Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Leftovers from Open Cloud AV?


  • This topic is locked This topic is locked
13 replies to this topic

#1 SeanR

SeanR

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:04:13 AM

Posted 25 October 2011 - 09:46 AM

Hi, I apologize for the length, but I'm not sure how to sum this up well. I have been referred here from the am I infected forum, having been referred there from the Windows XP Forum. I will try to sum up as best as I can. I should also point out that this is my wife's computer so I don't have an in depth knowledge of what led up to the infection.

I have a Dell Mini Inspiron 910 that became infected with Open Cloud AV. I followed the removal guides I found online and had thought I finally got rid of it, but that doesn't seem to be the case. In the process I have now lost the ability to connect to the internet on that computer either on wireless or through network cable. When I pull up the details of the wireless connection it says that the ip is invalid. I cannot connect in to the internet in safe mode either. Unfortunately I am unable to accurately recount every step I took previously. (I have since learned that this was foolish on my part.)

I am using a different computer and an external hard drive (both of which have been scanned extensively to ensure no infections.) to download what is needed and I always save it to the desktop of the new computer before I start working with that downloaded program.

My original post about wireless connection can be found here: http://www.bleepingcomputer.com/forums/topic424108.html
- I have made sure that IE browser>>click tools>>internet options>> Proxy server is not checked and that automatically detect settings is checked.
- I have tried Winsockxpfix without luck
- When I try to renew through ipconfig I get a message saying that the RPC server is unavailable even though it shows as running.

That forum sent me to the Am I infected forum. That post can be found here: http://www.bleepingcomputer.com/forums/topic424137.html/page__p__2446881#entry2446881

- I have installed malwarebytes and superantispyware installed a couple times and they later disappeared. (At the moment they seem to be sticking around.
- I am unable to update malwarebytes to the most current version.
- Both Superantispyware and Malwarebytes (the old database version) have shown viruses.


DDS LOG

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_18
Run by Molly St.Cyr at 9:43:32 on 2011-10-25
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.476 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Battery Meter\BTMeter.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Documents and Settings\Molly St.Cyr\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
.
============== Pseudo HJT Report ===============
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.dell.com
mSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3081203
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Google Update] "c:\documents and settings\molly st.cyr\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [BTMeter] c:\program files\battery meter\BTMeter.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\mollys~1.cyr\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wdsmar~1.lnk - c:\program files\western digital\wd smartware\front parlor\WDSmartWare.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\molly st.cyr\application data\mozilla\firefox\profiles\pmvy2i1n.default\
FF - prefs.js: browser.search.selectedEngine - Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: keyword.URL - hxxp://search.internet-search-results.com/?sid=10101182100&s=
FF - plugin: c:\documents and settings\molly st.cyr\application data\facebook\npfbplugin_1_0_0.dll
FF - plugin: c:\documents and settings\molly st.cyr\application data\facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\molly st.cyr\application data\mozilla\firefox\profiles\pmvy2i1n.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\documents and settings\molly st.cyr\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\molly st.cyr\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Move Media Player: moveplayer@movenetworks.com - %profile%\extensions\moveplayer@movenetworks.com
FF - Ext: Add to Amazon Wish List Button: amznUWL2@amazon.com - %profile%\extensions\amznUWL2@amazon.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
.
---- FIREFOX POLICIES ----
FF - user.js: browser.search.selectedEngine - Search
FF - user.js: browser.search.order.1 - Search
FF - user.js: keyword.URL - hxxp://search.internet-search-results.com/?sid=10101182100&s=
============= SERVICES / DRIVERS ===============
.
R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [2008-12-3 9856]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-10-23 366152]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2009-9-4 98304]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-12-3 93968]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-10-23 22216]
R3 OA004Afx;Provides a software interface to control audio effects of OA004 camera.;c:\windows\system32\drivers\OA004Afx.sys [2008-12-3 148056]
R3 OA004Ufd;Creative Camera OA004 Upper Filter Driver;c:\windows\system32\drivers\OA004Ufd.sys [2008-12-3 144672]
R3 OA004Vid;Creative Camera OA004 Function Driver;c:\windows\system32\drivers\OA004Vid.sys [2008-12-3 269760]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2010-9-14 42752]
S3 TrueSight;TrueSight;c:\windows\system32\drivers\TrueSight.sys [2011-10-13 111744]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
.
=============== Created Last 30 ================
.
2011-10-24 20:49:22 -------- dc----w- c:\program files\SUPERAntiSpyware
2011-10-24 20:34:21 118784 -c--a-w- c:\windows\system32\MSSTDFMT.DLL
2011-10-24 20:34:21 1071088 -c--a-w- c:\windows\system32\MSCOMCTL.OCX
2011-10-23 20:31:48 22216 -c--a-w- c:\windows\system32\drivers\mbam.sys
2011-10-23 16:37:22 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-22 05:49:57 -------- dc----w- c:\documents and settings\molly st.cyr\application data\SUPERAntiSpyware.com
2011-10-22 05:49:57 -------- dc----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-10-22 05:31:05 -------- dc----w- c:\documents and settings\molly st.cyr\local settings\application data\Threat Expert
2011-10-18 04:29:46 98816 -c--a-w- c:\windows\sed.exe
2011-10-18 04:29:46 518144 -c--a-w- c:\windows\SWREG.exe
2011-10-18 04:29:46 256000 -c--a-w- c:\windows\PEV.exe
2011-10-18 04:29:46 208896 -c--a-w- c:\windows\MBR.exe
2011-10-13 22:43:34 -------- dc----w- c:\documents and settings\all users\application data\AVAST Software
2011-10-13 22:30:25 111744 -c--a-w- c:\windows\system32\drivers\TrueSight.sys
2011-10-09 20:23:11 -------- dc----w- c:\program files\VS Revo Group
2011-10-09 17:53:42 -------- dc----w- c:\documents and settings\molly st.cyr\application data\Malwarebytes
2011-10-09 17:53:28 -------- dc----w- c:\documents and settings\all users\application data\Malwarebytes
2011-10-08 01:55:08 94896 -c--a-w- c:\windows\system32\drivers\52605517.sys
2011-10-08 01:55:00 -------- dc----w- c:\windows\system32\mbbDD3onn4aQHsK
2011-10-07 23:14:50 -------- dc----w- c:\windows\PIF
2011-10-07 22:49:31 -------- dc----w- c:\documents and settings\all users\application data\WSTB
2011-10-07 22:49:29 -------- dc----w- c:\windows\system32\wXXXUCCeIBrzNyA
2011-10-07 22:45:44 -------- dc----w- C:\TDSSKiller_Quarantine
.
==================== Find3M ====================
.
2011-09-09 09:12:13 599040 -c--a-w- c:\windows\system32\crypt32.dll
.
============= FINISH: 9:44:06.26 ===============



GMER


- It may be worth noting that during the first GMER scan I got a box saying that the scan was stopped. I don't think I did anything to cause this, but I cannot guarantee that. (It is a little computer.) When I ran the scan again, I didn't get any notification that the scan was complete, but for approximately half an hour the program didn't show anything being scanned. I do not know if that is how it is supposed to work or not.

I have attached both scans labeled ARK 1 and ARK 2 respectively.

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,658 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:13 AM

Posted 30 October 2011 - 09:50 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/424950 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:13 AM

Posted 30 October 2011 - 09:55 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) ( 511KB ) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Please post the logs for my review.

#4 SeanR

SeanR
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:04:13 AM

Posted 30 October 2011 - 08:47 PM

Hi,
Thank you for your help.

