Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Problems running GMER scan in Windows XP


  • This topic is locked This topic is locked
20 replies to this topic

#1 HokieEd

HokieEd

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:59 PM

Posted 01 June 2010 - 08:34 AM

I am trying to put together the logs and scans to have you guys help me get rid of a Tidserv Request in my Windows XP system. I made it to the step where I download GMER. The program downloaded and installed with no problem.

When running the scan with GMER, it appears to be running fine until the program locks up 4 hours and 40 minutes later. The lockup stops my whole computer and I have to force it off with the power switch. This has happened twice. No other programs were running. The last two lines in the GMER scan window were:

c:\windows\system32\drivers\pciide.sys suspicious modification
c:\windows\system32\drivers\atapi.sys suspicious modification

Is there another program I can use to perform the scan for the malware forum? Anyway to alter GMER to make it complete the scan?

Thanks-

BC AdBot (Login to Remove)

 


#2 rigel

rigel

    FD-BC


  • Members
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:05:59 PM

Posted 01 June 2010 - 09:56 AM

Do you have most of the scan results in log form from GMER? I will ask a MRT member to visit this topic.

This topic is being moved to the MRT forums at the request of Thcbytes. He will handle the topic from there.

Edited by rigel, 01 June 2010 - 10:25 AM.

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith


#3 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:59 PM

Posted 01 June 2010 - 10:26 AM

Hi and welcome to the Virus/Trojan/Spyware/Malware Removal forum,

I am thcbytes and I am here to help you!

I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Please perform all steps in the order received and do not proceed if you need clarification.

Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems please stop and tell me about it. When your computer is clean I will alert you of such. I will also provide you with detailed suggestions for prevention.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if your topic is not replied I we assume it has been abandoned and I will close it.

I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!

Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your computer! Any changes might delay my ability to help you.

==========

We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. Under "Extra Registry" please check "Use Safelist" and also check "LOP Check" and "Purity Check" as pictured.
  6. Copy and Paste the following code into the textbox. Do not include the word "Code"


    CODE
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    /md5start
    pciide.sy*
    userinit.exe
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sy*
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    /md5stop
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    CREATERESTOREPOINT

  7. Push
  8. A report will open. Copy and Paste that report in your next reply.
  9. Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

==========

Please re-open Gmer and uncheck "Devices". Now try to run it again and let me know if you have problems.

==========

With your next post please provide:

* OTL.txt
* Extra.txt
* Gmer log
* A description of your current problems...browser redirection, pop-ups...

Kind regards,
~t

Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#4 HokieEd

HokieEd
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:59 PM

Posted 01 June 2010 - 11:33 AM

Should I also uncheck the box for IAT/EAT when scanning with GMER? (as the posting instructions in topic34773 stated)

Also, should I use THIS thread for my original reason for coming here.... the HTTP Tidserv Request and Tidserv Request 2?

Thanks for your help.

#5 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:59 PM

Posted 01 June 2010 - 06:07 PM

Hi,

I will be the only person helping you so yes please only follow my instructions. This is important!!

In regards to Gmer..

Open the application and leave everything as is but uncheck devices.

I will need to see the Custom OTL log I requested. I will need you to first right click and delete OTL from your desktop. Then re-download OTL and follow my instructions.

Finally I will need a clear description of your current problems.

Do not make any changed to your computer unless I direct you to do so please.

Thanks,
~ t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#6 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:59 PM

Posted 02 June 2010 - 01:21 PM

Do you still desire help?
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#7 HokieEd

HokieEd
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:59 PM

Posted 02 June 2010 - 01:25 PM

yes, I just finished a scan attempt and am replying with what I have


#8 HokieEd

HokieEd
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:59 PM

Posted 02 June 2010 - 01:45 PM

I just finished another GMER scan attempt and after 4 hours and 40 minutes, the program and the computer locked-up in the same place as before. Actually, it was at:

c:\windows\system32\drivers\pciide.sys


GMER showed nothing in the status bar and I could not open "paint" to save a copy from a print-screen.
I could move open windows around and minimize, but as soon as I pressed "save" All functions ceased.

The original reason I came to Bleeping computer was to remove a virus that seems to be phoning home. Since May 23rd, I have been getting Tidserv Request and Tidserv Request 2 attempts blocked by my Norton Internet Security suite. At times, the request attempts happen every few minutes, and other times, there is a long period between attempts.

My computer and OS:
Sony Vaio Pentium 4, 2.80GHz with 1.50GB RAM
I use Windows XP Home Edition Version 5.1 with Service Pack 3

Information:

None of my security scans with Norton or Malwarebytes' Antimalware produced any results.

I've attached three screen-grabs from Norton Internet Security as JPGs.

I've attached the OTL scans, OTL.txt and Extras.txt

The GMER scan still failed to successfully complete and I could not get a screen grab or any kind of log.

What do you need me to do next? I'm not giving up on this. If it take a while for me to respond, it is because the scans are taking a long time or I got busy with work.

Thanks so much!

Attached Files



#9 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:59 PM

Posted 02 June 2010 - 08:53 PM

Hello,

As per my intro....please copy and paste all logs unless directed otherwise.

excl.gif P2P Warning excl.gif

Your log indicates that you have Limewire installed.

Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.

- They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.

- Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.

- The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

Note: It is pretty much certain that if you continue to use P2P programs, then you will get infected again.
I would recommend that you uninstall Limewire, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel>> Add / Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.

==========

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, Viewpoint Media Player.

==========

1. Download the file TDSSKiller.zip and extract it to your desktop.
2. Click start->run->copy-paste "%userprofile%\desktop\TDSSKiller.exe" -l report.txt -v into the textbox and press enter.
3. report.txt should be generated into same location with TDSSKiller.exe. Post contents of that report, please.

==========

We need to run an OTL Fix
  1. Please reopen on your desktop.
  2. Copy and Paste the following code into the textbox. Do not include the word "Code"
    CODE
    :OTL
    [511 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [3 C:\Documents and Settings\Eddie\My Documents\*.tmp files -> C:\Documents and Settings\Eddie\My Documents\*.tmp -> ]

    :Commands
    [resethosts]
    [emptytemp]
    [Reboot]
  3. Push
  4. OTL may ask to reboot the machine. Please do so if asked.
  5. Click .
  6. A report will open. Copy and Paste that report in your next reply.

==========

With your next post please provide:

* TDSSKiller log
* OTL.txt
* What problems remain?

Kind regards,
~t


Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#10 HokieEd

HokieEd
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:59 PM

Posted 02 June 2010 - 10:50 PM

I haven't used Limewire in quite a few years and have no plans to use it, so it is okay to just leave it there and not delete it? I stopped using P2P services completely then too. Thanks for the heads-up.

