Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Nasty Rootkit won't let me run dds,gmer


  • This topic is locked This topic is locked
24 replies to this topic

#1 R00t_revealer

R00t_revealer

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 30 July 2011 - 05:13 AM

Only thing I can post here is this initial log when gmer opens when I attempt to run gmer or dds scan computer hangs and I have to reset it.


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-07-30 15:45:56
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-3 ST3802110A rev.3.AAJ
Running: iexplorer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kxadqaod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xEE786BF2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xEE786A5D]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xEE7DE398]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\System32\alg.exe? (*** hidden *** ) [MANUAL] ALG <-- ROOTKIT !!!
Service C:\WINDOWS\system32\cisvc.exe? (*** hidden *** ) [MANUAL] CiSvc <-- ROOTKIT !!!
Service C:\WINDOWS\system32\clipsrv.exe? (*** hidden *** ) [MANUAL] ClipSrv <-- ROOTKIT !!!
Service C:\WINDOWS\system32\imapi.exe? (*** hidden *** ) [MANUAL] ImapiService <-- ROOTKIT !!!
Service C:\WINDOWS\system32\lsass.exe? (*** hidden *** ) [AUTO] PolicyAgent <-- ROOTKIT !!!
Service C:\WINDOWS\system32\lsass.exe? (*** hidden *** ) [AUTO] ProtectedStorage <-- ROOTKIT !!!
Service C:\WINDOWS\system32\spoolsv.exe? (*** hidden *** ) [AUTO] Spooler <-- ROOTKIT !!!
Service C:\WINDOWS\System32\ups.exe? (*** hidden *** ) [MANUAL] UPS <-- ROOTKIT !!!

---- EOF - GMER 1.0.15 ----

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:49 AM

Posted 07 August 2011 - 10:53 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


The first thing I would like you to do is run this for me - http://download.bleepingcomputer.com/grinler/unhide.exe after it is complete restart the computer and continue with these steps


Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in

    %TEMP%\smtmp\*.* /s

  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTListIt.txt in your next reply.


information and logs:

  • In your next post I need the following

  • .logs from OTL
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 R00t_revealer

R00t_revealer
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 08 August 2011 - 10:31 AM

Thanks for the reply :) . Isn't this unhide.exe thingy supposed to show some sort of notification like "Done" or "Finished" when it finishes?? Because I did't not get one.Should I proceed with the OTL Scan anyway??

#4 R00t_revealer

R00t_revealer
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 08 August 2011 - 11:09 AM

When I turn off computer the normal way it stalls in a wired way i.e Monitor signal goes off yet computer does not completely turn itself off. I have to shut it down by long pressing the power button for 5 seconds oh!! and about that unhide.exe thingy since it did not say anything for long time I figured I should go ahead and run the OTL.exe. :wink: .Here is the OLT log you asked for.

OTL logfile created on: 8/8/2011 9:15:43 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1021.80 Mb Total Physical Memory | 661.37 Mb Available Physical Memory | 64.73% Memory free
2.41 Gb Paging File | 2.00 Gb Available in Paging File | 83.03% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.54 Gb Total Space | 7.47 Gb Free Space | 38.25% Space Free | Partition Type: NTFS
Drive D: | 54.99 Gb Total Space | 8.39 Gb Free Space | 15.26% Space Free | Partition Type: NTFS
Drive G: | 3.48 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: HOME-0B20EBB6CA | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe (Bitdefender)
PRC - C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe (Bitdefender)
PRC - C:\Program Files\Bitdefender\Bitdefender 2012\pchooklaunch32.exe (Bitdefender)
PRC - C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe (Bitdefender)
PRC - C:\Program Files\Bitdefender\Bitdefender 2012\downloader.exe (BitDefender)
PRC - C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
PRC - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\Unlocker\UnlockerAssistant.exe ()
PRC - C:\Program Files\Internet Download Manager\IEMonitor.exe (Tonec Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Bitdefender\Bitdefender 2012\pchook32.dll (Bitdefender)
MOD - C:\Program Files\Bitdefender\Bitdefender 2012\Active Virus Control\Avc3_00044_006\avcuf32.dll (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Program Files\Internet Download Manager\idmmkb.dll (Tonec Inc.)
MOD - C:\WINDOWS\system32\msvcr100.dll (Microsoft Corporation)
MOD - C:\Program Files\Unlocker\UnlockerHook.dll ()
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (wuauserv) -- File not found
SRV - (SDZO) -- File not found
SRV - (LWKXRGYDMSSCLN) -- File not found
SRV - (674AFFE5) -- File not found
SRV - (vsserv) -- C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe (Bitdefender)
SRV - (UPDATESRV) -- C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe (Bitdefender)
SRV - (Update Server) -- C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe (BitDefender)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (NetSvc) -- c:\Program Files\Intel\NCS\Sync\NetSvc.exe (Intel® Corporation)