AswMBR Scan


aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-10-30 21:33:36
-----------------------------
21:33:36.187 OS Version: Windows 5.1.2600 Service Pack 3
21:33:36.187 Number of processors: 2 586 0x1C02
21:33:36.187 ComputerName: D32K5JC1 UserName:
21:33:37.562 Initialize success
21:33:57.593 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
21:33:57.593 Disk 0 Vendor: STEC_PATA_8GB D5221-10 Size: 7326MB BusType: 3
21:33:59.703 Disk 0 MBR read successfully
21:33:59.703 Disk 0 MBR scan
21:33:59.703 Disk 0 Windows VISTA default MBR code
21:33:59.812 Disk 0 scanning sectors +15003040
21:34:00.000 Disk 0 scanning C:\WINDOWS\system32\drivers
21:34:20.671 Service scanning
21:34:21.562 Modules scanning
21:35:01.093 Disk 0 trace - called modules:
21:35:01.125 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
21:35:01.125 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86514ab8]
21:35:01.125 3 CLASSPNP.SYS[f75fdfd7] -> nt!IofCallDriver -> \Device\00000068[0x8655a9e8]
21:35:01.140 5 ACPI.sys[f7494620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86515940]
21:35:01.140 Scan finished successfully
21:35:37.109 Disk 0 MBR has been saved successfully to "E:\MBR.dat"
21:35:37.125 The log file has been saved successfully to "E:\aswMBR.txt"