I'll go ahead and do the other things you recommend as well and get back with the results. Thanks

#11 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:59 PM

Posted 03 June 2010 - 06:54 AM

You bet. Limewire itself is harmless. It is the actual file sharing that is disastrously dangerous! No need to uninstall. But if you do not plan to use it you may as well nuke it. Your choice. wink.gif
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#12 HokieEd

HokieEd
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:59 PM

Posted 03 June 2010 - 08:45 AM

Okay, I've completed the tasks, and this time, with no locking up! Here are the results:

TDSkiller Log

09:04:40:000 3248 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48
09:04:40:000 3248 ================================================================================
09:04:40:000 3248 SystemInfo:

09:04:40:000 3248 OS Version: 5.1.2600 ServicePack: 3.0
09:04:40:000 3248 Product type: Workstation
09:04:40:000 3248 ComputerName: SONYVAIO
09:04:40:000 3248 UserName: Eddie
09:04:40:000 3248 Windows directory: C:\WINDOWS
09:04:40:000 3248 Processor architecture: Intel x86
09:04:40:000 3248 Number of processors: 2
09:04:40:000 3248 Page size: 0x1000
09:04:40:015 3248 Boot type: Normal boot
09:04:40:015 3248 ================================================================================
09:04:40:937 3248 Initialize success
09:04:40:937 3248
09:04:40:937 3248 Scanning Services ...
09:04:41:703 3248 Raw services enum returned 388 services
09:04:41:734 3248
09:04:41:734 3248 Scanning Drivers ...
09:04:42:687 3248 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
09:04:42:984 3248 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:04:43:109 3248 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
09:04:43:281 3248 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
09:04:43:406 3248 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
09:04:43:546 3248 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
09:04:43:703 3248 AgereSoftModem (f1a97570ea402493bcc22246e8141ae6) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
09:04:43:859 3248 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
09:04:44:171 3248 ALCXWDM (18d0ae5bc1d09d55bd6837a409bb2ffc) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
09:04:44:437 3248 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
09:04:44:734 3248 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:04:44:859 3248 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
09:04:45:093 3248 ati2mtag (9bbefce3d18cf3c6eaf4f13920f75200) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
09:04:45:218 3248 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:04:45:328 3248 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
09:04:45:421 3248 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
09:04:45:546 3248 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
09:04:45:718 3248 BHDrvx86 (42c9ab61989e29953ce2d266f891ea50) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100429.001\BHDrvx86.sys
09:04:45:859 3248 Bridge (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
09:04:45:890 3248 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
09:04:45:984 3248 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
09:04:46:093 3248 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
09:04:46:265 3248 ccHP (e941e709847fa00e0dd6d58d2b8fb5e1) C:\WINDOWS\system32\drivers\NIS\1107000.00C\ccHPx86.sys
09:04:46:437 3248 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
09:04:46:562 3248 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
09:04:46:796 3248 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:04:47:640 3248 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
09:04:47:796 3248 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
09:04:48:015 3248 DMICall (526192bf7696f72e29777bf4a180513a) C:\WINDOWS\system32\DRIVERS\DMICall.sys
09:04:48:125 3248 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
09:04:48:250 3248 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
09:04:48:343 3248 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
09:04:48:515 3248 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
09:04:48:703 3248 E1000 (2476936f4994e9084ccfe75ed4f6226a) C:\WINDOWS\system32\DRIVERS\e1000325.sys
09:04:48:812 3248 E100B (98b46b331404a951cabad8b4877e1276) C:\WINDOWS\system32\DRIVERS\e100b325.sys
09:04:48:921 3248 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
09:04:49:062 3248 EL90X (653394706ff5634f4b5180b8294badb1) C:\WINDOWS\system32\DRIVERS\el90xnd5.sys
09:04:49:203 3248 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
09:04:49:328 3248 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
09:04:49:453 3248 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
09:04:49:546 3248 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
09:04:49:687 3248 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
09:04:49:828 3248 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
09:04:49:937 3248 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:04:50:046 3248 FTDIBUS (47b9cf937ac479046da289bd5a769ce9) C:\WINDOWS\system32\drivers\ftdibus.sys
09:04:50:156 3248 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:04:50:281 3248 FTSER2K (216b9a2191676034999785c7f94fa5d6) C:\WINDOWS\system32\drivers\ftser2k.sys
09:04:50:421 3248 GEARAspiWDM (4ac51459805264affd5f6fdfb9d9235f) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
09:04:50:531 3248 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:04:50:656 3248 grmnusb (d956358054e99e6ffac69cd87e893a89) C:\WINDOWS\system32\drivers\grmnusb.sys
09:04:50:765 3248 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:04:50:921 3248 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
09:04:51:187 3248 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:04:51:296 3248 ialm (1406d6ef4436aee970efe13193123965) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
09:04:51:453 3248 IDSxpx86 (231c3f6d5c520e99924e1e37401a90c4) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100528.003\IDSxpx86.sys
09:04:51:546 3248 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
09:04:51:734 3248 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
09:04:51:859 3248 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
09:04:51:968 3248 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
09:04:52:062 3248 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:04:52:171 3248 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:04:52:281 3248 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:04:52:406 3248 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:04:52:593 3248 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
09:04:52:718 3248 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:04:52:812 3248 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:04:52:921 3248 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
09:04:53:015 3248 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\WINDOWS\system32\drivers\klmd.sys
09:04:53:109 3248 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
09:04:53:203 3248 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
09:04:53:390 3248 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
09:04:53:515 3248 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
09:04:53:640 3248 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:04:53:750 3248 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:04:53:859 3248 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
09:04:54:187 3248 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:04:54:312 3248 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:04:54:453 3248 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
09:04:54:562 3248 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
09:04:54:671 3248 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:04:54:796 3248 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:04:54:890 3248 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
09:04:55:000 3248 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:04:55:109 3248 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
09:04:55:203 3248 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
09:04:55:328 3248 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
09:04:55:468 3248 NAVENG (83518e6cc82bdc3c3db0c12d1c9a2275) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100602.034\NAVENG.SYS
09:04:55:812 3248 NAVEX15 (85cf37740fe06c7a2eaa7f6c81f0819c) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100602.034\NAVEX15.SYS
09:04:55:937 3248 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
09:04:56:031 3248 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
09:04:56:140 3248 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:04:56:234 3248 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:04:56:343 3248 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:04:56:453 3248 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
09:04:56:578 3248 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
09:04:56:703 3248 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
09:04:56:828 3248 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
09:04:56:921 3248 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
09:04:57:062 3248 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
09:04:57:218 3248 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
09:04:57:390 3248 nv (9d0f1b4fcf4f5cdfbc2d0c878f380b83) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
09:04:57:640 3248 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:04:57:750 3248 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:04:57:859 3248 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
09:04:57:968 3248 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
09:04:58:078 3248 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
09:04:58:187 3248 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
09:04:58:312 3248 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
09:04:58:484 3248 PCIIde (25774ef497ae171a9ac7b1b6e7a86968) C:\WINDOWS\system32\DRIVERS\pciide.sys
09:04:58:484 3248 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\pciide.sys. Real md5: 25774ef497ae171a9ac7b1b6e7a86968, Fake md5: ccf5f451bb1a5a2a522a76e670000ff0
09:04:58:484 3248 File "C:\WINDOWS\system32\DRIVERS\pciide.sys" infected by TDSS rootkit ... 09:04:59:359 3248 Backup copy found, using it..
09:04:59:812 3248 will be cured on next reboot
09:05:00:046 3248 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
09:05:00:515 3248 Point32 (08b11f5c60edca255b18cedef8efba2a) C:\WINDOWS\system32\DRIVERS\point32.sys
09:05:00:640 3248 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:05:00:781 3248 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
09:05:00:906 3248 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
09:05:01:031 3248 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:05:01:140 3248 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
09:05:01:562 3248 QV2KUX (0087f01d35a65b32393cc8bba46ee4a6) C:\WINDOWS\system32\DRIVERS\qv2kux.sys
09:05:01:718 3248 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:05:01:828 3248 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:05:01:953 3248 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:05:02:078 3248 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
09:05:02:187 3248 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:05:02:312 3248 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:05:02:421 3248 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
09:05:02:578 3248 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
09:05:02:718 3248 rtl8139 (d0ac0b0355a3ffb85eb77b083cd0627c) C:\WINDOWS\system32\DRIVERS\R8139n51.SYS
09:05:02:843 3248 sbp2port (b244960e5a1db8e9d5d17086de37c1e4) C:\WINDOWS\system32\DRIVERS\sbp2port.sys
09:05:02:937 3248 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:05:03:078 3248 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
09:05:03:187 3248 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
09:05:03:296 3248 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
09:05:03:484 3248 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
09:05:03:609 3248 smrt (b9b97c295f65a84b62ecf68882823a15) C:\WINDOWS\system32\DRIVERS\smrt.sys
09:05:03:828 3248 smwdm (22f5db6724fea2f330e1f5ee44af93ea) C:\WINDOWS\system32\drivers\smwdm.sys
09:05:03:984 3248 sonypvs1 (dfadfc2c86662f40759bf02add27d569) C:\WINDOWS\system32\DRIVERS\sonypvs1.sys
09:05:04:171 3248 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
09:05:04:296 3248 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
09:05:04:437 3248 SRTSP (ec5c3c6260f4019b03dfaa03ec8cbf6a) C:\WINDOWS\System32\Drivers\NIS\1107000.00C\SRTSP.SYS
09:05:04:562 3248 SRTSPX (55d5c37ed41231e3ac2063d16df50840) C:\WINDOWS\system32\drivers\NIS\1107000.00C\SRTSPX.SYS
09:05:04:718 3248 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
09:05:04:859 3248 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
09:05:04:953 3248 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
09:05:05:062 3248 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
09:05:06:000 3248 SymDS (56890bf9d9204b93042089d4b45ae671) C:\WINDOWS\system32\drivers\NIS\1107000.00C\SYMDS.SYS
09:05:06:609 3248 SymEFA (1c91df5188150510a6f0cf78f7d94b69) C:\WINDOWS\system32\drivers\NIS\1107000.00C\SYMEFA.SYS
09:05:06:796 3248 SymEvent (961b48b86f94d4cc8ceb483f8aa89374) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
09:05:06:937 3248 SymIRON (dc80fbf0a348e54853ef82eed4e11e35) C:\WINDOWS\system32\drivers\NIS\1107000.00C\Ironx86.SYS
09:05:07:109 3248 SYMTDI (41aad61f87ca8e3b5d0f7fe7fba0797d) C:\WINDOWS\System32\Drivers\NIS\1107000.00C\SYMTDI.SYS
09:05:07:359 3248 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
09:05:07:484 3248 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:05:07:625 3248 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
09:05:07:734 3248 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
09:05:07:859 3248 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
09:05:08:062 3248 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
09:05:08:250 3248 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
09:05:08:390 3248 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
09:05:08:500 3248 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
09:05:08:609 3248 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:05:08:750 3248 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:05:08:875 3248 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
09:05:08:968 3248 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
09:05:09:078 3248 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:05:09:171 3248 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
09:05:09:281 3248 USB_RNDIS_XP (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys
09:05:09:375 3248 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
09:05:09:546 3248 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
09:05:09:656 3248 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:05:09:812 3248 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
09:05:09:984 3248 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
09:05:10:109 3248 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
09:05:10:234 3248 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
09:05:10:328 3248 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
09:05:10:453 3248 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
09:05:10:546 3248 {6080A529-897E-4629-A488-ABA0C29B635E} (fd1f4e9cf06c71c8d73a24acf18d8296) C:\WINDOWS\system32\drivers\ialmsbw.sys
09:05:10:656 3248 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (d4d7331d33d1fa73e588e5ce0d90a4c1) C:\WINDOWS\system32\drivers\ialmkchw.sys
09:05:10:671 3248 Reboot required for cure complete..
09:05:11:515 3248 Cure on reboot scheduled successfully
09:05:11:515 3248
09:05:11:515 3248 Completed
09:05:11:515 3248
09:05:11:515 3248 Results:
09:05:11:515 3248 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
09:05:11:515 3248 File objects infected / cured / cured on reboot: 1 / 0 / 1
09:05:11:515 3248
09:05:11:765 3248 KLMD(ARK) unloaded successfully