========== Driver Services (SafeList) ==========

DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (trufos) -- C:\WINDOWS\system32\drivers\trufos.sys (BitDefender S.R.L.)
DRV - (bdselfpr) -- C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys (BitDefender LLC)
DRV - (avckf) -- C:\WINDOWS\system32\drivers\avckf.sys (BitDefender)
DRV - (avc3) -- C:\WINDOWS\system32\DRIVERS\avc3.sys (BitDefender)
DRV - (avchv) -- C:\WINDOWS\system32\drivers\avchv.sys (BitDefender)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (bdsandbox) -- C:\WINDOWS\system32\drivers\bdsandbox.sys (Windows ® Win 7 DDK provider)
DRV - (SAVRKBootTasks) -- C:\WINDOWS\system32\SAVRKBootTasks.sys (Sophos Group)
DRV - (IDMTDI) -- C:\WINDOWS\system32\drivers\idmtdi.sys (Tonec Inc.)
DRV - (bdfsfltr) -- C:\WINDOWS\system32\DRIVERS\bdfsfltr.sys (BitDefender)
DRV - (Bdfndisf) -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf.sys (BitDefender LLC)
DRV - (bdftdif) -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdftdif.sys (BitDefender LLC)
DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (1UnHooker) -- C:\WINDOWS\system32\drivers\1UnHooker.sys ()
DRV - (ISODrive) -- C:\Program Files\UltraISO\drivers\ISODrive.sys (EZB Systems, Inc.)
DRV - (BDVEDISK) -- C:\WINDOWS\system32\drivers\bdvedisk.sys (BitDefender)
DRV - (arusb(TP-LINK)) Atheros Wireless Network Adapter Service(TP-LINK) -- C:\WINDOWS\system32\drivers\arusb.sys (Atheros Communications, Inc.)
DRV - (AVG Anti-Rootkit) -- C:\WINDOWS\System32\DRIVERS\avgarkt.sys (GRISOFT, s.r.o.)
DRV - (AvgArCln) -- C:\WINDOWS\system32\drivers\AvgArCln.sys (GRISOFT, s.r.o.)
DRV - (BlackBox) -- C:\WINDOWS\System32\blackbox.dll (Microsoft Corporation)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1957994488-1677128483-1644491937-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1957994488-1677128483-1644491937-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com"

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/14 12:04:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\Bitdefender\Bitdefender 2012\bdtbext\ [2011/07/31 09:09:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Documents and Settings\Administrator\Application Data\IDM\idmmzcc3 [2011/08/08 20:38:07 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Documents and Settings\Administrator\Application Data\IDM\idmmzcc3 [2011/08/08 20:38:07 | 000,000,000 | ---D | M]

[2010/07/13 13:41:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/07/13 13:41:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cpwxri4c.default\extensions
[2011/04/13 15:43:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/14 12:04:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
[2011/08/08 20:38:07 | 000,000,000 | ---D | M] (IDM CC) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\IDM\IDMMZCC3
[2011/04/14 12:04:07 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/03/18 23:38:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 13:45:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2010/07/13 10:12:40 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O4 - HKLM..\Run: [BDAgent] C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe (Bitdefender)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKU\S-1-5-21-1957994488-1677128483-1644491937-500..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKU\S-1-5-21-1957994488-1677128483-1644491937-500..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\AutorunsDisabled [2011/06/04 09:46:57 | 000,000,000 | -H-D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1957994488-1677128483-1644491937-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1957994488-1677128483-1644491937-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1957994488-1677128483-1644491937-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1957994488-1677128483-1644491937-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.5.5
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/06/29 22:35:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/10/15 09:58:59 | 000,000,000 | ---D | M] - D:\AutoHotkey -- [ NTFS ]
O32 - AutoRun File - [2009/06/11 12:29:56 | 000,000,043 | R--- | M] () - G:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/08 21:13:39 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/08/06 20:38:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\New Folder (3)
[2011/08/04 21:58:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\New Folder
[2011/08/04 18:46:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\IDM
[2011/08/04 18:46:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\DMCache
[2011/08/04 18:46:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Internet Download Manager
[2011/08/04 18:46:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Download Manager
[2011/08/04 18:46:09 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Download Manager
[2011/08/04 18:36:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinPcap
[2011/08/04 18:36:28 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap
[2011/08/04 18:35:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Cain
[2011/08/04 18:35:50 | 000,000,000 | ---D | C] -- C:\Program Files\Cain
[2011/08/03 21:11:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\FRAME
[2011/07/31 09:10:22 | 000,016,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsgXP_2k3.dll
[2011/07/31 09:09:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Bitdefender 2012
[2011/07/31 09:09:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Bitdefender
[2011/07/31 09:09:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Bitdefender
[2011/07/31 09:02:50 | 000,353,096 | ---- | C] (BitDefender) -- C:\WINDOWS\System32\drivers\bdfsfltr.sys
[2011/07/31 09:02:50 | 000,311,248 | ---- | C] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\trufos.sys
[2011/07/31 08:57:08 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender
[2011/07/31 08:55:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\QuickScan
[2011/07/31 08:44:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender
[2011/07/30 22:49:35 | 000,018,816 | ---- | C] (Sophos Group) -- C:\WINDOWS\System32\SAVRKBootTasks.sys
[2011/07/30 22:22:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sophos
[2011/07/30 22:22:33 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2011/07/30 22:16:44 | 001,137,360 | ---- | C] (F-Secure Corporation) -- C:\Documents and Settings\Administrator\Desktop\fsbl.exe
[2011/07/30 21:55:54 | 000,000,000 | ---D | C] -- C:\Program Files\Tizerô Rootkit Razor
[2011/07/30 21:55:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Tizerô Rootkit Razor
[2011/07/30 21:46:54 | 000,190,032 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2011/07/30 21:46:54 | 000,056,400 | ---- | C] (trend_company_name) -- C:\WINDOWS\System32\drivers\tmrkb.sys
[2011/07/30 21:35:30 | 000,864,120 | ---- | C] (ALWIL Software) -- C:\Documents and Settings\Administrator\Desktop\aswar.exe
[2011/07/30 21:20:41 | 000,003,968 | ---- | C] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\drivers\AvgArCln.sys
[2011/07/30 21:20:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG Anti-Rootkit Free
[2011/07/30 21:20:40 | 000,000,000 | ---D | C] -- C:\Program Files\GRISOFT
[2011/07/30 19:36:04 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/07/30 17:28:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/07/30 17:28:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
[2011/07/30 17:28:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/07/30 17:28:29 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/07/30 15:43:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/07/30 11:50:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\gmer
[2011/07/30 10:38:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2011/07/30 10:38:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/07/30 10:38:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/07/30 10:25:21 | 001,915,904 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Administrator\Desktop\aswMBR.exe
[2011/07/27 20:46:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Administrative Tools
[2011/07/25 23:02:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\New Folder (2)
[2011/07/15 16:11:48 | 000,451,864 | ---- | C] (BitDefender) -- C:\WINDOWS\System32\drivers\avckf.sys
[2011/07/15 16:11:46 | 000,596,600 | ---- | C] (BitDefender) -- C:\WINDOWS\System32\drivers\avc3.sys
[2011/07/15 16:11:46 | 000,240,184 | ---- | C] (BitDefender) -- C:\WINDOWS\System32\drivers\avchv.sys
[2011/07/11 20:44:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\office