TDSS Killer

21:41:36.0203 3048 TDSS rootkit removing tool 2.6.14.0 Oct 28 2011 11:11:01
21:41:36.0234 3048 ============================================================
21:41:36.0234 3048 Current date / time: 2011/10/30 21:41:36.0234
21:41:36.0234 3048 SystemInfo:
21:41:36.0234 3048
21:41:36.0234 3048 OS Version: 5.1.2600 ServicePack: 3.0
21:41:36.0234 3048 Product type: Workstation
21:41:36.0234 3048 ComputerName: D32K5JC1
21:41:36.0234 3048 UserName: Molly St.Cyr
21:41:36.0234 3048 Windows directory: C:\WINDOWS
21:41:36.0234 3048 System windows directory: C:\WINDOWS
21:41:36.0234 3048 Processor architecture: Intel x86
21:41:36.0234 3048 Number of processors: 2
21:41:36.0234 3048 Page size: 0x1000
21:41:36.0234 3048 Boot type: Normal boot
21:41:36.0234 3048 ============================================================
21:41:39.0687 3048 Initialize success
21:41:42.0796 0528 ============================================================
21:41:42.0796 0528 Scan started
21:41:42.0796 0528 Mode: Manual;
21:41:42.0796 0528 ============================================================
21:41:46.0156 0528 Abiosdsk - ok
21:41:46.0187 0528 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
21:41:46.0187 0528 abp480n5 - ok
21:41:46.0218 0528 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:41:46.0218 0528 ACPI - ok
21:41:46.0234 0528 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
21:41:46.0250 0528 ACPIEC - ok
21:41:46.0265 0528 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
21:41:46.0265 0528 adpu160m - ok
21:41:46.0296 0528 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:41:46.0296 0528 aec - ok
21:41:46.0328 0528 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
21:41:46.0328 0528 agp440 - ok
21:41:46.0343 0528 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
21:41:46.0343 0528 agpCPQ - ok
21:41:46.0359 0528 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
21:41:46.0359 0528 Aha154x - ok
21:41:46.0390 0528 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
21:41:46.0390 0528 aic78u2 - ok
21:41:46.0406 0528 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
21:41:46.0406 0528 aic78xx - ok
21:41:46.0437 0528 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
21:41:46.0437 0528 AliIde - ok
21:41:46.0468 0528 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
21:41:46.0468 0528 alim1541 - ok
21:41:46.0484 0528 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
21:41:46.0484 0528 amdagp - ok
21:41:46.0500 0528 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
21:41:46.0500 0528 amsint - ok
21:41:46.0531 0528 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
21:41:46.0531 0528 asc - ok
21:41:46.0562 0528 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
21:41:46.0562 0528 asc3350p - ok
21:41:46.0578 0528 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
21:41:46.0578 0528 asc3550 - ok
21:41:46.0609 0528 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:41:46.0625 0528 AsyncMac - ok
21:41:46.0640 0528 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:41:46.0640 0528 atapi - ok
21:41:46.0656 0528 Atdisk - ok
21:41:46.0687 0528 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:41:46.0687 0528 Atmarpc - ok
21:41:46.0703 0528 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:41:46.0703 0528 audstub - ok
21:41:46.0781 0528 BCM43XX (9208c78bd9283f79a30252ad954c77a2) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
21:41:46.0812 0528 BCM43XX - ok
21:41:46.0843 0528 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:41:46.0843 0528 Beep - ok
21:41:46.0859 0528 catchme - ok
21:41:46.0875 0528 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
21:41:46.0875 0528 cbidf - ok
21:41:46.0890 0528 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:41:46.0890 0528 cbidf2k - ok
21:41:46.0921 0528 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:41:46.0921 0528 CCDECODE - ok
21:41:46.0937 0528 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
21:41:46.0937 0528 cd20xrnt - ok
21:41:46.0953 0528 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:41:46.0968 0528 Cdaudio - ok
21:41:46.0984 0528 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:41:46.0984 0528 Cdfs - ok
21:41:47.0000 0528 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:41:47.0015 0528 Cdrom - ok
21:41:47.0031 0528 Changer - ok
21:41:47.0062 0528 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
21:41:47.0062 0528 CmBatt - ok
21:41:47.0078 0528 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
21:41:47.0078 0528 CmdIde - ok
21:41:47.0109 0528 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
21:41:47.0109 0528 Compbatt - ok
21:41:47.0140 0528 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
21:41:47.0140 0528 Cpqarray - ok
21:41:47.0171 0528 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
21:41:47.0171 0528 dac2w2k - ok
21:41:47.0187 0528 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
21:41:47.0187 0528 dac960nt - ok
21:41:47.0218 0528 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:41:47.0218 0528 Disk - ok
21:41:47.0265 0528 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
21:41:47.0281 0528 dmboot - ok
21:41:47.0296 0528 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
21:41:47.0312 0528 dmio - ok
21:41:47.0328 0528 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:41:47.0328 0528 dmload - ok
21:41:47.0359 0528 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:41:47.0359 0528 DMusic - ok
21:41:47.0375 0528 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
21:41:47.0390 0528 dpti2o - ok
21:41:47.0406 0528 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:41:47.0406 0528 drmkaud - ok
21:41:47.0421 0528 EMSC (553cff6cf3622de0d7fefdebe72a6395) C:\WINDOWS\system32\DRIVERS\EMSC.SYS
21:41:47.0437 0528 EMSC - ok
21:41:47.0468 0528 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:41:47.0468 0528 Fastfat - ok
21:41:47.0500 0528 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
21:41:47.0500 0528 Fdc - ok
21:41:47.0531 0528 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
21:41:47.0531 0528 Fips - ok
21:41:47.0546 0528 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
21:41:47.0546 0528 Flpydisk - ok
21:41:47.0578 0528 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
21:41:47.0578 0528 FltMgr - ok
21:41:47.0593 0528 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:41:47.0593 0528 Fs_Rec - ok
21:41:47.0625 0528 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:41:47.0625 0528 Ftdisk - ok
21:41:47.0640 0528 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:41:47.0640 0528 Gpc - ok
21:41:47.0671 0528 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:41:47.0671 0528 HDAudBus - ok
21:41:47.0703 0528 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:41:47.0703 0528 hidusb - ok
21:41:47.0734 0528 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
21:41:47.0734 0528 hpn - ok
21:41:47.0765 0528 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:41:47.0765 0528 HTTP - ok
21:41:47.0796 0528 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
21:41:47.0796 0528 i2omgmt - ok
21:41:47.0812 0528 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
21:41:47.0812 0528 i2omp - ok
21:41:47.0828 0528 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:41:47.0843 0528 i8042prt - ok
21:41:47.0953 0528 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
21:41:48.0046 0528 ialm - ok
21:41:48.0093 0528 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:41:48.0093 0528 Imapi - ok
21:41:48.0109 0528 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
21:41:48.0125 0528 ini910u - ok
21:41:48.0343 0528 IntcAzAudAddService (41bb402c2ade27b32439bb765864ab3b) C:\WINDOWS\system32\drivers\RtkHDAud.sys
21:41:48.0515 0528 IntcAzAudAddService - ok
21:41:48.0546 0528 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
21:41:48.0546 0528 IntelIde - ok
21:41:48.0578 0528 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:41:48.0578 0528 intelppm - ok
21:41:48.0593 0528 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
21:41:48.0593 0528 Ip6Fw - ok
21:41:48.0625 0528 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:41:48.0625 0528 IpFilterDriver - ok
21:41:48.0640 0528 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:41:48.0640 0528 IpInIp - ok
21:41:48.0671 0528 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:41:48.0687 0528 IpNat - ok
21:41:48.0703 0528 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:41:48.0718 0528 IPSec - ok
21:41:48.0734 0528 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:41:48.0734 0528 IRENUM - ok
21:41:48.0765 0528 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:41:48.0765 0528 isapnp - ok
21:41:48.0796 0528 JMCR (fa4a5b32cae6074205b26971191efee4) C:\WINDOWS\system32\DRIVERS\jmcr.sys
21:41:48.0796 0528 JMCR - ok
21:41:48.0828 0528 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:41:48.0828 0528 Kbdclass - ok
21:41:48.0843 0528 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:41:48.0843 0528 kbdhid - ok
21:41:48.0875 0528 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:41:48.0890 0528 kmixer - ok
21:41:48.0906 0528 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:41:48.0921 0528 KSecDD - ok
21:41:48.0937 0528 lbrtfdc - ok
21:41:48.0984 0528 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
21:41:48.0984 0528 MBAMProtector - ok
21:41:49.0015 0528 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:41:49.0015 0528 mnmdd - ok
21:41:49.0046 0528 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
21:41:49.0046 0528 Modem - ok
21:41:49.0078 0528 MotDev (e190ed75bcc7928143f8f2af4c34d91d) C:\WINDOWS\system32\DRIVERS\motodrv.sys
21:41:49.0078 0528 MotDev - ok
21:41:49.0109 0528 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:41:49.0109 0528 Mouclass - ok
21:41:49.0125 0528 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:41:49.0140 0528 mouhid - ok
21:41:49.0156 0528 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:41:49.0156 0528 MountMgr - ok
21:41:49.0187 0528 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
21:41:49.0187 0528 mraid35x - ok
21:41:49.0218 0528 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:41:49.0234 0528 MRxDAV - ok
21:41:49.0281 0528 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:41:49.0312 0528 MRxSmb - ok
21:41:49.0343 0528 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:41:49.0343 0528 Msfs - ok
21:41:49.0375 0528 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:41:49.0375 0528 MSKSSRV - ok
21:41:49.0406 0528 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:41:49.0406 0528 MSPCLOCK - ok
21:41:49.0421 0528 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:41:49.0421 0528 MSPQM - ok
21:41:49.0453 0528 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:41:49.0453 0528 mssmbios - ok
21:41:49.0484 0528 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
21:41:49.0484 0528 MSTEE - ok
21:41:49.0515 0528 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
21:41:49.0515 0528 Mup - ok
21:41:49.0562 0528 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:41:49.0562 0528 NABTSFEC - ok
21:41:49.0593 0528 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:41:49.0609 0528 NDIS - ok
21:41:49.0625 0528 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:41:49.0625 0528 NdisIP - ok
21:41:49.0640 0528 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:41:49.0640 0528 NdisTapi - ok
21:41:49.0671 0528 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:41:49.0671 0528 Ndisuio - ok
21:41:49.0687 0528 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:41:49.0687 0528 NdisWan - ok
21:41:49.0718 0528 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
21:41:49.0718 0528 NDProxy - ok
21:41:49.0734 0528 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:41:49.0734 0528 NetBIOS - ok
21:41:49.0765 0528 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:41:49.0765 0528 NetBT - ok
21:41:49.0812 0528 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:41:49.0812 0528 Npfs - ok
21:41:49.0859 0528 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:41:49.0875 0528 Ntfs - ok
21:41:49.0906 0528 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:41:49.0906 0528 Null - ok
21:41:49.0921 0528 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:41:49.0937 0528 NwlnkFlt - ok
21:41:49.0953 0528 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:41:49.0953 0528 NwlnkFwd - ok
21:41:49.0984 0528 OA004Afx (ec528056b89d15755abb624e55949e44) C:\WINDOWS\system32\Drivers\OA004Afx.sys
21:41:49.0984 0528 OA004Afx - ok
21:41:50.0000 0528 OA004Ufd (a015dd2ba6009c8bdd00a6c431302d06) C:\WINDOWS\system32\DRIVERS\OA004Ufd.sys
21:41:50.0015 0528 OA004Ufd - ok
21:41:50.0046 0528 OA004Vid (12a4366ff51befbdf018f654ff8b22b8) C:\WINDOWS\system32\DRIVERS\OA004Vid.sys
21:41:50.0046 0528 OA004Vid - ok
21:41:50.0078 0528 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
21:41:50.0078 0528 Parport - ok
21:41:50.0093 0528 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:41:50.0093 0528 PartMgr - ok
21:41:50.0109 0528 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
21:41:50.0125 0528 ParVdm - ok
21:41:50.0140 0528 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
21:41:50.0140 0528 PCI - ok
21:41:50.0156 0528 PCIDump - ok
21:41:50.0187 0528 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:41:50.0187 0528 PCIIde - ok
21:41:50.0203 0528 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
21:41:50.0218 0528 Pcmcia - ok
21:41:50.0234 0528 PDCOMP - ok
21:41:50.0250 0528 PDFRAME - ok
21:41:50.0265 0528 PDRELI - ok
21:41:50.0281 0528 PDRFRAME - ok
21:41:50.0312 0528 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
21:41:50.0312 0528 perc2 - ok
21:41:50.0328 0528 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
21:41:50.0328 0528 perc2hib - ok
21:41:50.0375 0528 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:41:50.0375 0528 PptpMiniport - ok
21:41:50.0406 0528 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:41:50.0406 0528 PSched - ok
21:41:50.0421 0528 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:41:50.0421 0528 Ptilink - ok
21:41:50.0453 0528 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
21:41:50.0453 0528 ql1080 - ok
21:41:50.0468 0528 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
21:41:50.0468 0528 Ql10wnt - ok
21:41:50.0500 0528 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
21:41:50.0500 0528 ql12160 - ok
21:41:50.0515 0528 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
21:41:50.0515 0528 ql1240 - ok
21:41:50.0546 0528 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
21:41:50.0546 0528 ql1280 - ok
21:41:50.0562 0528 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:41:50.0578 0528 RasAcd - ok
21:41:50.0593 0528 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:41:50.0593 0528 Rasl2tp - ok
21:41:50.0625 0528 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:41:50.0625 0528 RasPppoe - ok
21:41:50.0656 0528 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:41:50.0656 0528 Raspti - ok
21:41:50.0687 0528 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:41:50.0687 0528 Rdbss - ok
21:41:50.0703 0528 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:41:50.0703 0528 RDPCDD - ok
21:41:50.0750 0528 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:41:50.0750 0528 rdpdr - ok
21:41:50.0781 0528 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
21:41:50.0781 0528 RDPWD - ok
21:41:50.0812 0528 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:41:50.0812 0528 redbook - ok
21:41:50.0859 0528 RTLE8023xp (7174f20ad9b7b7878a51ecca03c499c2) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
21:41:50.0859 0528 RTLE8023xp - ok
21:41:50.0875 0528 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
21:41:50.0875 0528 SASDIFSV - ok
21:41:50.0890 0528 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
21:41:50.0890 0528 SASKUTIL - ok
21:41:50.0921 0528 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
21:41:50.0921 0528 sdbus - ok
21:41:50.0937 0528 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:41:50.0937 0528 Secdrv - ok
21:41:50.0968 0528 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
21:41:50.0968 0528 Serial - ok
21:41:51.0000 0528 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:41:51.0000 0528 Sfloppy - ok
21:41:51.0031 0528 Simbad - ok
21:41:51.0046 0528 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
21:41:51.0062 0528 sisagp - ok
21:41:51.0078 0528 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
21:41:51.0078 0528 SLIP - ok
21:41:51.0437 0528 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
21:41:51.0437 0528 Sparrow - ok
21:41:51.0718 0528 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:41:51.0734 0528 splitter - ok
21:41:51.0968 0528 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
21:41:51.0968 0528 sr - ok
21:41:52.0015 0528 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
21:41:52.0031 0528 Srv - ok
21:41:52.0078 0528 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:41:52.0078 0528 streamip - ok
21:41:52.0109 0528 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:41:52.0109 0528 swenum - ok
21:41:52.0140 0528 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:41:52.0140 0528 swmidi - ok
21:41:52.0171 0528 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
21:41:52.0171 0528 symc810 - ok
21:41:52.0203 0528 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
21:41:52.0203 0528 symc8xx - ok
21:41:52.0234 0528 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
21:41:52.0234 0528 sym_hi - ok
21:41:52.0250 0528 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
21:41:52.0265 0528 sym_u3 - ok
21:41:52.0312 0528 SynTP (64a8508b82a62bf661670884d1fd0e13) C:\WINDOWS\system32\DRIVERS\SynTP.sys
21:41:52.0312 0528 SynTP - ok
21:41:52.0343 0528 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:41:52.0343 0528 sysaudio - ok
21:41:52.0390 0528 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:41:52.0390 0528 Tcpip - ok
21:41:52.0421 0528 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:41:52.0421 0528 TDPIPE - ok
21:41:52.0437 0528 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:41:52.0437 0528 TDTCP - ok
21:41:52.0453 0528 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:41:52.0468 0528 TermDD - ok
21:41:52.0500 0528 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
21:41:52.0500 0528 TosIde - ok
21:41:52.0515 0528 TrueSight (4bfab463e1d1f20dfa83a04a9698934d) c:\windows\system32\drivers\TrueSight.sys
21:41:52.0531 0528 TrueSight - ok
21:41:52.0546 0528 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:41:52.0546 0528 Udfs - ok
21:41:52.0578 0528 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
21:41:52.0578 0528 ultra - ok
21:41:52.0609 0528 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:41:52.0625 0528 Update - ok
21:41:52.0656 0528 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:41:52.0656 0528 usbccgp - ok
21:41:52.0687 0528 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:41:52.0687 0528 usbehci - ok
21:41:52.0703 0528 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:41:52.0703 0528 usbhub - ok
21:41:52.0734 0528 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:41:52.0734 0528 usbprint - ok
21:41:52.0750 0528 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:41:52.0750 0528 usbscan - ok
21:41:52.0765 0528 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:41:52.0781 0528 USBSTOR - ok
21:41:52.0796 0528 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:41:52.0796 0528 usbuhci - ok
21:41:52.0828 0528 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
21:41:52.0828 0528 usbvideo - ok
21:41:52.0843 0528 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:41:52.0843 0528 VgaSave - ok
21:41:52.0875 0528 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
21:41:52.0875 0528 viaagp - ok
21:41:52.0890 0528 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
21:41:52.0890 0528 ViaIde - ok
21:41:52.0921 0528 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
21:41:52.0921 0528 VolSnap - ok
21:41:52.0953 0528 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:41:52.0953 0528 Wanarp - ok
21:41:52.0968 0528 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
21:41:52.0968 0528 WDC_SAM - ok
21:41:53.0015 0528 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
21:41:53.0031 0528 Wdf01000 - ok
21:41:53.0046 0528 WDICA - ok
21:41:53.0187 0528 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:41:53.0187 0528 wdmaud - ok
21:41:53.0250 0528 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:41:53.0250 0528 WS2IFSL - ok
21:41:53.0281 0528 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:41:53.0281 0528 WSTCODEC - ok
21:41:53.0312 0528 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
21:41:53.0328 0528 \Device\Harddisk0\DR0 - ok
21:41:53.0343 0528 MBR (0x1B8) (35c6b2fcde68facbefe0a4a7200bae58) \Device\Harddisk1\DR15
21:41:55.0171 0528 \Device\Harddisk1\DR15 - ok
21:41:55.0187 0528 Boot (0x1200) (cd2e87f8e0ad5605f3bfdda37850cd2d) \Device\Harddisk0\DR0\Partition0
21:41:55.0187 0528 \Device\Harddisk0\DR0\Partition0 - ok
21:41:55.0187 0528 Boot (0x1200) (f0ecaf70160c1f3dcf84115ec195652c) \Device\Harddisk1\DR15\Partition0
21:41:55.0203 0528 \Device\Harddisk1\DR15\Partition0 - ok
21:41:55.0203 0528 ============================================================
21:41:55.0203 0528 Scan finished
21:41:55.0203 0528 ============================================================
21:41:55.0218 1796 Detected object count: 0
21:41:55.0218 1796 Actual detected object count: 0

