-03-05 01:43 . 2010-11-20 12:21 229376 c:\windows\SysWOW64\webcheck.dll
+ 2011-12-12 02:33 . 2011-02-18 05:43 428032 c:\windows\SysWOW64\vbscript.dll
+ 2011-12-12 02:33 . 2011-08-20 04:30 132096 c:\windows\SysWOW64\url.dll
+ 2011-03-05 01:43 . 2010-11-20 12:20 153088 c:\windows\SysWOW64\occache.dll
+ 2011-03-05 01:44 . 2010-11-20 12:19 606208 c:\windows\SysWOW64\mstime.dll
+ 2011-03-05 01:43 . 2010-11-20 12:19 195072 c:\windows\SysWOW64\msrating.dll
+ 2009-07-13 23:26 . 2009-07-14 01:15 157184 c:\windows\SysWOW64\msls31.dll
+ 2011-12-12 02:33 . 2011-08-20 04:27 599552 c:\windows\SysWOW64\msfeeds.dll
- 2011-10-13 18:25 . 2011-09-01 02:24 716800 c:\windows\SysWOW64\jscript.dll
+ 2011-12-12 02:33 . 2011-02-18 05:41 716800 c:\windows\SysWOW64\jscript.dll
+ 2009-07-13 23:42 . 2009-07-14 01:14 226816 c:\windows\SysWOW64\iexpress.exe
+ 2011-03-05 01:43 . 2010-11-20 12:17 139264 c:\windows\SysWOW64\ieUnatt.exe
+ 2011-12-12 02:33 . 2011-08-20 04:26 176640 c:\windows\SysWOW64\ieui.dll
- 2011-10-13 18:25 . 2011-09-01 02:21 176640 c:\windows\SysWOW64\ieui.dll
+ 2011-03-05 01:43 . 2010-11-20 12:19 114688 c:\windows\SysWOW64\iesysprep.dll
+ 2011-03-05 01:43 . 2010-11-20 12:19 186368 c:\windows\SysWOW64\iepeers.dll
+ 2011-03-05 01:44 . 2010-11-20 12:19 389120 c:\windows\SysWOW64\iedkcs32.dll
+ 2009-06-10 21:13 . 2009-07-14 01:15 445952 c:\windows\SysWOW64\ieapfltr.dll
- 2011-04-10 21:32 . 2011-04-10 21:32 163840 c:\windows\SysWOW64\ieakui.dll
+ 2009-07-13 23:42 . 2009-07-14 01:05 163840 c:\windows\SysWOW64\ieakui.dll
+ 2009-07-13 23:43 . 2009-07-14 01:15 229376 c:\windows\SysWOW64\ieaksie.dll
+ 2009-07-13 23:43 . 2009-07-14 01:15 126976 c:\windows\SysWOW64\ieakeng.dll
+ 2011-03-05 01:44 . 2010-11-20 12:17 176128 c:\windows\SysWOW64\ie4uinit.exe
+ 2009-07-13 23:42 . 2009-07-14 01:15 215552 c:\windows\SysWOW64\dxtrans.dll
+ 2009-07-13 23:42 . 2009-07-14 01:15 346112 c:\windows\SysWOW64\dxtmsft.dll
+ 2009-07-13 23:58 . 2009-07-14 01:39 161792 c:\windows\system32\wextract.exe
+ 2011-03-05 01:43 . 2010-11-20 13:27 290304 c:\windows\system32\webcheck.dll
+ 2010-10-11 17:03 . 2011-12-15 06:35 295486 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2011-12-12 02:33 . 2011-02-18 10:56 613376 c:\windows\system32\vbscript.dll
+ 2011-12-12 02:33 . 2011-08-20 05:37 134144 c:\windows\system32\url.dll
+ 2009-07-14 02:36 . 2011-12-11 22:10 624622 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-12-10 20:33 624622 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-12-10 20:33 106708 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2011-12-11 22:10 106708 c:\windows\system32\perfc009.dat
+ 2009-07-13 23:58 . 2009-07-14 01:41 189952 c:\windows\system32\occache.dll
+ 2009-07-13 23:59 . 2009-07-14 01:41 241152 c:\windows\system32\msrating.dll
+ 2009-07-13 23:39 . 2009-07-14 01:41 222208 c:\windows\system32\msls31.dll
- 2011-04-10 21:32 . 2011-04-10 21:32 222208 c:\windows\system32\msls31.dll
+ 2011-12-12 02:33 . 2011-08-20 05:34 702464 c:\windows\system32\msfeeds.dll
+ 2011-12-12 02:33 . 2011-02-18 10:54 919040 c:\windows\system32\jscript.dll
+ 2011-03-05 01:43 . 2010-11-20 13:26 125440 c:\windows\system32\inseng.dll
+ 2009-07-13 23:58 . 2009-07-14 01:39 251904 c:\windows\system32\iexpress.exe
+ 2009-07-13 23:58 . 2009-07-14 01:39 171008 c:\windows\system32\ieUnatt.exe
+ 2011-12-12 02:33 . 2011-08-20 05:33 247808 c:\windows\system32\ieui.dll
+ 2009-07-13 23:58 . 2009-07-14 01:41 138240 c:\windows\system32\iesysprep.dll
+ 2009-07-13 23:58 . 2009-07-14 01:41 100864 c:\windows\system32\iesetup.dll
+ 2011-03-05 01:44 . 2010-11-20 13:26 252928 c:\windows\system32\iepeers.dll
+ 2011-03-05 01:43 . 2010-11-20 13:26 445952 c:\windows\system32\iedkcs32.dll
+ 2009-06-10 20:30 . 2009-07-14 01:41 481792 c:\windows\system32\ieapfltr.dll
- 2011-04-10 21:32 . 2011-04-10 21:32 163840 c:\windows\system32\ieakui.dll
+ 2009-07-13 23:58 . 2009-07-14 01:27 163840 c:\windows\system32\ieakui.dll
+ 2009-07-13 23:58 . 2009-07-14 01:41 267776 c:\windows\system32\ieaksie.dll
- 2011-04-10 21:32 . 2011-04-10 21:32 267776 c:\windows\system32\ieaksie.dll
+ 2009-07-13 23:58 . 2009-07-14 01:41 156160 c:\windows\system32\ieakeng.dll
- 2009-07-14 04:45 . 2011-11-30 06:49 414656 c:\windows\system32\FNTCACHE.DAT
+ 2011-12-11 23:01 . 2011-12-11 23:01 414656 c:\windows\system32\FNTCACHE.DAT
+ 2009-07-13 23:58 . 2009-07-14 01:40 315904 c:\windows\system32\dxtrans.dll
+ 2009-07-13 23:58 . 2009-07-14 01:40 497152 c:\windows\system32\dxtmsft.dll