OTL Fix Log

All processes killed
========== OTL ==========
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\System32\SET1489.tmp deleted successfully.
C:\WINDOWS\System32\SET148D.tmp deleted successfully.
C:\WINDOWS\System32\SET1490.tmp deleted successfully.
C:\WINDOWS\System32\SET1495.tmp deleted successfully.
C:\WINDOWS\System32\SET1499.tmp deleted successfully.
C:\WINDOWS\System32\SET14A0.tmp deleted successfully.
C:\WINDOWS\System32\SET14C7.tmp deleted successfully.
C:\WINDOWS\System32\SET14EB.tmp deleted successfully.
C:\WINDOWS\System32\SET1C89.tmp deleted successfully.
C:\WINDOWS\System32\SET1C8B.tmp deleted successfully.
C:\WINDOWS\System32\SET1C8D.tmp deleted successfully.
C:\WINDOWS\System32\SET1C91.tmp deleted successfully.
C:\WINDOWS\System32\SET1C94.tmp deleted successfully.
C:\WINDOWS\System32\SET1C9D.tmp deleted successfully.
C:\WINDOWS\System32\SET1CA2.tmp deleted successfully.
C:\WINDOWS\System32\SET1CA4.tmp deleted successfully.
C:\WINDOWS\System32\SET1CA7.tmp deleted successfully.
C:\WINDOWS\System32\SET1CA8.tmp deleted successfully.
C:\WINDOWS\System32\SET1CA9.tmp deleted successfully.
C:\WINDOWS\System32\SET1CB0.tmp deleted successfully.
C:\WINDOWS\System32\SET1CB1.tmp deleted successfully.
C:\WINDOWS\System32\SET1CB2.tmp deleted successfully.
C:\WINDOWS\System32\SET1CB9.tmp deleted successfully.
C:\WINDOWS\System32\SET1CBD.tmp deleted successfully.
C:\WINDOWS\System32\SET1CBF.tmp deleted successfully.
C:\WINDOWS\System32\SET1CC2.tmp deleted successfully.
C:\WINDOWS\System32\SET1CC5.tmp deleted successfully.
C:\WINDOWS\System32\SET1CCC.tmp deleted successfully.
C:\WINDOWS\System32\SET1CD3.tmp deleted successfully.
C:\WINDOWS\System32\SET1CDC.tmp deleted successfully.
C:\WINDOWS\System32\SET1CDD.tmp deleted successfully.
C:\WINDOWS\System32\SET1CE2.tmp deleted successfully.
C:\WINDOWS\System32\SET1CE4.tmp deleted successfully.
C:\WINDOWS\System32\SET1CE7.tmp deleted successfully.
C:\WINDOWS\System32\SET1CE9.tmp deleted successfully.
C:\WINDOWS\System32\SET1CEA.tmp deleted successfully.
C:\WINDOWS\System32\SET1CEC.tmp deleted successfully.
C:\WINDOWS\System32\SET1CEE.tmp deleted successfully.
C:\WINDOWS\System32\SET1CEF.tmp deleted successfully.
C:\WINDOWS\System32\SET1CF0.tmp deleted successfully.
C:\WINDOWS\System32\SET1CF1.tmp deleted successfully.
C:\WINDOWS\System32\SET1CF3.tmp deleted successfully.
C:\WINDOWS\System32\SET1CF4.tmp deleted successfully.
C:\WINDOWS\System32\SET1CF5.tmp deleted successfully.
C:\WINDOWS\System32\SET1CFD.tmp deleted successfully.
C:\WINDOWS\System32\SET1D00.tmp deleted successfully.
C:\WINDOWS\System32\SET1D2A.tmp deleted successfully.
C:\WINDOWS\System32\SET1D2B.tmp deleted successfully.
C:\WINDOWS\System32\SET1D3C.tmp deleted successfully.
C:\WINDOWS\System32\SET1D48.tmp deleted successfully.
C:\WINDOWS\System32\SET1D4C.tmp deleted successfully.
C:\WINDOWS\System32\SET1D57.tmp deleted successfully.
C:\WINDOWS\System32\SET1D58.tmp deleted successfully.
C:\WINDOWS\System32\SET1D59.tmp deleted successfully.
C:\WINDOWS\System32\SET1D5B.tmp deleted successfully.
C:\WINDOWS\System32\SET1D5C.tmp deleted successfully.
C:\WINDOWS\System32\SET1D70.tmp deleted successfully.
C:\WINDOWS\System32\SET1D74.tmp deleted successfully.
C:\WINDOWS\System32\SET1D79.tmp deleted successfully.
C:\WINDOWS\System32\SET1D7B.tmp deleted successfully.
C:\WINDOWS\System32\SET1D7C.tmp deleted successfully.
C:\WINDOWS\System32\SET1D7D.tmp deleted successfully.
C:\WINDOWS\System32\SET1D7F.tmp deleted successfully.
C:\WINDOWS\System32\SET1D83.tmp deleted successfully.
C:\WINDOWS\System32\SET1D88.tmp deleted successfully.
C:\WINDOWS\System32\SET1D8B.tmp deleted successfully.
C:\WINDOWS\System32\SET1D9A.tmp deleted successfully.
C:\WINDOWS\System32\SET1D9E.tmp deleted successfully.
C:\WINDOWS\System32\SET1DA4.tmp deleted successfully.
C:\WINDOWS\System32\SET1DA6.tmp deleted successfully.
C:\WINDOWS\System32\SET1DA8.tmp deleted successfully.
C:\WINDOWS\System32\SET1DAC.tmp deleted successfully.
C:\WINDOWS\System32\SET1DD9.tmp deleted successfully.
C:\WINDOWS\System32\SET1DDB.tmp deleted successfully.
C:\WINDOWS\System32\SET1DE4.tmp deleted successfully.
C:\WINDOWS\System32\SET1DE6.tmp deleted successfully.
C:\WINDOWS\System32\SET1DEC.tmp deleted successfully.
C:\WINDOWS\System32\SET1DEE.tmp deleted successfully.
C:\WINDOWS\System32\SET1DF6.tmp deleted successfully.
C:\WINDOWS\System32\SET1DFA.tmp deleted successfully.
C:\WINDOWS\System32\SET1DFB.tmp deleted successfully.
C:\WINDOWS\System32\SET1DFC.tmp deleted successfully.
C:\WINDOWS\System32\SET1E00.tmp deleted successfully.
C:\WINDOWS\System32\SET1E0B.tmp deleted successfully.
C:\WINDOWS\System32\SET1E13.tmp deleted successfully.
C:\WINDOWS\System32\SET1E14.tmp deleted successfully.
C:\WINDOWS\System32\SET1E16.tmp deleted successfully.
C:\WINDOWS\System32\SET1E1B.tmp deleted successfully.
C:\WINDOWS\System32\SET1E1D.tmp deleted successfully.
C:\WINDOWS\System32\SET1E1F.tmp deleted successfully.
C:\WINDOWS\System32\SET1E20.tmp deleted successfully.
C:\WINDOWS\System32\SET1E21.tmp deleted successfully.
C:\WINDOWS\System32\SET1E22.tmp deleted successfully.
C:\WINDOWS\System32\SET1E25.tmp deleted successfully.
C:\WINDOWS\System32\SET1E28.tmp deleted successfully.
C:\WINDOWS\System32\SET1E29.tmp deleted successfully.
C:\WINDOWS\System32\SET1E2A.tmp deleted successfully.
C:\WINDOWS\System32\SET1E2B.tmp deleted successfully.
C:\WINDOWS\System32\SET1E31.tmp deleted successfully.
C:\WINDOWS\System32\SET1E34.tmp deleted successfully.
C:\WINDOWS\System32\SET1E36.tmp deleted successfully.
C:\WINDOWS\System32\SET1E38.tmp deleted successfully.