#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:13 AM

Posted 31 October 2011 - 07:58 AM

Try this and see if you can get the Internet Connection back.

Go start > run box and type cmd and hit OK
type
ipconfig /flushdns <-- (The space between g and / is needed)

repeat with
ipconfig /renew

Then hit Enter, type Exit, hit Enter
*/*

Continue if not corrected.
===

Launch Notepad, and copy/paste all the blue instructions below to it.
Save in: Desktop
File Name: fixme.reg
Save as Type: All files
Click: Save

REGEDIT4
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains]


Then, disconnect from the Internet!
Next,
Back on the Desktop, double-click on the fixme.reg file you just saved and click on Yes when asked to merge the information.

Optional if the following programs are in your computer.
Note that since the Domains are deleted SpywareBlaster protection must be re-enabled. Spybot's Immunize feature must be used again, also you have to re-install IE-SpyAd if installed.
===

  • Download OTL to your Desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scan box paste this in

    %SYSTEMDRIVE%\*.exe
    %systemroot%\system32\drivers\*.sys /90
    %systemroot%\*. /mp /s
    c:\$recycle.bin\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    explorer.exe
    svchost.exe
    userinit.exe
    qmgr.dll
    proquota.exe
    kernel32.dll
    ndis.sys
    autochk.exe
    spoolsv.exe
    xmlprov.dll
    ntmssvc.dll
    mswsock.dll
    Beep.SYS
    ntfs.sys
    termsrv.dll
    sfcfiles.dll
    st3shark.sys
    ahcix86.sys
    srsvc.dll
    /md5stop
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
===

Please let me know if the problems persists.

#6 SeanR

SeanR
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:04:13 AM

Posted 31 October 2011 - 10:18 AM

ipconfig /flushdns ran successfully but I still get "The RPC Server is unavailable message" The registry fix also did not reconnect the internet. The computer still seems to be acting weird but isn't clearly infected. For example to run TDSSKiller I downloaded the zip file on to the external drive and made sure that I could unzip it on this computer. But when I plugged the drive in to that computer and then copied the zipped file to the desktop it said there where no files to unzip. This occurred 4 times. Finally, I unzipped TDSSKiller on the hard drive then copied the contents over to the infected computer desktop for it to work.