- 2009-07-14 05:30 . 2011-12-06 18:44 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2011-12-11 19:26 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2011-12-06 18:44 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:30 . 2011-12-11 19:26 143360 c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:12 . 2011-12-11 01:00 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:12 . 2011-12-13 18:37 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:01 . 2011-12-11 05:31 385004 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-12-12 08:16 385004 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-10-27 03:46 . 2011-10-27 03:46 794112 c:\windows\Installer\f63b009.msp
- 2010-11-15 14:09 . 2011-11-30 06:44 415584 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\pubs.exe
+ 2010-11-15 14:09 . 2011-12-15 08:03 415584 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\pubs.exe
+ 2010-11-15 14:09 . 2011-12-15 08:03 303456 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\outicon.exe
- 2010-11-15 14:09 . 2011-11-30 06:44 303456 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\outicon.exe
+ 2010-11-15 14:09 . 2011-12-15 08:03 571232 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\misc.exe
- 2010-11-15 14:09 . 2011-11-30 06:44 571232 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\misc.exe
- 2010-11-15 14:09 . 2011-11-30 06:44 326496 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\joticon.exe
+ 2010-11-15 14:09 . 2011-12-15 08:03 326496 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\joticon.exe
+ 2010-12-21 05:30 . 2010-12-21 05:30 579968 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.6029\VPREVIEW.EXE
+ 2009-09-04 14:02 . 2009-09-04 14:02 591680 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\MSLID.DLL
+ 2011-12-12 02:33 . 2011-08-20 04:30 1231360 c:\windows\SysWOW64\urlmon.dll
+ 2011-12-12 02:33 . 2011-10-01 04:34 5990400 c:\windows\SysWOW64\mshtml.dll
+ 2011-12-12 02:33 . 2011-08-20 04:26 2073600 c:\windows\SysWOW64\iertutil.dll
+ 2009-06-10 21:13 . 2009-06-10 21:13 3698584 c:\windows\SysWOW64\ieapfltr.dat
+ 2011-12-12 02:33 . 2011-08-20 05:37 1188864 c:\windows\system32\wininet.dll
+ 2011-12-12 02:33 . 2011-08-20 05:37 1494016 c:\windows\system32\urlmon.dll
+ 2011-03-05 01:44 . 2010-11-20 13:27 1026560 c:\windows\system32\mstime.dll
+ 2011-12-12 02:33 . 2011-10-01 05:41 9011200 c:\windows\system32\mshtml.dll
+ 2011-12-12 02:33 . 2011-08-20 05:33 2454528 c:\windows\system32\iertutil.dll
+ 2009-06-10 20:30 . 2009-06-10 20:30 3698584 c:\windows\system32\ieapfltr.dat
+ 2009-07-14 04:45 . 2011-12-12 08:22 7174117 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2011-12-11 05:57 7174117 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2010-10-03 15:39 . 2011-12-10 16:12 2450416 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2010-10-03 15:39 . 2011-12-11 17:02 2450416 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2010-11-18 11:24 . 2011-12-11 21:10 9809160 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-178208952-3989718700-2541972233-1000-8192.dat
+ 2011-05-22 04:19 . 2011-12-11 19:40 1656820 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-178208952-3989718700-2541972233-1000-12288.dat
- 2011-05-22 04:19 . 2011-12-10 20:58 1656820 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-178208952-3989718700-2541972233-1000-12288.dat
+ 2011-10-16 19:45 . 2011-10-16 19:45 4966912 c:\windows\Installer\f63b04b.msp
+ 2011-10-16 19:28 . 2011-10-16 19:28 1138688 c:\windows\Installer\f63b035.msp
+ 2011-12-01 21:16 . 2011-12-01 21:16 3464704 c:\windows\Installer\f63b01f.msp
+ 2011-10-27 03:46 . 2011-10-27 03:46 1833472 c:\windows\Installer\f63aff3.msp
- 2010-11-15 14:09 . 2011-11-30 06:44 1479520 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\xlicons.exe
+ 2010-11-15 14:09 . 2011-12-15 08:03 1479520 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\xlicons.exe
- 2010-11-15 14:09 . 2011-11-30 06:44 1858400 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\wordicon.exe
+ 2010-11-15 14:09 . 2011-12-15 08:03 1858400 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\wordicon.exe
- 2010-11-15 14:09 . 2011-11-30 06:44 4525408 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\promoicon.exe
+ 2010-11-15 14:09 . 2011-12-15 08:03 4525408 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\promoicon.exe
+ 2010-11-15 14:09 . 2011-12-15 08:03 3792736 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\pptico.exe
- 2010-11-15 14:09 . 2011-11-30 06:44 3792736 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\pptico.exe
+ 2010-11-15 14:09 . 2011-12-15 08:03 1449312 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\accicons.exe
- 2010-11-15 14:09 . 2011-11-30 06:44 1449312 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\accicons.exe
+ 2011-02-04 17:41 . 2011-02-04 17:41 2672456 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.6029\VBE7.DLL