C:\WINDOWS\System32\SET1E39.tmp deleted successfully.
C:\WINDOWS\System32\SET1E3A.tmp deleted successfully.
C:\WINDOWS\System32\SET1E3B.tmp deleted successfully.
C:\WINDOWS\System32\SET1E3D.tmp deleted successfully.
C:\WINDOWS\System32\SET1E3E.tmp deleted successfully.
C:\WINDOWS\System32\SET1E43.tmp deleted successfully.
C:\WINDOWS\System32\SET1E44.tmp deleted successfully.
C:\WINDOWS\System32\SET1E46.tmp deleted successfully.
C:\WINDOWS\System32\SET1E47.tmp deleted successfully.
C:\WINDOWS\System32\SET1E4E.tmp deleted successfully.
C:\WINDOWS\System32\SET1E51.tmp deleted successfully.
C:\WINDOWS\System32\SET1E54.tmp deleted successfully.
C:\WINDOWS\System32\SET1E55.tmp deleted successfully.
C:\WINDOWS\System32\SET1E57.tmp deleted successfully.
C:\WINDOWS\System32\SET1E5B.tmp deleted successfully.
C:\WINDOWS\System32\SET1E5F.tmp deleted successfully.
C:\WINDOWS\System32\SET1E63.tmp deleted successfully.
C:\WINDOWS\System32\SET1E65.tmp deleted successfully.
C:\WINDOWS\System32\SET1E67.tmp deleted successfully.
C:\WINDOWS\System32\SET1E68.tmp deleted successfully.
C:\WINDOWS\System32\SET1E6B.tmp deleted successfully.
C:\WINDOWS\System32\SET1E6E.tmp deleted successfully.
C:\WINDOWS\System32\SET1E6F.tmp deleted successfully.
C:\WINDOWS\System32\SET1E72.tmp deleted successfully.
C:\WINDOWS\System32\SET1E73.tmp deleted successfully.
C:\WINDOWS\System32\SET1E75.tmp deleted successfully.
C:\WINDOWS\System32\SET1E79.tmp deleted successfully.
C:\WINDOWS\System32\SET1E7B.tmp deleted successfully.
C:\WINDOWS\System32\SET1E7C.tmp deleted successfully.
C:\WINDOWS\System32\SET1E7D.tmp deleted successfully.
C:\WINDOWS\System32\SET1E82.tmp deleted successfully.
C:\WINDOWS\System32\SET1E83.tmp deleted successfully.
C:\WINDOWS\System32\SET1E84.tmp deleted successfully.
C:\WINDOWS\System32\SET1E89.tmp deleted successfully.
C:\WINDOWS\System32\SET1E8C.tmp deleted successfully.
C:\WINDOWS\System32\SET1E8E.tmp deleted successfully.
C:\WINDOWS\System32\SET1E8F.tmp deleted successfully.
C:\WINDOWS\System32\SET1E90.tmp deleted successfully.
C:\WINDOWS\System32\SET1E92.tmp deleted successfully.
C:\WINDOWS\System32\SET1E93.tmp deleted successfully.
C:\WINDOWS\System32\SET1E94.tmp deleted successfully.
C:\WINDOWS\System32\SET1E96.tmp deleted successfully.
C:\WINDOWS\System32\SET1E97.tmp deleted successfully.
C:\WINDOWS\System32\SET1E98.tmp deleted successfully.
C:\WINDOWS\System32\SET1E99.tmp deleted successfully.
C:\WINDOWS\System32\SET1E9A.tmp deleted successfully.
C:\WINDOWS\System32\SET1E9D.tmp deleted successfully.
C:\WINDOWS\System32\SET1E9E.tmp deleted successfully.
C:\WINDOWS\System32\SET1EA5.tmp deleted successfully.
C:\WINDOWS\System32\SET1EA6.tmp deleted successfully.
C:\WINDOWS\System32\SET1EA9.tmp deleted successfully.
C:\WINDOWS\System32\SET1EB9.tmp deleted successfully.
C:\WINDOWS\System32\SET1EC1.tmp deleted successfully.
C:\WINDOWS\System32\SET1EC6.tmp deleted successfully.
C:\WINDOWS\System32\SET1EC8.tmp deleted successfully.
C:\WINDOWS\System32\SET1ECC.tmp deleted successfully.
C:\WINDOWS\System32\SET1ECD.tmp deleted successfully.
C:\WINDOWS\System32\SET1ED1.tmp deleted successfully.
C:\WINDOWS\System32\SET1ED7.tmp deleted successfully.
C:\WINDOWS\System32\SET1EDD.tmp deleted successfully.
C:\WINDOWS\System32\SET1EDE.tmp deleted successfully.
C:\WINDOWS\System32\SET1EDF.tmp deleted successfully.
C:\WINDOWS\System32\SET1EE1.tmp deleted successfully.
C:\WINDOWS\System32\SET1EE3.tmp deleted successfully.
C:\WINDOWS\System32\SET1EE9.tmp deleted successfully.
C:\WINDOWS\System32\SET1EEF.tmp deleted successfully.
C:\WINDOWS\System32\SET1EF5.tmp deleted successfully.
C:\WINDOWS\System32\SET1EF7.tmp deleted successfully.
C:\WINDOWS\System32\SET1EF9.tmp deleted successfully.
C:\WINDOWS\System32\SET1EFA.tmp deleted successfully.
C:\WINDOWS\System32\SET1EFB.tmp deleted successfully.
C:\WINDOWS\System32\SET1F01.tmp deleted successfully.
C:\WINDOWS\System32\SET1F0C.tmp deleted successfully.
C:\WINDOWS\System32\SET1F0D.tmp deleted successfully.
C:\WINDOWS\System32\SET1F0E.tmp deleted successfully.
C:\WINDOWS\System32\SET1F15.tmp deleted successfully.
C:\WINDOWS\System32\SET1F16.tmp deleted successfully.
C:\WINDOWS\System32\SET1F1A.tmp deleted successfully.
C:\WINDOWS\System32\SET1F1B.tmp deleted successfully.
C:\WINDOWS\System32\SET1F1F.tmp deleted successfully.
C:\WINDOWS\System32\SET1F20.tmp deleted successfully.
C:\WINDOWS\System32\SET1F23.tmp deleted successfully.
C:\WINDOWS\System32\SET1F24.tmp deleted successfully.
C:\WINDOWS\System32\SET1F26.tmp deleted successfully.
C:\WINDOWS\System32\SET1F28.tmp deleted successfully.
C:\WINDOWS\System32\SET1F2A.tmp deleted successfully.
C:\WINDOWS\System32\SET1F2F.tmp deleted successfully.
C:\WINDOWS\System32\SET1F41.tmp deleted successfully.
C:\WINDOWS\System32\SET1F46.tmp deleted successfully.
C:\WINDOWS\System32\SET1F47.tmp deleted successfully.
C:\WINDOWS\System32\SET1F49.tmp deleted successfully.
C:\WINDOWS\System32\SET1F4A.tmp deleted successfully.
C:\WINDOWS\System32\SET1F4B.tmp deleted successfully.
C:\WINDOWS\System32\SET1F4C.tmp deleted successfully.
C:\WINDOWS\System32\SET1F4E.tmp deleted successfully.
C:\WINDOWS\System32\SET1F51.tmp deleted successfully.
C:\WINDOWS\System32\SET1F52.tmp deleted successfully.
C:\WINDOWS\System32\SET1F5B.tmp deleted successfully.
C:\WINDOWS\System32\SET1F5C.tmp deleted successfully.
C:\WINDOWS\System32\SET1F5F.tmp deleted successfully.
C:\WINDOWS\System32\SET1F61.tmp deleted successfully.
C:\WINDOWS\System32\SET1F62.tmp deleted successfully.
C:\WINDOWS\System32\SET1F63.tmp deleted successfully.
C:\WINDOWS\System32\SET1F6A.tmp deleted successfully.