OTL.TXT

OTL logfile created on: 10/31/2011 11:00:25 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Molly St.Cyr\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.36 Mb Total Physical Memory | 397.44 Mb Available Physical Memory | 39.18% Memory free
1.09 Gb Paging File | 0.51 Gb Available in Paging File | 46.44% Paging File free
Paging file location(s): C:\pagefile.sys 200 200 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 7.12 Gb Total Space | 0.72 Gb Free Space | 10.12% Space Free | Partition Type: NTFS
Drive D: | 121.28 Mb Total Space | 18.17 Mb Free Space | 14.98% Space Free | Partition Type: FAT

Computer Name: D32K5JC1 | User Name: Molly St.Cyr | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Molly St.Cyr\Desktop\OTL (1).exe (OldTimer Tools)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
PRC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
PRC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
PRC - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe (Memeo)
PRC - C:\Program Files\Battery Meter\BTMeter.exe (Dell)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL ()
MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\6e563a58e6fc0117070d5b8fd59e4e1b\System.Management.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\c6b19db2534042d435ede580f92bc75c\Microsoft.VisualBasic.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\70a1400affdc775d7c7398e036359286\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\40893760431f8f0dcce3e18630e45b23\System.Web.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b7e0214a811f81e09041864081139641\System.Runtime.Remoting.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\db2d84e279807592a680ef4135e9fe9a\System.Data.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d00cc387e462e4c3cdcd112b137cac87\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7ed09623172a292eaee51e2e3bcaf784\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\10154dcad2d62f226af2fd4211460a4b\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\77df2cd21a5b85a1605b335aa9ad9d44\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e6c79e1d71b0c9000afd7e5e439b5c54\System.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll ()
MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\Memeo.API.dll ()
MOD - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\sqlite3.dll ()
MOD - C:\WINDOWS\system32\EMSC.DLL ()


========== Win32 Services (SafeList) ==========

SRV - (AppMgmt) -- File not found
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (WDDMService) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
SRV - (WDSmartWareBackgroundService) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe (Memeo)


========== Driver Services (SafeList) ==========

DRV - (TrueSight) -- C:\WINDOWS\system32\drivers\TrueSight.sys ()
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (MotDev) -- C:\WINDOWS\system32\drivers\motodrv.sys (Motorola Inc)
DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (OA004Vid) -- C:\WINDOWS\system32\drivers\OA004Vid.sys (Creative Technology Ltd.)
DRV - (OA004Ufd) -- C:\WINDOWS\system32\drivers\OA004Ufd.sys (Creative Technology Ltd.)
DRV - (OA004Afx) -- C:\WINDOWS\system32\drivers\OA004Afx.sys (Creative Technology Ltd.)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (JMCR) -- C:\WINDOWS\system32\drivers\jmcr.sys (JMicron Technology Corp.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (EMSC) -- C:\WINDOWS\system32\DRIVERS\EMSC.SYS ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3081203
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3081203

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.order.1: "Search"
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071101000055
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: amznUWL2@amazon.com:1.7
FF - prefs.js..keyword.URL: "http://search.internet-search-results.com/?sid=10101182100&s="

FF - user.js..browser.search.selectedEngine: "Search"
FF - user.js..browser.search.order.1: "Search"
FF - user.js..keyword.URL: "http://search.internet-search-results.com/?sid=10101182100&s="

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.0: C:\Documents and Settings\Molly St.Cyr\Application Data\Facebook\npfbplugin_1_0_0.dll ( )
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Documents and Settings\Molly St.Cyr\Application Data\Facebook\npfbplugin_1_0_1.dll ( )
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Molly St.Cyr\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Documents and Settings\Molly St.Cyr\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/07 21:42:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/05 06:42:29 | 000,000,000 | ---D | M]

[2008/12/27 20:39:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Molly St.Cyr\Application Data\Mozilla\Extensions
[2011/10/09 13:23:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Molly St.Cyr\Application Data\Mozilla\Firefox\Profiles\pmvy2i1n.default\extensions
[2011/08/25 20:36:57 | 000,000,000 | ---D | M] (Add to Amazon Wish List Button) -- C:\Documents and Settings\Molly St.Cyr\Application Data\Mozilla\Firefox\Profiles\pmvy2i1n.default\extensions\amznUWL2@amazon.com
[2010/04/11 00:07:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Molly St.Cyr\Application Data\Mozilla\Firefox\Profiles\pmvy2i1n.default\extensions\DivXWebPlayer@divx.com-trash
[2009/02/21 20:35:10 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Documents and Settings\Molly St.Cyr\Application Data\Mozilla\Firefox\Profiles\pmvy2i1n.default\extensions\moveplayer@movenetworks.com
[2011/08/25 20:36:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Molly St.Cyr\Application Data\Mozilla\Firefox\Profiles\pmvy2i1n.default\extensions\staged-xpis
[2011/10/09 13:23:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/09 00:50:08 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/09/15 03:00:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/10/05 09:30:14 | 000,002,223 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\websearch.xml

========== Chrome ==========

CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - Extension: Add to Amazon Wish List = C:\Documents and Settings\Molly St.Cyr\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.4\
CHR - Extension: AT_ChuckAnderson = C:\Documents and Settings\Molly St.Cyr\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gegkoiakifeoejnjkbnnojkkdoegeofp\3\

O1 HOSTS File: ([2011/10/19 00:40:55 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4 - HKLM..\Run: [BTMeter] C:\Program Files\Battery Meter\BTMeter.exe (Dell)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
O4 - Startup: C:\Documents and Settings\Molly St.Cyr\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Molly St.Cyr\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Molly St.Cyr\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 21:45:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/31 10:47:15 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Molly St.Cyr\Desktop\OTL (1).exe
[2011/10/30 21:33:26 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Molly St.Cyr\Desktop\aswMBR.exe
[2011/10/25 09:49:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Molly St.Cyr\Desktop\gmer (2)
[2011/10/25 09:43:26 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Molly St.Cyr\Desktop\dds.scr
[2011/10/24 16:57:35 | 006,723,848 | ---- | C] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Documents and Settings\Molly St.Cyr\Desktop\SASDEFINITIONS (1).EXE
[2011/10/24 16:49:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/10/24 16:49:22 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/10/24 16:48:57 | 012,887,232 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Molly St.Cyr\Desktop\explore.exe
[2011/10/24 16:43:05 | 001,561,392 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Molly St.Cyr\Desktop\iexplore.exe
[2011/10/24 16:41:27 | 003,194,296 | ---- | C] (Javacool Software LLC ) -- C:\Documents and Settings\Molly St.Cyr\Desktop\spywareblastersetup44 (1).exe
[2011/10/24 16:34:21 | 001,071,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCOMCTL.OCX
[2011/10/24 16:34:21 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSSTDFMT.DLL
[2011/10/24 16:30:17 | 003,194,296 | ---- | C] (Javacool Software LLC ) -- C:\Documents and Settings\Molly St.Cyr\Desktop\spywareblastersetup44.exe
[2011/10/24 16:28:25 | 007,682,640 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Molly St.Cyr\Desktop\iexplorer1.exe
[2011/10/24 16:19:37 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Molly St.Cyr\Recent
[2011/10/23 16:31:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/23 16:31:48 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/10/23 12:37:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/10/22 01:49:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Molly St.Cyr\Application Data\SUPERAntiSpyware.com
[2011/10/22 01:49:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/10/22 01:32:05 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/10/22 01:31:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Molly St.Cyr\Local Settings\Application Data\Threat Expert
[2011/10/18 00:29:46 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/10/18 00:29:46 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/10/18 00:29:46 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/10/18 00:29:46 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/10/14 16:03:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/10/13 18:43:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/10/09 16:23:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Molly St.Cyr\Start Menu\Programs\Revo Uninstaller
[2011/10/09 16:23:11 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2011/10/09 15:39:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/10/09 13:53:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Molly St.Cyr\Application Data\Malwarebytes
[2011/10/09 13:53:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/10/09 13:30:00 | 000,138,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\afd.svs
[2011/10/09 13:27:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/10/09 13:27:36 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/09 13:27:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2011/10/09 13:27:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Molly St.Cyr\Start Menu\Programs\Administrative Tools
[2011/10/07 21:55:08 | 000,094,896 | ---- | C] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\52605517.sys
[2011/10/07 21:55:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mbbDD3onn4aQHsK
[2011/10/07 19:14:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\PIF
[2011/10/07 18:49:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WSTB
[2011/10/07 18:49:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wXXXUCCeIBrzNyA
[2011/10/07 18:45:44 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2011/10/05 06:50:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/10/05 06:49:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/10/05 06:48:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe

========== Files - Modified Within 30 Days ==========

[2011/10/31 10:58:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/31 10:58:09 | 1063,702,528 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/31 10:56:48 | 000,000,389 | RHS- | M] () -- C:\boot.ini
[2011/10/31 10:02:24 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Molly St.Cyr\Desktop\OTL (1).exe
[2011/10/31 09:52:08 | 000,000,993 | ---- | M] () -- C:\Documents and Settings\Molly St.Cyr\Desktop\fixme.reg
[2011/10/30 21:40:10 | 001,564,464 | ---- | M] () -- C:\Documents and Settings\Molly St.Cyr\Desktop\TDSSKiller.exe
[2011/10/30 21:39:03 | 001,545,436 | ---- | M] () -- C:\Documents and Settings\Molly St.Cyr\Desktop\tdsskiller (3).zip
[2011/10/30 21:37:09 | 001,545,436 | ---- | M] () -- C:\Documents and Settings\Molly St.Cyr\Desktop\tdsskiller (1).zip
[2011/10/30 21:29:22 | 001,545,436 | ---- | M] () -- C:\Documents and Settings\Molly St.Cyr\Desktop\tdsskiller.zip
[2011/10/30 21:29:12 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Molly St.Cyr\Desktop\aswMBR.exe
[2011/10/25 15:01:04 | 000,015,360 | ---- | M] () -- C:\Documents and Settings\Molly St.Cyr\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/25 09:48:16 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\Molly St.Cyr\Desktop\gmer (2).zip
[2011/10/25 09:46:05 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\Molly St.Cyr\Desktop\gmer (1).zip
[2011/10/25 09:38:59 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Molly St.Cyr\Desktop\dds.scr
[2011/10/24 22:08:28 | 004,758,704 | ---- | M] () -- C:\Documents and Settings\Molly St.Cyr\Desktop\R149798.EXE
[2011/10/24 16:54:31 | 006,723,848 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Documents and Settings\Molly St.Cyr\Desktop\SASDEFINITIONS (1).EXE
[2011/10/24 16:49:36 | 000,001,680 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/10/24 16:46:44 | 012,887,232 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Molly St.Cyr\Desktop\explore.exe
[2011/10/24 16:39:53 | 003,194,296 | ---- | M] (Javacool Software LLC ) -- C:\Documents and Settings\Molly St.Cyr\Desktop\spywareblastersetup44 (1).exe
[2011/10/24 16:22:53 | 003,194,296 | ---- | M] (Javacool Software LLC ) -- C:\Documents and Settings\Molly St.Cyr\Desktop\spywareblastersetup44.exe
[2011/10/24 16:21:40 | 007,682,640 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Molly St.Cyr\Desktop\iexplorer1.exe
[2011/10/24 16:12:40 | 001,561,392 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Molly St.Cyr\Desktop\iexplore.exe
[2011/10/24 15:25:45 | 000,002,048 | ---- | M] () -- C:\Uninstall.dat
[2011/10/23 16:31:55 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/22 01:30:25 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/10/19 00:40:55 | 000,000,736 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/10/14 16:08:48 | 000,111,744 | ---- | M] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2011/10/09 15:35:54 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.bak
[2011/10/09 13:03:43 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/07 21:55:08 | 000,094,896 | ---- | M] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\52605517.sys

========== Files Created - No Company Name ==========

[2011/10/31 10:58:09 | 1063,702,528 | -HS- | C] () -- C:\hiberfil.sys
[2011/10/31 09:54:33 | 000,000,993 | ---- | C] () -- C:\Documents and Settings\Molly St.Cyr\Desktop\fixme.reg
[2011/10/30 21:41:16 | 001,545,436 | ---- | C] () -- C:\Documents and Settings\Molly St.Cyr\Desktop\tdsskiller (3).zip
[2011/10/30 21:40:50 | 001,564,464 | ---- | C] () -- C:\Documents and Settings\Molly St.Cyr\Desktop\TDSSKiller.exe
[2011/10/30 21:38:20 | 001,545,436 | ---- | C] () -- C:\Documents and Settings\Molly St.Cyr\Desktop\tdsskiller (1).zip
[2011/10/30 21:33:26 | 001,545,436 | ---- | C] () -- C:\Documents and Settings\Molly St.Cyr\Desktop\tdsskiller.zip
[2011/10/25 09:49:22 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\Molly St.Cyr\Desktop\gmer (2).zip
[2011/10/25 09:47:08 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\Molly St.Cyr\Desktop\gmer (1).zip
[2011/10/24 22:11:16 | 004,758,704 | ---- | C] () -- C:\Documents and Settings\Molly St.Cyr\Desktop\R149798.EXE
[2011/10/24 16:49:36 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/10/23 16:31:55 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/22 13:28:54 | 000,001,120 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk
[2011/10/22 13:28:54 | 000,001,059 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk
[2011/10/22 13:28:54 | 000,000,866 | ---- | C] () -- C:\Documents and Settings\Molly St.Cyr\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
[2011/10/22 02:08:20 | 000,002,048 | ---- | C] () -- C:\Uninstall.dat
[2011/10/18 00:29:46 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/10/18 00:29:46 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/10/18 00:29:46 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/10/18 00:29:46 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/10/18 00:29:46 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/10/13 18:30:25 | 000,111,744 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2010/02/07 21:04:48 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/12/06 23:47:38 | 000,015,360 | ---- | C] () -- C:\Documents and Settings\Molly St.Cyr\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/28 15:19:24 | 000,002,106 | ---- | C] () -- C:\Documents and Settings\Molly St.Cyr\Application Data\wklnhst.dat
[2008/12/27 20:39:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/12/03 06:39:35 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2008/12/03 06:39:20 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2008/12/03 06:38:03 | 000,001,154 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/12/03 06:01:09 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/12/03 05:27:36 | 000,266,240 | ---- | C] () -- C:\WINDOWS\System32\EMSC.DLL
[2008/12/03 05:27:36 | 000,009,856 | ---- | C] () -- C:\WINDOWS\System32\drivers\EMSC.sys
[2008/04/25 21:47:34 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/04/25 21:44:05 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/04/25 16:33:19 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/25 16:33:18 | 000,443,482 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/25 16:33:18 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/25 16:33:18 | 000,072,582 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/25 16:33:18 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/25 16:33:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/25 16:33:17 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/25 16:33:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2008/04/25 16:33:14 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/25 16:33:14 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/25 16:33:10 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/25 16:33:06 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/25 09:39:19 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/04/25 09:38:33 | 000,187,408 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== LOP Check ==========