========== Files - Modified Within 30 Days ==========

[2011/08/08 21:15:42 | 000,000,303 | ---- | M] () -- C:\WINDOWS\System32\checkdnsid.xml
[2011/08/08 21:13:24 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/08/08 20:59:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/08 20:37:31 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/04 18:36:32 | 000,000,073 | ---- | M] () -- C:\WINDOWS\System32\-1
[2011/08/04 18:35:53 | 000,001,486 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Cain.lnk
[2011/08/04 17:10:26 | 000,000,376 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Dataprivacy.xml
[2011/08/04 14:38:22 | 001,872,896 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Nepali Typing.pmd
[2011/08/03 20:48:48 | 000,000,385 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Datauser_gensett.xml
[2011/08/03 17:03:10 | 000,037,835 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Scan10080.jpg
[2011/07/31 10:14:11 | 000,000,385 | ---- | M] () -- C:\WINDOWS\System32\user_gensett.xml
[2011/07/31 09:16:57 | 000,000,261 | -H-- | M] () -- C:\bdr-conf
[2011/07/31 09:11:44 | 000,227,027 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1312082266.bdinstall.bin
[2011/07/31 09:10:28 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_avchv_01009.Wdf
[2011/07/31 09:10:27 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2011/07/31 09:09:49 | 000,001,863 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Bitdefender Internet Security 2012.lnk
[2011/07/31 08:58:52 | 000,015,595 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1312082028.bdinstall.bin
[2011/07/31 08:57:08 | 000,150,660 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1312081392.bdinstall.bin
[2011/07/31 08:45:32 | 000,006,652 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1312081185.3860.bin
[2011/07/31 08:45:16 | 000,004,412 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1312081185.3824.bin
[2011/07/31 08:45:16 | 000,001,294 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1312081185.3868.bin
[2011/07/31 08:45:15 | 000,000,507 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1312081185.3864.bin
[2011/07/31 08:45:12 | 000,001,723 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1312081185.3828.bin
[2011/07/31 08:44:57 | 000,029,496 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1312081185.3816.bin
[2011/07/31 08:44:50 | 000,002,931 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1312081185.3844.bin
[2011/07/31 08:44:50 | 000,001,890 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1312081185.3840.bin
[2011/07/31 08:43:21 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/07/31 08:32:50 | 237,197,296 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\bitdefender_is_2012_32b.exe
[2011/07/30 22:37:53 | 000,000,051 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011/07/30 22:17:59 | 001,137,360 | ---- | M] (F-Secure Corporation) -- C:\Documents and Settings\Administrator\Desktop\fsbl.exe
[2011/07/30 21:55:55 | 000,000,838 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Tizerô Rootkit Razor.lnk
[2011/07/30 21:55:55 | 000,000,806 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Tizerô Rootkit Razor.lnk
[2011/07/30 21:46:54 | 000,190,032 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2011/07/30 21:46:54 | 000,056,400 | ---- | M] (trend_company_name) -- C:\WINDOWS\System32\drivers\tmrkb.sys
[2011/07/30 21:34:21 | 000,864,120 | ---- | M] (ALWIL Software) -- C:\Documents and Settings\Administrator\Desktop\aswar.exe
[2011/07/30 21:20:42 | 000,000,828 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Anti-Rootkit Free.lnk
[2011/07/30 17:28:34 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/07/30 15:38:10 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\defogger_reenable
[2011/07/30 11:48:17 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\gmer.zip
[2011/07/30 10:25:08 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Administrator\Desktop\aswMBR.exe
[2011/07/26 21:06:42 | 056,727,728 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\setup_av_free.exe
[2011/07/22 20:20:05 | 000,311,248 | ---- | M] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\trufos.sys
[2011/07/22 13:44:50 | 028,361,439 | -H-- | M] () -- C:\bdrescue.gz
[2011/07/21 21:47:14 | 000,051,712 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/19 21:38:20 | 000,000,739 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/07/16 22:21:04 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\iexplorer.exe
[2011/07/15 16:11:48 | 000,451,864 | ---- | M] (BitDefender) -- C:\WINDOWS\System32\drivers\avckf.sys
[2011/07/15 16:11:46 | 000,596,600 | ---- | M] (BitDefender) -- C:\WINDOWS\System32\drivers\avc3.sys
[2011/07/15 16:11:46 | 000,240,184 | ---- | M] (BitDefender) -- C:\WINDOWS\System32\drivers\avchv.sys