+ 2010-10-20 17:35 . 2010-10-20 17:35 3792736 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.6029\PPTICO.EXE
+ 2011-04-07 01:09 . 2011-04-07 01:09 9701736 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.6029\PPCORE.DLL
+ 2010-10-22 18:55 . 2010-10-22 18:55 2162024 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.6029\POWERPNT.EXE
+ 2011-12-12 02:33 . 2011-08-20 04:26 10991104 c:\windows\SysWOW64\ieframe.dll
+ 2009-07-14 02:34 . 2011-12-15 08:00 11010048 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2011-12-11 05:33 11010048 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2010-10-05 23:09 . 2011-12-15 08:01 54867776 c:\windows\system32\MRT.exe
+ 2011-12-12 02:33 . 2011-08-20 05:33 12261888 c:\windows\system32\ieframe.dll
+ 2011-10-27 03:45 . 2011-10-27 03:45 66426368 c:\windows\Installer\f63b062.msp
+ 2011-10-27 03:47 . 2011-10-27 03:47 10328064 c:\windows\Installer\f63afdd.msp
+ 2011-10-27 03:49 . 2011-10-27 03:49 16245760 c:\windows\Installer\f63afd3.msp
+ 2011-10-27 03:49 . 2011-10-27 03:49 10427392 c:\windows\Installer\f63afcb.msp
+ 2011-12-02 12:51 . 2011-12-02 12:51 15862272 c:\windows\Installer\2ab770.msi
+ 2011-10-16 19:38 . 2011-10-16 19:38 100966912 c:\windows\Installer\f63afc3.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-11-07 5495680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-06-08 284696]
"Dell AIO Printer 948"="c:\program files (x86)\Dell AIO Printer 948\fm3032.exe" [2009-04-27 311976]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2010-11-19 193880]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 dldfCATSCustConnectService;dldfCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\dldfserv.exe [2007-06-26 33416]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
R3 FlyUsb;FLY Fusion;c:\windows\system32\DRIVERS\FlyUsb.sys [x]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\FD52.tmp [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg64.sys [x]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools Security\pctsAuxs.exe [2011-11-22 402336]
R3 ThreatFire;ThreatFire;c:\program files (x86)\PC Tools Security\TFEngine\TFService.exe service [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S0 pctBTFix;PC Tools Boot Fix Driver;c:\windows\System32\Drivers\pctBTFix64.sys [x]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [x]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [x]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
S0 TFSysMon;TFSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi64.sys [x]
S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 dldf_device;dldf_device;c:\windows\system32\dldfcoms.exe [2007-06-26 1052808]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-06-08 13336]
S2 InstallBrainService;InstallBrain Updater Service;c:\program files (x86)\InstallBrainService\InstallBrainService.exe [2011-12-10 273912]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-10-18 208536]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-17 2320920]
S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2011-10-06 25072]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - PCTSDInjDriver64
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
2010-11-20 12:17 302592 ----a-w- c:\windows\System32\cmd.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-01 c:\windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-10-06 20:32]
.
2011-12-01 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-10-06 20:32]
.
2011-12-14 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-10-06 20:32]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-06-18 487424]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-02-03 5712896]
"dldfmon.exe"="c:\program files (x86)\Dell AIO Printer 948\dldfmon.exe" [2009-04-27 455336]
"MemoryCardManager"="c:\program files (x86)\Dell AIO Printer 948\memcard.exe" [2009-04-27 410280]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-09-01 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-09-01 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-09-01 416024]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-Lavasoft Ad-Aware Service
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\FD52.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-178208952-3989718700-2541972233-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-178208952-3989718700-2541972233-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-12-15 03:38:52
ComboFix-quarantined-files.txt 2011-12-15 08:38
ComboFix2.txt 2011-12-11 13:18
ComboFix3.txt 2011-12-10 17:49
ComboFix4.txt 2011-12-05 18:15
ComboFix5.txt 2011-12-15 07:39
.
Pre-Run: 243,837,231,104 bytes free
Post-Run: 243,629,056,000 bytes free
.
- - End Of File - - B026AFCB1BF74ADE4F190EEAB65FD0FF