[2011/10/22 01:31:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2010/07/26 08:09:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2011/10/24 16:48:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/12/03 05:27:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vista32
[2008/12/03 05:27:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vista64
[2010/01/02 20:13:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2011/10/09 14:03:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WSTB
[2008/12/03 05:58:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\XP32
[2011/02/09 21:48:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Molly St.Cyr\Application Data\Dropbox
[2010/02/01 00:15:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Molly St.Cyr\Application Data\Facebook
[2010/07/12 18:38:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Molly St.Cyr\Application Data\FinalMediaPlayer
[2010/06/19 15:41:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Molly St.Cyr\Application Data\OpenOffice.org
[2008/12/28 15:19:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Molly St.Cyr\Application Data\Template
[2010/01/02 20:13:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Molly St.Cyr\Application Data\Western Digital

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\system32\drivers\*.sys /90 >
[2011/10/07 21:55:08 | 000,094,896 | ---- | M] (Kaspersky Lab, GERT) -- C:\WINDOWS\system32\drivers\52605517.sys
[2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2011/10/14 16:08:48 | 000,111,744 | ---- | M] () -- C:\WINDOWS\system32\drivers\TrueSight.sys

< %systemroot%\*. /mp /s >

< c:\$recycle.bin\*.* /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-09-28 10:08:36


< MD5 for: AGP440.SYS >
[2008/04/14 08:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\I386\sp3.cab:AGP440.sys
[2008/04/14 08:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/14 08:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\AGP440.SYS
[2008/04/14 08:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2008/04/14 08:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\I386\sp3.cab:atapi.sys
[2008/04/14 08:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 08:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/14 08:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008/04/14 08:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\i386\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2008/04/14 08:00:00 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\I386\AUTOCHK.EXE
[2008/04/14 08:00:00 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\system32\autochk.exe

< MD5 for: BEEP.SYS >
[2008/04/14 08:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\ERDNT\cache\beep.sys
[2008/04/14 08:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 08:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/14 08:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe

< MD5 for: KERNEL32.DLL >
[2009/03/21 10:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\ERDNT\cache\kernel32.dll
[2009/03/21 10:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\system32\dllcache\kernel32.dll
[2009/03/21 10:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\system32\kernel32.dll
[2009/03/21 09:59:23 | 000,991,744 | ---- | M] (Microsoft Corporation) MD5=DA11D9D6ECBDF0F93436A4B7C13F7BEC -- C:\WINDOWS\$hf_mig$\KB959426\SP3QFE\kernel32.dll

< MD5 for: MSWSOCK.DLL >
[2008/06/20 12:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=943337D786A56729263071623BBB9DE5 -- C:\WINDOWS\ERDNT\cache\mswsock.dll
[2008/06/20 12:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=943337D786A56729263071623BBB9DE5 -- C:\WINDOWS\SoftwareDistribution\Download\ff0686f2f699fa07ed5ad0848fa3055b\sp3gdr\mswsock.dll
[2008/06/20 12:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=943337D786A56729263071623BBB9DE5 -- C:\WINDOWS\system32\dllcache\mswsock.dll
[2008/06/20 12:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=943337D786A56729263071623BBB9DE5 -- C:\WINDOWS\system32\mswsock.dll
[2008/06/20 13:43:05 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\mswsock.dll
[2008/06/20 13:43:05 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[2008/06/20 13:43:05 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS\SoftwareDistribution\Download\ff0686f2f699fa07ed5ad0848fa3055b\sp3qfe\mswsock.dll

< MD5 for: NDIS.SYS >
[2008/04/14 08:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ERDNT\cache\ndis.sys
[2008/04/14 08:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys

< MD5 for: NETLOGON.DLL >
[2008/04/14 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/14 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: NTFS.SYS >
[2008/04/14 08:00:00 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\I386\NTFS.SYS
[2008/04/14 08:00:00 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\ERDNT\cache\ntfs.sys
[2008/04/14 08:00:00 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\system32\drivers\ntfs.sys

< MD5 for: NTMSSVC.DLL >
[2008/04/14 08:00:00 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\ERDNT\cache\ntmssvc.dll
[2008/04/14 08:00:00 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\system32\ntmssvc.dll

< MD5 for: PROQUOTA.EXE >
[2008/04/14 08:00:00 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\system32\proquota.exe

< MD5 for: QMGR.DLL >
[2008/04/14 08:00:00 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\ERDNT\cache\qmgr.dll
[2008/04/14 08:00:00 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\qmgr.dll

< MD5 for: SCECLI.DLL >
[2008/04/14 08:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/14 08:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SFCFILES.DLL >
[2008/04/14 08:00:00 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\ERDNT\cache\sfcfiles.dll
[2008/04/14 08:00:00 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\system32\sfcfiles.dll

< MD5 for: SPOOLSV.EXE >
[2010/08/17 09:19:36 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=258DD5D4283FD9F9A7166BE9AE45CE73 -- C:\WINDOWS\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[2010/08/17 09:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\ERDNT\cache\spoolsv.exe
[2010/08/17 09:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\system32\dllcache\spoolsv.exe
[2010/08/17 09:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\system32\spoolsv.exe

< MD5 for: SRSVC.DLL >
[2008/04/14 08:00:00 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\ERDNT\cache\srsvc.dll
[2008/04/14 08:00:00 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\system32\srsvc.dll

< MD5 for: SVCHOST.EXE >
[2008/04/14 08:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/14 08:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: TERMSRV.DLL >
[2008/04/14 08:00:00 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\ERDNT\cache\termsrv.dll
[2008/04/14 08:00:00 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\system32\termsrv.dll

< MD5 for: USERINIT.EXE >
[2008/04/14 08:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/14 08:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: XMLPROV.DLL >
[2008/04/14 08:00:00 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\ERDNT\cache\xmlprov.dll
[2008/04/14 08:00:00 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\system32\xmlprov.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

< End of report >

Extras.txt

OTL Extras logfile created on: 10/31/2011 11:00:25 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Molly St.Cyr\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.36 Mb Total Physical Memory | 397.44 Mb Available Physical Memory | 39.18% Memory free
1.09 Gb Paging File | 0.51 Gb Available in Paging File | 46.44% Paging File free
Paging file location(s): C:\pagefile.sys 200 200 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 7.12 Gb Total Space | 0.72 Gb Free Space | 10.12% Space Free | Partition Type: NTFS
Drive D: | 121.28 Mb Total Space | 18.17 Mb Free Space | 14.98% Space Free | Partition Type: FAT

Computer Name: D32K5JC1 | User Name: Molly St.Cyr | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Documents and Settings\Molly St.Cyr\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll" = C:\Documents and Settings\Molly St.Cyr\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin -- (Google)
"C:\Documents and Settings\Molly St.Cyr\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Molly St.Cyr\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Documents and Settings\Molly St.Cyr\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Molly St.Cyr\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 18
"{26B914C5-5565-4C96-A40C-8E0228D6C457}" = WD SmartWare
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5299C5E1-70F9-3D1D-A1FA-BDECA4EC8015}" = Google Talk Plugin
"{543A4F31-9590-416A-A621-42CEB4C6A694}" = Battery Meter
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6ADD0603-16EF-400D-9F9E-486432835002}" = OpenOffice.org 3.2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FEF06E73-A519-4510-8CF3-B66041B91D8A}" = EMSC
"CCleaner" = CCleaner
"Creative OA004" = Integrated Webcam Driver (1.00.03.0720)
"Defraggler" = Defraggler
"HDMI" = Intel® Graphics Media Accelerator Driver
"InstallShield_{543A4F31-9590-416A-A621-42CEB4C6A694}" = Battery Meter
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.23)" = Mozilla Firefox (3.6.23)
"Revo Uninstaller" = Revo Uninstaller 1.93
"SynTPDeinstKey" = Dell Touchpad
"Windows Media Format Runtime" = Windows Media Format Runtime
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Facebook Plug-In" = Facebook Plug-In