========== Files Created - No Company Name ==========

[2011/08/05 09:14:46 | 001,872,896 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Nepali Typing.pmd
[2011/08/04 18:36:30 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\-1
[2011/08/04 18:35:53 | 000,001,486 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Cain.lnk
[2011/08/03 21:11:26 | 013,247,188 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Frame.tif
[2011/08/03 20:58:43 | 000,037,835 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Scan10080.jpg
[2011/08/03 20:48:48 | 000,000,385 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Datauser_gensett.xml
[2011/07/31 10:28:46 | 000,000,303 | ---- | C] () -- C:\WINDOWS\System32\checkdnsid.xml
[2011/07/31 10:14:14 | 000,000,376 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Dataprivacy.xml
[2011/07/31 10:14:11 | 000,000,385 | ---- | C] () -- C:\WINDOWS\System32\user_gensett.xml
[2011/07/31 09:16:57 | 000,000,327 | RHS- | C] () -- C:\boot.ini
[2011/07/31 09:16:57 | 000,000,261 | -H-- | C] () -- C:\bdr-conf
[2011/07/31 09:16:56 | 028,361,439 | -H-- | C] () -- C:\bdrescue.gz
[2011/07/31 09:16:56 | 002,294,848 | -H-- | C] () -- C:\bdrescue.vm
[2011/07/31 09:16:56 | 000,217,769 | -H-- | C] () -- C:\bdrescue
[2011/07/31 09:11:44 | 000,227,027 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1312082266.bdinstall.bin
[2011/07/31 09:10:28 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_avchv_01009.Wdf
[2011/07/31 09:10:27 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2011/07/31 09:09:49 | 000,001,863 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Bitdefender Internet Security 2012.lnk
[2011/07/31 08:58:52 | 000,015,595 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1312082028.bdinstall.bin
[2011/07/31 08:57:08 | 000,150,660 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1312081392.bdinstall.bin
[2011/07/31 08:44:49 | 000,006,652 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1312081185.3860.bin
[2011/07/31 08:44:49 | 000,001,294 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1312081185.3868.bin
[2011/07/31 08:44:49 | 000,000,507 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1312081185.3864.bin
[2011/07/31 08:44:48 | 000,002,931 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1312081185.3844.bin
[2011/07/31 08:44:48 | 000,001,890 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1312081185.3840.bin
[2011/07/31 08:44:46 | 000,004,412 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1312081185.3824.bin
[2011/07/31 08:44:46 | 000,001,723 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1312081185.3828.bin
[2011/07/31 08:44:45 | 000,029,496 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1312081185.3816.bin
[2011/07/31 08:41:57 | 237,197,296 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\bitdefender_is_2012_32b.exe
[2011/07/30 22:37:53 | 000,000,051 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/07/30 21:55:55 | 000,000,838 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Tizerô Rootkit Razor.lnk
[2011/07/30 21:55:55 | 000,000,806 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Tizerô Rootkit Razor.lnk
[2011/07/30 21:20:42 | 000,000,828 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Anti-Rootkit Free.lnk
[2011/07/30 17:28:34 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/07/30 15:42:18 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\iexplorer.exe
[2011/07/30 15:38:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\defogger_reenable
[2011/07/30 11:48:05 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\gmer.zip
[2011/07/27 20:47:37 | 056,727,728 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\setup_av_free.exe
[2011/07/19 21:38:20 | 000,000,739 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/07/02 11:19:13 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2011/06/04 10:02:05 | 000,000,059 | ---- | C] () -- C:\WINDOWS\BCW5.INI
[2010/07/13 13:41:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/06/30 04:09:04 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/06/30 04:07:48 | 000,248,696 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/29 23:36:39 | 000,051,712 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/29 23:16:04 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/06/29 22:57:17 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2010/06/29 22:56:39 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2010/06/29 22:38:42 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/06/29 22:31:53 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/06/25 22:48:12 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2010/03/02 22:15:52 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\1UnHooker.sys
[2008/04/14 17:45:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 17:45:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 17:45:00 | 000,314,838 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 17:45:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 17:45:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 17:45:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 17:45:00 | 000,041,040 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 17:45:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 17:45:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 17:45:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 17:45:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 17:45:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 20:50:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/10/07 18:15:36 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== Custom Scans ==========


< %TEMP%\smtmp\*.* /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 16 bytes -> C:\Documents and Settings\Administrator\Desktop\OTL.exe:BDU

< End of report >

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:49 AM

Posted 08 August 2011 - 06:50 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 R00t_revealer

R00t_revealer
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 09 August 2011 - 06:57 AM

Combofix won't run. System freezes when combofix reaches "Combofix is scanning for infected files .............." stage. I had to kill the system.

and computer has not improved a bit I mean still slow as hell.