C:\WINDOWS\System32\SET1F6B.tmp deleted successfully.
C:\WINDOWS\System32\SET1F6E.tmp deleted successfully.
C:\WINDOWS\System32\SET1F71.tmp deleted successfully.
C:\WINDOWS\System32\SET1F72.tmp deleted successfully.
C:\WINDOWS\System32\SET1F78.tmp deleted successfully.
C:\WINDOWS\System32\SET1F80.tmp deleted successfully.
C:\WINDOWS\System32\SET1F83.tmp deleted successfully.
C:\WINDOWS\System32\SET1F84.tmp deleted successfully.
C:\WINDOWS\System32\SET1F85.tmp deleted successfully.
C:\WINDOWS\System32\SET1F86.tmp deleted successfully.
C:\WINDOWS\System32\SET1F8B.tmp deleted successfully.
C:\WINDOWS\System32\SET1F8D.tmp deleted successfully.
C:\WINDOWS\System32\SET1F8E.tmp deleted successfully.
C:\WINDOWS\System32\SET1F8F.tmp deleted successfully.
C:\WINDOWS\System32\SET1F91.tmp deleted successfully.
C:\WINDOWS\System32\SET1F92.tmp deleted successfully.
C:\WINDOWS\System32\SET1F99.tmp deleted successfully.
C:\WINDOWS\System32\SET1F9C.tmp deleted successfully.
C:\WINDOWS\System32\SET1F9E.tmp deleted successfully.
C:\WINDOWS\System32\SET1F9F.tmp deleted successfully.
C:\WINDOWS\System32\SET1FA2.tmp deleted successfully.
C:\WINDOWS\System32\SET1FA3.tmp deleted successfully.
C:\WINDOWS\System32\SET1FA4.tmp deleted successfully.
C:\WINDOWS\System32\SET1FAB.tmp deleted successfully.
C:\WINDOWS\System32\SET1FAC.tmp deleted successfully.
C:\WINDOWS\System32\SET1FB3.tmp deleted successfully.
C:\WINDOWS\System32\SET1FB5.tmp deleted successfully.
C:\WINDOWS\System32\SET1FB6.tmp deleted successfully.
C:\WINDOWS\System32\SET1FB7.tmp deleted successfully.
C:\WINDOWS\System32\SET1FBA.tmp deleted successfully.
C:\WINDOWS\System32\SET1FBB.tmp deleted successfully.
C:\WINDOWS\System32\SET1FBE.tmp deleted successfully.
C:\WINDOWS\System32\SET1FBF.tmp deleted successfully.
C:\WINDOWS\System32\SET1FC0.tmp deleted successfully.
C:\WINDOWS\System32\SET1FC3.tmp deleted successfully.
C:\WINDOWS\System32\SET1FC4.tmp deleted successfully.
C:\WINDOWS\System32\SET1FC5.tmp deleted successfully.
C:\WINDOWS\System32\SET1FCB.tmp deleted successfully.
C:\WINDOWS\System32\SET1FCE.tmp deleted successfully.
C:\WINDOWS\System32\SET1FCF.tmp deleted successfully.
C:\WINDOWS\System32\SET1FD2.tmp deleted successfully.
C:\WINDOWS\System32\SET1FDA.tmp deleted successfully.
C:\WINDOWS\System32\SET1FDC.tmp deleted successfully.
C:\WINDOWS\System32\SET1FDE.tmp deleted successfully.
C:\WINDOWS\System32\SET1FDF.tmp deleted successfully.
C:\WINDOWS\System32\SET1FE1.tmp deleted successfully.
C:\WINDOWS\System32\SET1FE2.tmp deleted successfully.
C:\WINDOWS\System32\SET1FE8.tmp deleted successfully.
C:\WINDOWS\System32\SET1FE9.tmp deleted successfully.
C:\WINDOWS\System32\SET2085.tmp deleted successfully.
C:\WINDOWS\System32\SET2086.tmp deleted successfully.
C:\WINDOWS\System32\SET2087.tmp deleted successfully.
C:\WINDOWS\System32\SET2088.tmp deleted successfully.
C:\WINDOWS\System32\SET208D.tmp deleted successfully.
C:\WINDOWS\System32\SET2095.tmp deleted successfully.
C:\WINDOWS\System32\SET2097.tmp deleted successfully.
C:\WINDOWS\System32\SET20C6.tmp deleted successfully.
C:\WINDOWS\System32\SET20CC.tmp deleted successfully.
C:\WINDOWS\System32\SET20CF.tmp deleted successfully.
C:\WINDOWS\System32\SET20D0.tmp deleted successfully.
C:\WINDOWS\System32\SET20D4.tmp deleted successfully.
C:\WINDOWS\System32\SET20D5.tmp deleted successfully.
C:\WINDOWS\System32\SET20D6.tmp deleted successfully.
C:\WINDOWS\System32\SET20D7.tmp deleted successfully.
C:\WINDOWS\System32\SET20D8.tmp deleted successfully.
C:\WINDOWS\System32\SET20DA.tmp deleted successfully.
C:\WINDOWS\System32\SET20DD.tmp deleted successfully.
C:\WINDOWS\System32\SET20E3.tmp deleted successfully.
C:\WINDOWS\System32\SET20E6.tmp deleted successfully.
C:\WINDOWS\System32\SET709.tmp deleted successfully.
C:\WINDOWS\System32\SET70A.tmp deleted successfully.
C:\WINDOWS\System32\SET70C.tmp deleted successfully.
C:\WINDOWS\System32\SET70E.tmp deleted successfully.
C:\WINDOWS\System32\SET710.tmp deleted successfully.
C:\WINDOWS\System32\SET717.tmp deleted successfully.
C:\WINDOWS\System32\SET718.tmp deleted successfully.
C:\WINDOWS\System32\SET71B.tmp deleted successfully.
C:\WINDOWS\System32\SET720.tmp deleted successfully.
C:\WINDOWS\System32\SET721.tmp deleted successfully.
C:\WINDOWS\System32\SET722.tmp deleted successfully.
C:\WINDOWS\System32\SET725.tmp deleted successfully.
C:\WINDOWS\System32\SET726.tmp deleted successfully.
C:\WINDOWS\System32\SET727.tmp deleted successfully.
C:\WINDOWS\System32\SET729.tmp deleted successfully.
C:\WINDOWS\System32\SET72A.tmp deleted successfully.
C:\WINDOWS\System32\SET72D.tmp deleted successfully.
C:\WINDOWS\System32\SET72E.tmp deleted successfully.
C:\WINDOWS\System32\SET72F.tmp deleted successfully.
C:\WINDOWS\System32\SET735.tmp deleted successfully.
C:\WINDOWS\System32\SET73C.tmp deleted successfully.
C:\WINDOWS\System32\SET73D.tmp deleted successfully.
C:\WINDOWS\System32\SET73E.tmp deleted successfully.
C:\WINDOWS\System32\SET741.tmp deleted successfully.
C:\WINDOWS\System32\SET743.tmp deleted successfully.
C:\WINDOWS\System32\SET745.tmp deleted successfully.
C:\WINDOWS\System32\SET74B.tmp deleted successfully.
C:\WINDOWS\System32\SET74C.tmp deleted successfully.
C:\WINDOWS\System32\SET74E.tmp deleted successfully.
C:\WINDOWS\System32\SET74F.tmp deleted successfully.
C:\WINDOWS\System32\SET750.tmp deleted successfully.
C:\WINDOWS\System32\SET752.tmp deleted successfully.
C:\WINDOWS\System32\SET757.tmp deleted successfully.
C:\WINDOWS\System32\SET758.tmp deleted successfully.
C:\WINDOWS\System32\SET759.tmp deleted successfully.
C:\WINDOWS\System32\SET75A.tmp deleted successfully.