I was able to run Combo Fix w/o any problems. I still am getting redirects and am unable to turn on my firewall services. Thanks-Chad

#4 gringo_pr

Bleepin Gringo

Group: Malware Response Team
Posts: 85,549
Joined: 03-July 08
Gender:Male
Location:Puerto rico

Posted 15 December 2011 - 08:00 AM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo

<-- Don't worry every little bit helps.

#5 afchad

Member

Group: Members
Posts: 16
Joined: 11-December 11

Posted 15 December 2011 - 12:27 PM

I downloaded TDSSKILLER as requested. However when I double click on it my screen just turns a shade less bright and nothing comes up. I tried right clicking on it and running is as admin. and it did the exact same thing. I even tried renaming the file "1234.exe" and "1234.com" with the same result. Thanks-Chad

#6 gringo_pr

Bleepin Gringo

Group: Malware Response Team
Posts: 85,549
Joined: 03-July 08
Gender:Male
Location:Puerto rico

Posted 15 December 2011 - 12:42 PM

Hello

I would like you to run this tool for me - fixTDSS

download it to your desktop and start the program

Follow the prompts and Ok any security prompts

when it is complete it will say the infection was cleared or no infection was found - let me know what it says

after it is complete I want you to restart the computer and try to rerun TDSSKiller for me and send me the report

Gringo

<-- Don't worry every little bit helps.

#7 afchad

Member

Group: Members
Posts: 16
Joined: 11-December 11

Posted 16 December 2011 - 11:16 AM

I ran the fix tdss and it came up with "Infected MBR detected", I clicked fix problem...it said repair succeeded. I restarted the computer...I then got message that said your computer was unable to start....startup repair started cking system for problems to automatically fix the problems. It said repairs could not be made automatically. I loaded my backup from the advanced recovery features? and the windows icon forms and then a blue screen flickers for second with white letters and the computer goes into the startup repair again. -Thanks, Chad

Im using the wifes computer now

This post has been edited by afchad: 16 December 2011 - 11:17 AM

#8 gringo_pr

Bleepin Gringo

Group: Malware Response Team
Posts: 85,549
Joined: 03-July 08
Gender:Male
Location:Puerto rico