Edited by R00t_revealer, 09 August 2011 - 06:58 AM.


#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:49 AM

Posted 09 August 2011 - 08:25 AM

Hello


I want you to run combofix like this



  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
ComboFix /nombr
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 R00t_revealer

R00t_revealer
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 09 August 2011 - 11:10 AM

After following your instruction Combofix ran. Here is the log.


ComboFix 11-08-09.02 - Administrator 08/09/2011 21:41:33.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.727 [GMT 5.75:45]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: /nombr
AV: Bitdefender Antivirus *Disabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: Bitdefender Firewall *Disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\All Users\Application Data\1312082028.bdinstall.bin
.
.
((((((((((((((((((((((((( Files Created from 2011-07-09 to 2011-08-09 )))))))))))))))))))))))))))))))
.
.
2011-08-09 11:04 . 2011-08-09 11:04 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2011-08-04 13:01 . 2011-08-09 15:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\DMCache
2011-08-04 13:01 . 2011-08-08 15:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\IDM
2011-08-04 13:01 . 2011-08-04 13:01 -------- d-----w- c:\program files\Internet Download Manager
2011-08-04 12:51 . 2011-08-04 12:51 -------- d-----w- c:\program files\WinPcap
2011-08-04 12:50 . 2011-08-04 13:12 -------- d-----w- c:\program files\Cain
2011-07-31 03:26 . 2011-07-31 03:26 227027 ----a-w- c:\documents and settings\All Users\Application Data\1312082266.bdinstall.bin
2011-07-31 03:25 . 2008-11-07 13:10 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2011-07-31 03:24 . 2011-07-31 03:24 -------- d-----w- c:\documents and settings\Administrator\Application Data\Bitdefender
2011-07-31 03:24 . 2011-07-31 03:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Bitdefender
2011-07-31 03:17 . 2011-07-22 14:35 311248 ------w- c:\windows\system32\drivers\trufos.sys
2011-07-30 17:04 . 2011-05-12 08:20 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys
2011-07-30 16:37 . 2011-07-30 16:37 -------- d-----w- c:\program files\Sophos
2011-07-30 16:10 . 2011-07-30 16:10 -------- d-----w- c:\program files\Tizerô Rootkit Razor
2011-07-30 16:01 . 2011-07-30 16:01 56400 ----a-w- c:\windows\system32\drivers\tmrkb.sys
2011-07-30 16:01 . 2011-07-30 16:01 190032 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-07-30 15:35 . 2007-01-18 12:00 3968 ------w- c:\windows\system32\drivers\AvgArCln.sys
2011-07-30 13:51 . 2011-07-30 13:51 -------- d-----w- c:\program files\ESET
2011-07-30 11:43 . 2011-07-30 11:43 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-07-30 11:43 . 2011-07-30 11:43 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2011-07-30 11:43 . 2011-08-09 10:08 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-07-30 04:53 . 2011-07-30 04:53 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2011-07-30 04:53 . 2011-07-30 04:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-07-30 04:53 . 2011-07-31 03:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-30 04:36 . 2011-08-07 14:24 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-07-15 10:26 . 2011-07-15 10:26 451864 ------w- c:\windows\system32\drivers\avckf.sys
2011-07-15 10:26 . 2011-07-15 10:26 596600 ------w- c:\windows\system32\drivers\avc3.sys
2011-07-15 10:26 . 2011-07-15 10:26 240184 ------w- c:\windows\system32\drivers\avchv.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-08 16:47 . 2011-06-17 14:09 62544 ----a-w- c:\windows\system32\drivers\bdsandbox.sys
2011-03-18 17:53 . 2011-04-13 09:42 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-05-05 15:11 108904 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-07-27 2424192]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2011-05-05 3298712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-01-11 577536]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"BDAgent"="c:\program files\Bitdefender\Bitdefender 2012\bdagent.exe" [2011-07-22 1188248]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\AutorunsDisabled
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-08 113024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
.
R0 avc3;avc3;c:\windows\system32\drivers\avc3.sys [7/15/2011 4:11 PM 596600]
R1 1UnHooker;1UnHooker;c:\windows\system32\drivers\1UnHooker.sys [3/2/2010 10:15 PM 22016]
R1 BDVEDISK;BDVEDISK;c:\windows\system32\drivers\bdvedisk.sys [1/19/2010 7:32 PM 85128]
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [5/5/2011 9:13 PM 100592]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [7/13/2011 3:40 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/13/2011 3:40 AM 67664]
R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [7/30/2011 10:49 PM 18816]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [6/25/2010 10:52 PM 35088]
R2 UPDATESRV;BitDefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2012\updatesrv.exe [7/22/2011 12:47 PM 50128]
R3 avchv;avchv Function Driver;c:\windows\system32\drivers\avchv.sys [7/15/2011 4:11 PM 240184]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf.sys [3/1/2011 5:45 PM 113232]
S3 arusb(TP-LINK);Atheros Wireless Network Adapter Service(TP-LINK);c:\windows\system32\drivers\arusb.sys [10/25/2010 1:55 PM 458240]
S3 aswArKrn;aswArKrn;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\aswArKrn.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\aswArKrn.sys [?]
S3 avckf;avckf;c:\windows\system32\drivers\avckf.sys [7/15/2011 4:11 PM 451864]
S3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys [6/17/2011 7:54 PM 62544]
S3 BlackBox;BlackBox SR2; [x]
S3 LWKXRGYDMSSCLN;LWKXRGYDMSSCLN;c:\docume~1\ADMINI~1\LOCALS~1\Temp\LWKXRGYDMSSCLN.exe --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\LWKXRGYDMSSCLN.exe [?]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\15.tmp --> c:\windows\system32\15.tmp [?]
S3 rkhdrv40;Rootkit Unhooker Driver; [x]
S3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe [7/22/2011 12:22 PM 307544]
S4 674AFFE5;674AFFE5;c:\windows\system32\674AFFE5.exe --> c:\windows\system32\674AFFE5.exe [?]
S4 SDZO;SDZO;c:\docume~1\ADMINI~1\LOCALS~1\Temp\SDZO.exe --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\SDZO.exe [?]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.5.5
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cpwxri4c.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-09 21:47
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\15.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1957994488-1677128483-1644491937-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,77,c0,af,bf,7e,fa,14,46,bb,d7,75,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,77,c0,af,bf,7e,fa,14,46,bb,d7,75,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):be,cf,78,89,34,c4,fe,9a,d8,df,85,77,38,be,c9,36,7e,f9,a5,f0,69,
90,95,8d,0f,56,31,76,ab,bf,c2,94,13,18,76,e6,7a,37,f4,14,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{62f04e11-4ebf-4ec7-9e85-5c9ddc07d8cd}]
@Denied: (Full) (Everyone)
"Model"=dword:000000dc
"Therad"=dword:00000006
.
Completion time: 2011-08-09 21:50:09
ComboFix-quarantined-files.txt 2011-08-09 16:05
.
Pre-Run: 7,798,775,808 bytes free
Post-Run: 7,803,400,192 bytes free
.
- - End Of File - - DDF11282F5F5E2AAA99401D9A22EA56F