C:\WINDOWS\System32\SET75D.tmp deleted successfully.
C:\WINDOWS\System32\SET763.tmp deleted successfully.
C:\WINDOWS\System32\SET769.tmp deleted successfully.
C:\WINDOWS\System32\SET76A.tmp deleted successfully.
C:\WINDOWS\System32\SET76D.tmp deleted successfully.
C:\WINDOWS\System32\SET770.tmp deleted successfully.
C:\WINDOWS\System32\SET771.tmp deleted successfully.
C:\WINDOWS\System32\SET778.tmp deleted successfully.
C:\WINDOWS\System32\SET779.tmp deleted successfully.
C:\WINDOWS\System32\SET77B.tmp deleted successfully.
C:\WINDOWS\System32\SET77E.tmp deleted successfully.
C:\WINDOWS\System32\SET77F.tmp deleted successfully.
C:\WINDOWS\System32\SET788.tmp deleted successfully.
C:\WINDOWS\System32\SET789.tmp deleted successfully.
C:\WINDOWS\System32\SET78C.tmp deleted successfully.
C:\WINDOWS\System32\SET78E.tmp deleted successfully.
C:\WINDOWS\System32\SET78F.tmp deleted successfully.
C:\WINDOWS\System32\SET790.tmp deleted successfully.
C:\WINDOWS\System32\SET791.tmp deleted successfully.
C:\WINDOWS\System32\SET792.tmp deleted successfully.
C:\WINDOWS\System32\SET793.tmp deleted successfully.
C:\WINDOWS\System32\SET797.tmp deleted successfully.
C:\WINDOWS\System32\SET7A3.tmp deleted successfully.
C:\WINDOWS\System32\SET7A8.tmp deleted successfully.
C:\WINDOWS\System32\SET7AA.tmp deleted successfully.
C:\WINDOWS\System32\SET7AC.tmp deleted successfully.
C:\WINDOWS\System32\SET7AD.tmp deleted successfully.
C:\WINDOWS\System32\SET7AE.tmp deleted successfully.
C:\WINDOWS\System32\SET7B1.tmp deleted successfully.
C:\WINDOWS\System32\SET7B2.tmp deleted successfully.
C:\WINDOWS\System32\SET7B6.tmp deleted successfully.
C:\WINDOWS\System32\SET7B7.tmp deleted successfully.
C:\WINDOWS\System32\SET7BB.tmp deleted successfully.
C:\WINDOWS\System32\SET7BC.tmp deleted successfully.
C:\WINDOWS\System32\SET7C2.tmp deleted successfully.
C:\WINDOWS\System32\SET7C3.tmp deleted successfully.
C:\WINDOWS\System32\SET7C4.tmp deleted successfully.
C:\WINDOWS\System32\SET7CC.tmp deleted successfully.
C:\WINDOWS\System32\SET7D2.tmp deleted successfully.
C:\WINDOWS\System32\SET7D3.tmp deleted successfully.
C:\WINDOWS\System32\SET7D4.tmp deleted successfully.
C:\WINDOWS\System32\SET7D6.tmp deleted successfully.
C:\WINDOWS\System32\SET7D8.tmp deleted successfully.
C:\WINDOWS\System32\SET7DE.tmp deleted successfully.
C:\WINDOWS\System32\SET7E4.tmp deleted successfully.
C:\WINDOWS\System32\SET7EA.tmp deleted successfully.
C:\WINDOWS\System32\SET7EC.tmp deleted successfully.
C:\WINDOWS\System32\SET7EE.tmp deleted successfully.
C:\WINDOWS\System32\SET7EF.tmp deleted successfully.
C:\WINDOWS\System32\SET7F0.tmp deleted successfully.
C:\WINDOWS\System32\SET7F6.tmp deleted successfully.
C:\WINDOWS\System32\SET7FC.tmp deleted successfully.
C:\WINDOWS\System32\SET800.tmp deleted successfully.
C:\WINDOWS\System32\SET801.tmp deleted successfully.
C:\WINDOWS\System32\SET804.tmp deleted successfully.
C:\WINDOWS\System32\SET806.tmp deleted successfully.
C:\WINDOWS\System32\SET809.tmp deleted successfully.
C:\WINDOWS\System32\SET80F.tmp deleted successfully.
C:\WINDOWS\System32\SET81A.tmp deleted successfully.
C:\WINDOWS\System32\SET81D.tmp deleted successfully.
C:\WINDOWS\System32\SET81E.tmp deleted successfully.
C:\WINDOWS\System32\SET825.tmp deleted successfully.
C:\WINDOWS\System32\SET826.tmp deleted successfully.
C:\WINDOWS\System32\SET829.tmp deleted successfully.
C:\WINDOWS\System32\SET82A.tmp deleted successfully.
C:\WINDOWS\System32\SET82B.tmp deleted successfully.
C:\WINDOWS\System32\SET82C.tmp deleted successfully.
C:\WINDOWS\System32\SET82D.tmp deleted successfully.
C:\WINDOWS\System32\SET82F.tmp deleted successfully.
C:\WINDOWS\System32\SET830.tmp deleted successfully.
C:\WINDOWS\System32\SET831.tmp deleted successfully.
C:\WINDOWS\System32\SET833.tmp deleted successfully.
C:\WINDOWS\System32\SET834.tmp deleted successfully.
C:\WINDOWS\System32\SET835.tmp deleted successfully.
C:\WINDOWS\System32\SET837.tmp deleted successfully.
C:\WINDOWS\System32\SET83A.tmp deleted successfully.
C:\WINDOWS\System32\SET83F.tmp deleted successfully.
C:\WINDOWS\System32\SET840.tmp deleted successfully.
C:\WINDOWS\System32\SET841.tmp deleted successfully.
C:\WINDOWS\System32\SET846.tmp deleted successfully.
C:\WINDOWS\System32\SET847.tmp deleted successfully.
C:\WINDOWS\System32\SET848.tmp deleted successfully.
C:\WINDOWS\System32\SET84A.tmp deleted successfully.
C:\WINDOWS\System32\SET84D.tmp deleted successfully.
C:\WINDOWS\System32\SET84F.tmp deleted successfully.
C:\WINDOWS\System32\SET850.tmp deleted successfully.
C:\WINDOWS\System32\SET853.tmp deleted successfully.
C:\WINDOWS\System32\SET854.tmp deleted successfully.
C:\WINDOWS\System32\SET857.tmp deleted successfully.
C:\WINDOWS\System32\SET85A.tmp deleted successfully.
C:\WINDOWS\System32\SET85B.tmp deleted successfully.
C:\WINDOWS\System32\SET85D.tmp deleted successfully.
C:\WINDOWS\System32\SET862.tmp deleted successfully.
C:\WINDOWS\System32\SET866.tmp deleted successfully.
C:\WINDOWS\System32\SET86A.tmp deleted successfully.
C:\WINDOWS\System32\SET86C.tmp deleted successfully.
C:\WINDOWS\System32\SET86D.tmp deleted successfully.
C:\WINDOWS\System32\SET870.tmp deleted successfully.
C:\WINDOWS\System32\SET871.tmp deleted successfully.
C:\WINDOWS\System32\SET877.tmp deleted successfully.
C:\WINDOWS\System32\SET878.tmp deleted successfully.
C:\WINDOWS\System32\SET87A.tmp deleted successfully.
C:\WINDOWS\System32\SET87B.tmp deleted successfully.
C:\WINDOWS\System32\SET880.tmp deleted successfully.
C:\WINDOWS\System32\SET881.tmp deleted successfully.
C:\WINDOWS\System32\SET883.tmp deleted successfully.