Posted 16 December 2011 - 01:14 PM

System Recovery Environment

To access the System Recovery Environment , simply boot your PC,

just before the system loads the Windows operating system, hit the [F8] Function 8 key on your keyboard which will launch the Advanced Boot Options menu.
There you will see a new option 'Repair Your Computer', select this option and hit 'Enter' on your keyboard.
Now, from the System Recovery Options dialog, select the "Operating System" you want to repair, then click Next:
From the "Choose a Recovery Tool" dialog menu, select "Command Prompt":
Type the following into the "Command Prompt Window": and press enter

If you have problems booting the computer after you have run that command boot back into the System Recovery Environment and Type the following into the "Command Prompt Window": and press enter

bootrec.exe /fixboot

<-- Don't worry every little bit helps.

#9 afchad

Member

Group: Members
Posts: 16
Joined: 11-December 11

Posted 17 December 2011 - 01:46 AM

I typed the first one it hit enter and it said it was succesful...restarted compter..same thing. I typed the second one in..and it said it was succesful...restarted and got the same thing. Thanks, Chad

#10 gringo_pr

Bleepin Gringo

Group: Malware Response Team
Posts: 85,549
Joined: 03-July 08
Gender:Male
Location:Puerto rico

Posted 17 December 2011 - 01:59 AM

Hello

This is what we need to do

System Recovery Environment

To access the System Recovery Environment, simply boot your PC,

just before the system loads the Windows operating system, hit the [F8] Function 8 key on your keyboard which will launch the Advanced Boot Options menu.
There you will see a new option 'Repair Your Computer', select this option and hit 'Enter' on your keyboard.
Now, from the System Recovery Options dialog, select the "Operating System" you want to repair, then click Next:

when you get to the "Choose a Recovery Tool" menu you will see at the top

Operating System: Win 7 on (D:) OS

Take note of the drive letter in red If it is not C then the commands below need to reflect the difference - change THe C: that are in below to what it shows above
From the "Choose a Recovery Tool" dialog menu, select "Command Prompt":
Type the following into the "Command Prompt Window": and press enter After Each line

restart the computer and let me know if it booted ok

Gringo

<-- Don't worry every little bit helps.

#11 afchad

Member

Group: Members
Posts: 16
Joined: 11-December 11

Posted 17 December 2011 - 02:19 AM

it took all the commands...but i tried to restart and get the same result...-Chad

#12 gringo_pr

Bleepin Gringo

Group: Malware Response Team
Posts: 85,549
Joined: 03-July 08
Gender:Male
Location:Puerto rico

Posted 17 December 2011 - 02:34 AM

double post

This post has been edited by gringo_pr: 17 December 2011 - 02:39 AM

<-- Don't worry every little bit helps.

#13 gringo_pr

Bleepin Gringo

Group: Malware Response Team
Posts: 85,549
Joined: 03-July 08
Gender:Male
Location:Puerto rico

Posted 17 December 2011 - 02:36 AM

Greetings

I need you to make a bootable usb and to make a screenshot for me - follow the instructions below to do this

How to create a bootable Puppy USB Drive

Download and save a copy of the latest Puppy ISO file
Download and save a copy of Unetbootin for Windows.
Insert an empty formatted USB drive into a USB port on the computer that's being used to create the bootable USB.
Launch Unetbootin ....
Ensure that Disk Image is selected.
Using the browse button ... browse to and select the Puppy ISO file.
Ensure that Type: is set to USB Drive and that the Drive: letter corresponds to the USB drive.
Click OK

Unetbootin will now copy the Puppy files to the USB and make it a bootable device.

Next

You need to change the boot order of the computer to boot from a USB drive ....

Read HERE for instructions how to do this.

Now boot into Puppylinux

when you get to the desktop Click on each of the drive items found in the bottom left corner to mount them (when mounted they will have a red cross next to them)

Next - Launch GParted which is found at Menu > System > GParted partition manager,
Click to select All Drives then click Okay
I need you to take a screenshot of the window that opens up - to do this follow these instructions

To take a screenshot in Puppy ....

With the GParted window open ...

Click menu > Graphic > mtPaint-snapshot screen capture
A small window will open ....
- Click Capture Now
- Click OK
The mtPaint program will open ....
- Click File > Save
- Double click on ../
- Double click on mnt/
- Double click on sdb1/
- Set File Format to JPEG
- Enter screenshot1 into the text box
- Click OK