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:49 AM

Posted 09 August 2011 - 11:26 AM

Hello

I want you to run this custem OTL script for me and then let me know how things are after you finish.

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    SRV - (wuauserv) -- File not found
    SRV - (SDZO) -- File not found 
    SRV - (674AFFE5) -- File not found  
    SRV - (LWKXRGYDMSSCLN) -- File not found  
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY] 
    [EMPTYTEMP]
    [EMPTYFLASH]
    [RESETHOSTS] 
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 R00t_revealer

R00t_revealer
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 09 August 2011 - 12:36 PM

All processes killed
========== OTL ==========
Service wuauserv stopped successfully!
Service wuauserv deleted successfully!
File File not found not found.
Service SDZO stopped successfully!
Service SDZO deleted successfully!
File File not found not found.
Service 674AFFE5 stopped successfully!
Service 674AFFE5 deleted successfully!
File File not found not found.
Service LWKXRGYDMSSCLN stopped successfully!
Service LWKXRGYDMSSCLN deleted successfully!
File File not found not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Administrator\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Administrator\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 459294 bytes
->Temporary Internet Files folder emptied: 327974 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 157624557 bytes
->Google Chrome cache emptied: 119394162 bytes
->Opera cache emptied: 437754 bytes
->Flash cache emptied: 643 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 265.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.26.1 log created on 08092011_231127

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

#11 R00t_revealer

R00t_revealer
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 09 August 2011 - 12:46 PM

Oh internet is a bit more responsive. Computer wasn't leting me use use taskbar for few minutes after restart with busy glass hour sign and it continues to do so.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:49 AM

Posted 09 August 2011 - 06:54 PM

How is it doing now has it improved any


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 R00t_revealer

R00t_revealer
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 09 August 2011 - 11:25 PM

Like I said I can't still access start button and the whole taskbar for a minute or so after starting computer.
Also when downloading something from internet "Internet download manager(IDM)" doesn't seem to be able to do so. I disabled IDM's plugins for browsers then I tried to download combofix from firefox,opera,chrome but only Internet explorer was able to download it for me. That too stalled for a long time only then it continued.

So I feel there is something still there hidden somewhere. Thanks for your help :)

Have we cleaned up

S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\15.tmp --> c:\windows\system32\15.tmp [?]

thing that showed up in combofix log??

Edited by R00t_revealer, 09 August 2011 - 11:40 PM.


#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:49 AM

Posted 10 August 2011 - 12:07 AM

Hello


That is part of sophos antirootkit



I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 R00t_revealer

R00t_revealer
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 10 August 2011 - 10:32 AM

It says no infection found . Just curious as to what was preventing combofix to no without /nombr switch before?