C:\WINDOWS\System32\SET884.tmp deleted successfully.
C:\WINDOWS\System32\SET885.tmp deleted successfully.
C:\WINDOWS\System32\SET886.tmp deleted successfully.
C:\WINDOWS\System32\SET888.tmp deleted successfully.
C:\WINDOWS\System32\SET88A.tmp deleted successfully.
C:\WINDOWS\System32\SET88D.tmp deleted successfully.
C:\WINDOWS\System32\SET898.tmp deleted successfully.
C:\WINDOWS\System32\SET89A.tmp deleted successfully.
C:\WINDOWS\System32\SET89B.tmp deleted successfully.
C:\WINDOWS\System32\SET89C.tmp deleted successfully.
C:\WINDOWS\System32\SET89E.tmp deleted successfully.
C:\WINDOWS\System32\SET8A0.tmp deleted successfully.
C:\WINDOWS\System32\SET8A5.tmp deleted successfully.
C:\WINDOWS\System32\SET8A7.tmp deleted successfully.
C:\WINDOWS\System32\SET8A8.tmp deleted successfully.
C:\WINDOWS\System32\SET8AF.tmp deleted successfully.
C:\WINDOWS\System32\SET8BA.tmp deleted successfully.
C:\WINDOWS\System32\SET8BE.tmp deleted successfully.
C:\WINDOWS\System32\SET8BF.tmp deleted successfully.
C:\WINDOWS\System32\SET8C0.tmp deleted successfully.
C:\WINDOWS\System32\SET8C3.tmp deleted successfully.
C:\WINDOWS\System32\SET8CB.tmp deleted successfully.
C:\WINDOWS\System32\SET8CD.tmp deleted successfully.
C:\WINDOWS\System32\SET8D2.tmp deleted successfully.
C:\WINDOWS\System32\SET8D4.tmp deleted successfully.
C:\WINDOWS\System32\SET8DD.tmp deleted successfully.
C:\WINDOWS\System32\SET8DF.tmp deleted successfully.
C:\WINDOWS\System32\SET8F9.tmp deleted successfully.
C:\WINDOWS\System32\SET8FD.tmp deleted successfully.
C:\WINDOWS\System32\SET8FF.tmp deleted successfully.
C:\WINDOWS\System32\SET901.tmp deleted successfully.
C:\WINDOWS\System32\SET907.tmp deleted successfully.
C:\WINDOWS\System32\SET90B.tmp deleted successfully.
C:\WINDOWS\System32\SET919.tmp deleted successfully.
C:\WINDOWS\System32\SET91C.tmp deleted successfully.
C:\WINDOWS\System32\SET922.tmp deleted successfully.
C:\WINDOWS\System32\SET924.tmp deleted successfully.
C:\WINDOWS\System32\SET925.tmp deleted successfully.
C:\WINDOWS\System32\SET926.tmp deleted successfully.
C:\WINDOWS\System32\SET928.tmp deleted successfully.
C:\WINDOWS\System32\SET92C.tmp deleted successfully.
C:\WINDOWS\System32\SET930.tmp deleted successfully.
C:\WINDOWS\System32\SET93E.tmp deleted successfully.
C:\WINDOWS\System32\SET93F.tmp deleted successfully.
C:\WINDOWS\System32\SET941.tmp deleted successfully.
C:\WINDOWS\System32\SET942.tmp deleted successfully.
C:\WINDOWS\System32\SET943.tmp deleted successfully.
C:\WINDOWS\System32\SET94B.tmp deleted successfully.
C:\WINDOWS\System32\SET94F.tmp deleted successfully.
C:\WINDOWS\System32\SET95.tmp deleted successfully.
C:\WINDOWS\System32\SET95A.tmp deleted successfully.
C:\WINDOWS\System32\SET96A.tmp deleted successfully.
C:\WINDOWS\System32\SET96B.tmp deleted successfully.
C:\WINDOWS\System32\SET995.tmp deleted successfully.
C:\WINDOWS\System32\SET998.tmp deleted successfully.
C:\WINDOWS\System32\SET99F.tmp deleted successfully.
C:\WINDOWS\System32\SET9A.tmp deleted successfully.
C:\WINDOWS\System32\SET9A0.tmp deleted successfully.
C:\WINDOWS\System32\SET9A1.tmp deleted successfully.
C:\WINDOWS\System32\SET9A3.tmp deleted successfully.
C:\WINDOWS\System32\SET9A4.tmp deleted successfully.
C:\WINDOWS\System32\SET9A5.tmp deleted successfully.
C:\WINDOWS\System32\SET9A6.tmp deleted successfully.
C:\WINDOWS\System32\SET9A8.tmp deleted successfully.
C:\WINDOWS\System32\SET9AA.tmp deleted successfully.
C:\WINDOWS\System32\SET9AB.tmp deleted successfully.
C:\WINDOWS\System32\SET9AD.tmp deleted successfully.
C:\WINDOWS\System32\SET9B0.tmp deleted successfully.
C:\WINDOWS\System32\SET9B2.tmp deleted successfully.
C:\WINDOWS\System32\SET9B7.tmp deleted successfully.
C:\WINDOWS\System32\SET9B8.tmp deleted successfully.
C:\WINDOWS\System32\SET9C0.tmp deleted successfully.
C:\WINDOWS\System32\SET9C7.tmp deleted successfully.
C:\WINDOWS\System32\SET9CE.tmp deleted successfully.
C:\WINDOWS\System32\SET9D1.tmp deleted successfully.
C:\WINDOWS\System32\SET9D4.tmp deleted successfully.
C:\WINDOWS\System32\SET9D6.tmp deleted successfully.
C:\WINDOWS\System32\SET9DA.tmp deleted successfully.
C:\WINDOWS\System32\SET9DD.tmp deleted successfully.
C:\WINDOWS\System32\SET9DE.tmp deleted successfully.
C:\WINDOWS\System32\SET9DF.tmp deleted successfully.
C:\WINDOWS\System32\SET9E3.tmp deleted successfully.
C:\WINDOWS\System32\SET9E4.tmp deleted successfully.
C:\WINDOWS\System32\SET9E5.tmp deleted successfully.
C:\WINDOWS\System32\SET9E8.tmp deleted successfully.
C:\WINDOWS\System32\SET9E9.tmp deleted successfully.
C:\WINDOWS\System32\SET9EE.tmp deleted successfully.
C:\WINDOWS\System32\SET9F3.tmp deleted successfully.
C:\WINDOWS\System32\SET9F6.tmp deleted successfully.
C:\WINDOWS\System32\SET9FA.tmp deleted successfully.
C:\WINDOWS\System32\SET9FC.tmp deleted successfully.
C:\WINDOWS\System32\SET9FE.tmp deleted successfully.
C:\WINDOWS\System32\SETA1.tmp deleted successfully.
C:\WINDOWS\002298_.tmp deleted successfully.
C:\WINDOWS\005668_.tmp deleted successfully.
C:\WINDOWS\006854_.tmp deleted successfully.
C:\WINDOWS\SET15F7.tmp deleted successfully.
C:\WINDOWS\SETA2D.tmp deleted successfully.
C:\Documents and Settings\Eddie\My Documents\~WRL0200.tmp deleted successfully.
C:\Documents and Settings\Eddie\My Documents\~WRL2498.tmp deleted successfully.
C:\Documents and Settings\Eddie\My Documents\~WRL3483.tmp deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Eddie
->Temp folder emptied: 72203437 bytes
->Temporary Internet Files folder emptied: 172957715 bytes
->Java cache emptied: 105229336 bytes
->FireFox cache emptied: 97181971 bytes
->Flash cache emptied: 5011962 bytes

User: Eddies Success Files

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 361295 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 494637 bytes
->Flash cache emptied: 2077 bytes

User: Owner

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 34665048 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23909208 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 16325240 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 504.00 mb


OTL by OldTimer - Version 3.2.5.3 log created on 06032010_091436

Files\Folders moved on Reboot...
C:\WINDOWS\temp\Perflib_Perfdata_124.dat moved successfully.

Registry entries deleted on Reboot...




So far, I don't see any problems popping up. I couldn't believe the number of temp files and other things the OTL fix removed. wow!

So, what is the prognosis?

Thanks-


#13 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:59 PM

Posted 03 June 2010 - 09:12 AM

Looking good. thumbup2.gif

Please rerun MBAM.

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
    • Update Malwarebytes' Anti-Malware <--- Important!!
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

==========

I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push

==========

With your next post please provide:

* MBAM log
* ESET log
* Any further problems?

Kind regards,
~t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#14 HokieEd

HokieEd
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:59 PM

Posted 03 June 2010 - 03:22 PM

ESET did take a long time! Here are the results of MBAM and ESET:


MBAM Log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/3/2010 10:40:49 AM
mbam-log-2010-06-03 (10-40-49).txt

Scan type: Quick scan
Objects scanned: 124007
Time elapsed: 9 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




ESET Log:

C:\Documents and Settings\Eddie\Desktop\temp\GoldMinerSetup-dm.exe a variant of Win32/Adware.Trymedia application cleaned by deleting - quarantined
C:\Documents and Settings\Eddie\Local Settings\Application Data\Identities\{E8565914-4018-435F-86F1-C70B31D0FF73}\Microsoft\Outlook Express\Deleted Items.dbx Win32/Mytob.CY worm unable to clean
D:\Old Computer Files\old emails\in.mbx JS/Kak worm unable to clean




All during the scans, the network was up and running and there were no Tidserv Requests. Looks like you nipped that in the bud.

Bravo!

So, what else can I do to resolve the ESET scan results?

Your help is greatly appreciated.

thumbup.gif



#15 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:59 PM

Posted 03 June 2010 - 06:24 PM

You a certainly welcome.

We are going to make a folder and move some e-mails to a folder outside Outlook.
  • Go to start > My Documents > Under File menu select New -> Folder.
  • Name the folder something like My emails.
  • Open the folder you just made, then open Outlook and adjust the size of their window so that they can be side by side and you can see both of them.
  • Open Inbox. Select all the emails inside it and drag them to the new folder.
  • Do the same with the D:\ drive detection
  • Close Outlook and the folder you have made.
  • Now please run the online scanner once more and post the log.

Thanks,
~ t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users