2011/08/10 21:10:50.0312 3452 TDSS rootkit removing tool 2.5.14.0 Aug 5 2011 16:09:29
2011/08/10 21:10:52.0312 3452 ================================================================================
2011/08/10 21:10:52.0312 3452 SystemInfo:
2011/08/10 21:10:52.0312 3452
2011/08/10 21:10:52.0312 3452 OS Version: 5.1.2600 ServicePack: 3.0
2011/08/10 21:10:52.0312 3452 Product type: Workstation
2011/08/10 21:10:52.0312 3452 ComputerName: HOME-0B20EBB6CA
2011/08/10 21:10:52.0312 3452 UserName: Administrator
2011/08/10 21:10:52.0312 3452 Windows directory: C:\WINDOWS
2011/08/10 21:10:52.0312 3452 System windows directory: C:\WINDOWS
2011/08/10 21:10:52.0312 3452 Processor architecture: Intel x86
2011/08/10 21:10:52.0312 3452 Number of processors: 1
2011/08/10 21:10:52.0312 3452 Page size: 0x1000
2011/08/10 21:10:52.0312 3452 Boot type: Normal boot
2011/08/10 21:10:52.0312 3452 ================================================================================
2011/08/10 21:10:54.0640 3452 Initialize success
2011/08/10 21:10:59.0171 3440 ================================================================================
2011/08/10 21:10:59.0171 3440 Scan started
2011/08/10 21:10:59.0171 3440 Mode: Manual;
2011/08/10 21:10:59.0171 3440 ================================================================================
2011/08/10 21:11:00.0671 3440 1UnHooker (d26956eb27d6c4990bc3ddc4cae63ea0) C:\WINDOWS\system32\DRIVERS\1UnHooker.sys
2011/08/10 21:11:01.0109 3440 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/08/10 21:11:01.0234 3440 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/08/10 21:11:01.0437 3440 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/08/10 21:11:01.0578 3440 AFD (322d0e36693d6e24a2398bee62a268cd) C:\WINDOWS\System32\drivers\afd.sys
2011/08/10 21:11:02.0109 3440 ALCXWDM (6d3077c3346de5b13835fb859c69a2ea) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2011/08/10 21:11:02.0703 3440 arusb(TP-LINK) (d8aa72b3760402b4a30925d9778e4688) C:\WINDOWS\system32\DRIVERS\arusb.sys
2011/08/10 21:11:03.0281 3440 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/08/10 21:11:03.0421 3440 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/08/10 21:11:03.0656 3440 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/08/10 21:11:03.0828 3440 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/08/10 21:11:03.0937 3440 avc3 (1496fcd72048309b7320d4894905e1a5) C:\WINDOWS\system32\DRIVERS\avc3.sys
2011/08/10 21:11:04.0140 3440 avchv (2ecd68f363cacc2b1eae7db5130f2a48) C:\WINDOWS\system32\DRIVERS\avchv.sys
2011/08/10 21:11:04.0296 3440 avckf (364d8ecfdd7ece363a6e7fa14d72a48f) C:\WINDOWS\system32\DRIVERS\avckf.sys
2011/08/10 21:11:04.0468 3440 AVG Anti-Rootkit (e8054a423e5d2bdae6062bab6da159c4) C:\WINDOWS\system32\DRIVERS\avgarkt.sys
2011/08/10 21:11:04.0578 3440 AvgArCln (ec08d1625f5c6cf2a57b79eb35186f8c) C:\WINDOWS\system32\DRIVERS\AvgArCln.sys
2011/08/10 21:11:04.0671 3440 Bdfndisf (9d8e6bfdeba64557b2094b7e9bc33af1) C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf.sys
2011/08/10 21:11:04.0890 3440 bdfsfltr (c3e025d46368e3d18085eef26ef6f6a1) C:\WINDOWS\system32\DRIVERS\bdfsfltr.sys
2011/08/10 21:11:05.0031 3440 bdftdif (53bde5c9c7d7fcbbcfbfcca74a33a0a5) C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdftdif.sys
2011/08/10 21:11:05.0218 3440 bdsandbox (390fedb099a80fd2f9380a7986fa7512) C:\WINDOWS\system32\drivers\bdsandbox.sys
2011/08/10 21:11:05.0328 3440 bdselfpr (4923370915435ef3fdb7a7bea7b218b0) C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys
2011/08/10 21:11:05.0500 3440 BDVEDISK (375cd0b9f433465ec6f50d4df44e9448) C:\WINDOWS\system32\DRIVERS\bdvedisk.sys
2011/08/10 21:11:05.0671 3440 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/08/10 21:11:06.0015 3440 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/08/10 21:11:06.0343 3440 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/08/10 21:11:06.0625 3440 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/08/10 21:11:06.0765 3440 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/08/10 21:11:07.0468 3440 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/08/10 21:11:07.0609 3440 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/08/10 21:11:07.0781 3440 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/08/10 21:11:07.0937 3440 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/08/10 21:11:08.0093 3440 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/08/10 21:11:08.0343 3440 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/08/10 21:11:08.0468 3440 E100B (fae8b6b311f898df3d19bc638e980ca5) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/08/10 21:11:08.0671 3440 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/08/10 21:11:09.0093 3440 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/08/10 21:11:09.0390 3440 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/08/10 21:11:09.0531 3440 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/08/10 21:11:09.0640 3440 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/08/10 21:11:09.0781 3440 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/08/10 21:11:09.0875 3440 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/08/10 21:11:09.0984 3440 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/08/10 21:11:10.0156 3440 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/08/10 21:11:10.0421 3440 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/08/10 21:11:10.0765 3440 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/08/10 21:11:10.0890 3440 ialm (44b7d5a4f2bd9fe21aea0bb0bace38c4) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/08/10 21:11:11.0140 3440 IDMTDI (2931f72612a2874ce844a49565b40183) C:\WINDOWS\system32\DRIVERS\idmtdi.sys
2011/08/10 21:11:11.0406 3440 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/08/10 21:11:11.0625 3440 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/08/10 21:11:11.0734 3440 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/08/10 21:11:11.0859 3440 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/08/10 21:11:12.0000 3440 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/08/10 21:11:12.0156 3440 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/08/10 21:11:12.0312 3440 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/08/10 21:11:12.0453 3440 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/08/10 21:11:12.0609 3440 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/08/10 21:11:12.0750 3440 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/08/10 21:11:12.0843 3440 ISODrive (2f03ceb28307983f3b36216d35ffa5aa) C:\Program Files\UltraISO\drivers\ISODrive.sys
2011/08/10 21:11:12.0984 3440 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/08/10 21:11:13.0140 3440 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/08/10 21:11:13.0343 3440 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/08/10 21:11:13.0500 3440 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/08/10 21:11:14.0562 3440 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/08/10 21:11:14.0937 3440 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/08/10 21:11:15.0218 3440 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/08/10 21:11:15.0546 3440 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/08/10 21:11:15.0750 3440 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/08/10 21:11:15.0953 3440 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/08/10 21:11:16.0218 3440 MRxSmb (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/08/10 21:11:17.0203 3440 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/08/10 21:11:17.0484 3440 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/08/10 21:11:17.0671 3440 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/08/10 21:11:17.0843 3440 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/08/10 21:11:17.0968 3440 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/08/10 21:11:18.0109 3440 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/08/10 21:11:18.0328 3440 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/08/10 21:11:18.0453 3440 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/08/10 21:11:18.0593 3440 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/08/10 21:11:18.0718 3440 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/08/10 21:11:18.0875 3440 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/08/10 21:11:19.0015 3440 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/08/10 21:11:19.0171 3440 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/08/10 21:11:19.0375 3440 NPF (b48dc6abcd3aeff8618350ccbdc6b09a) C:\WINDOWS\system32\drivers\npf.sys
2011/08/10 21:11:19.0468 3440 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/08/10 21:11:19.0609 3440 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/08/10 21:11:19.0796 3440 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/08/10 21:11:19.0937 3440 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/08/10 21:11:20.0078 3440 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/08/10 21:11:20.0218 3440 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/08/10 21:11:20.0296 3440 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/08/10 21:11:20.0421 3440 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/08/10 21:11:20.0546 3440 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/08/10 21:11:20.0765 3440 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
2011/08/10 21:11:20.0875 3440 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/08/10 21:11:21.0890 3440 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/08/10 21:11:22.0062 3440 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/08/10 21:11:22.0250 3440 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/08/10 21:11:22.0812 3440 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/08/10 21:11:22.0937 3440 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/08/10 21:11:23.0062 3440 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/08/10 21:11:23.0187 3440 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/08/10 21:11:23.0312 3440 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/08/10 21:11:23.0437 3440 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/08/10 21:11:23.0562 3440 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/08/10 21:11:23.0734 3440 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/08/10 21:11:23.0875 3440 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/08/10 21:11:24.0125 3440 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/08/10 21:11:24.0250 3440 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/08/10 21:11:24.0375 3440 SAVRKBootTasks (e5c587c0668f83e799d1c43bc53e5e37) C:\WINDOWS\system32\SAVRKBootTasks.sys
2011/08/10 21:11:24.0531 3440 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/08/10 21:11:24.0671 3440 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/08/10 21:11:24.0781 3440 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/08/10 21:11:24.0937 3440 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/08/10 21:11:25.0281 3440 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/08/10 21:11:25.0437 3440 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/08/10 21:11:25.0703 3440 Srv (5252605079810904e31c332e241cd59b) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/08/10 21:11:25.0859 3440 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/08/10 21:11:25.0968 3440 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/08/10 21:11:26.0593 3440 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/08/10 21:11:26.0812 3440 Tcpip (93ea8d04ec73a85db02eb8805988f733) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/08/10 21:11:27.0156 3440 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/08/10 21:11:27.0484 3440 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/08/10 21:11:27.0765 3440 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/08/10 21:11:28.0375 3440 trufos (e12ecd623d647d02e21f34356b87e8b0) C:\WINDOWS\system32\DRIVERS\trufos.sys
2011/08/10 21:11:28.0703 3440 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/08/10 21:11:29.0578 3440 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/08/10 21:11:30.0109 3440 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/08/10 21:11:30.0437 3440 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/08/10 21:11:30.0875 3440 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/08/10 21:11:31.0312 3440 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/08/10 21:11:31.0609 3440 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/08/10 21:11:32.0078 3440 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/08/10 21:11:32.0375 3440 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/08/10 21:11:32.0703 3440 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/08/10 21:11:33.0078 3440 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/08/10 21:11:33.0500 3440 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
2011/08/10 21:11:34.0156 3440 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/08/10 21:11:34.0656 3440 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/08/10 21:11:35.0156 3440 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/08/10 21:11:35.0375 3440 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/08/10 21:11:42.0062 3440 Boot (0x1200) (a038be5a5504a2c20c26f5ec7f831183) \Device\Harddisk0\DR0\Partition0
2011/08/10 21:11:42.0109 3440 Boot (0x1200) (b1b2f565cba7d97f3074a5d0b38696e5) \Device\Harddisk0\DR0\Partition1
2011/08/10 21:11:42.0218 3440 ================================================================================
2011/08/10 21:11:42.0218 3440 Scan finished
2011/08/10 21:11:42.0218 3440 ================================================================================
2011/08/10 21:11:42.0281 3504 Detected object count: 0
2011/08/10 21:11:42.0281 3504 Actual detected object count: 0




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users