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/25/2011 11:48:39 AM | Computer Name = D32K5JC1 | Source = Google Update | ID = 20
Description =

Error - 10/25/2011 12:48:39 PM | Computer Name = D32K5JC1 | Source = Google Update | ID = 20
Description =

Error - 10/25/2011 1:48:39 PM | Computer Name = D32K5JC1 | Source = Google Update | ID = 20
Description =

Error - 10/25/2011 2:48:39 PM | Computer Name = D32K5JC1 | Source = Google Update | ID = 20
Description =

Error - 10/30/2011 9:30:42 PM | Computer Name = D32K5JC1 | Source = Google Update | ID = 20
Description =

Error - 10/30/2011 9:40:56 PM | Computer Name = D32K5JC1 | Source = Application Error | ID = 1000
Description = Faulting application tdsskiller.exe, version 0.0.0.0, faulting module
tdsskiller.exe, version 0.0.0.0, fault address 0x004a2370.

Error - 10/30/2011 11:28:55 PM | Computer Name = D32K5JC1 | Source = Google Update | ID = 20
Description =

Error - 10/31/2011 9:50:58 AM | Computer Name = D32K5JC1 | Source = Google Update | ID = 20
Description =

Error - 10/31/2011 10:58:18 AM | Computer Name = D32K5JC1 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 10/31/2011 10:58:38 AM | Computer Name = D32K5JC1 | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 10/31/2011 10:56:54 AM | Computer Name = D32K5JC1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 10/31/2011 10:58:40 AM | Computer Name = D32K5JC1 | Source = Service Control Manager | ID = 7003
Description = The DHCP Client service depends on the following nonexistent service:
Afd

Error - 10/31/2011 10:58:40 AM | Computer Name = D32K5JC1 | Source = Service Control Manager | ID = 7003
Description = The TCP/IP NetBIOS Helper service depends on the following nonexistent
service: Afd

Error - 10/31/2011 10:58:40 AM | Computer Name = D32K5JC1 | Source = Service Control Manager | ID = 7000
Description = The helpsvc service failed to start due to the following error: %%2

Error - 10/31/2011 10:58:40 AM | Computer Name = D32K5JC1 | Source = Service Control Manager | ID = 7023
Description = The IPSEC Services service terminated with the following error: %%10050

Error - 10/31/2011 10:58:40 AM | Computer Name = D32K5JC1 | Source = Service Control Manager | ID = 7023
Description = The Windows Firewall/Internet Connection Sharing (ICS) service terminated
with the following error: %%10050

Error - 10/31/2011 10:58:40 AM | Computer Name = D32K5JC1 | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%2147952450

Error - 10/31/2011 10:58:40 AM | Computer Name = D32K5JC1 | Source = Service Control Manager | ID = 7003
Description = The Network Location Awareness (NLA) service depends on the following
nonexistent service: Afd

Error - 10/31/2011 10:59:03 AM | Computer Name = D32K5JC1 | Source = Service Control Manager | ID = 7003
Description = The Network Location Awareness (NLA) service depends on the following
nonexistent service: Afd

Error - 10/31/2011 11:03:24 AM | Computer Name = D32K5JC1 | Source = Service Control Manager | ID = 7003
Description = The Network Location Awareness (NLA) service depends on the following
nonexistent service: Afd


< End of report >

#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:13 AM

Posted 31 October 2011 - 01:48 PM

The log is clean.

Download this tool to a CD or Flash Drive and place it on the Desktop of the problem computer.

Please go here and download to your Desktop the latest version of CAT ("Crisis Aversion Tool" by teamrocketops).
Please double-click on Posted Image (for Vista/W7, right-click on it and choose "Run as administrator") to run the tool.

Posted Image

Please click the Fixes menu and check the following:
  • Fix Broken Links Inside Applications
  • Flush DNS Resolver Cache
Now, please close all open windows except CAT and press the "Apply Checked Fixes" button. Restart your computer.

Is the Internet Connection back?

#8 SeanR

SeanR
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:04:13 AM

Posted 31 October 2011 - 02:43 PM

Should I be concerned that I don't have "administrator" as one of the options under Run as?

When I boot in safe mode, administrator is a user option. But not otherwise.

Edited by SeanR, 31 October 2011 - 02:45 PM.


#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:13 AM

Posted 01 November 2011 - 08:01 AM

Should I be concerned that I don't have "administrator" as one of the options under Run as?


Try some of the options listing on this Microsoft Article.
http://support.microsoft.com/kb/922708
===

I missed the following in your OTL log.

Run OTL - Double-click OTL.exe Posted Image to start it.

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    @Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
    
    :Commands
    [emptytemp]
    [EMPTYFLASH]
    
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Post the log and let me know if the problem persists.

#10 SeanR

SeanR
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:04:13 AM

Posted 01 November 2011 - 08:32 PM

New OTL Log. (Only OTL.txt was produced)


OTL logfile created on: 11/1/2011 9:23:35 PM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Molly St.Cyr\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.36 Mb Total Physical Memory | 437.25 Mb Available Physical Memory | 43.11% Memory free
1.09 Gb Paging File | 0.47 Gb Available in Paging File | 43.40% Paging File free
Paging file location(s): C:\pagefile.sys 200 200 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 7.12 Gb Total Space | 0.88 Gb Free Space | 12.33% Space Free | Partition Type: NTFS
Drive D: | 121.28 Mb Total Space | 121.19 Mb Free Space | 99.93% Space Free | Partition Type: FAT

Computer Name: D32K5JC1 | User Name: Molly St.Cyr | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Molly St.Cyr\Desktop\OTL (1).exe (OldTimer Tools)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
PRC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
PRC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
PRC - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe (Memeo)
PRC - C:\Program Files\Battery Meter\BTMeter.exe (Dell)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL ()
MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\6e563a58e6fc0117070d5b8fd59e4e1b\System.Management.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\c6b19db2534042d435ede580f92bc75c\Microsoft.VisualBasic.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\70a1400affdc775d7c7398e036359286\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\40893760431f8f0dcce3e18630e45b23\System.Web.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b7e0214a811f81e09041864081139641\System.Runtime.Remoting.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\db2d84e279807592a680ef4135e9fe9a\System.Data.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d00cc387e462e4c3cdcd112b137cac87\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7ed09623172a292eaee51e2e3bcaf784\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\10154dcad2d62f226af2fd4211460a4b\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\77df2cd21a5b85a1605b335aa9ad9d44\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e6c79e1d71b0c9000afd7e5e439b5c54\System.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll ()
MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\Memeo.API.dll ()
MOD - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\sqlite3.dll ()
MOD - C:\WINDOWS\system32\EMSC.DLL ()


========== Win32 Services (SafeList) ==========

SRV - (AppMgmt) -- File not found
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (WDDMService) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
SRV - (WDSmartWareBackgroundService) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe (Memeo)


========== Driver Services (SafeList) ==========

DRV - (TrueSight) -- C:\WINDOWS\system32\drivers\TrueSight.sys ()
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (MotDev) -- C:\WINDOWS\system32\drivers\motodrv.sys (Motorola Inc)
DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (OA004Vid) -- C:\WINDOWS\system32\drivers\OA004Vid.sys (Creative Technology Ltd.)
DRV - (OA004Ufd) -- C:\WINDOWS\system32\drivers\OA004Ufd.sys (Creative Technology Ltd.)
DRV - (OA004Afx) -- C:\WINDOWS\system32\drivers\OA004Afx.sys (Creative Technology Ltd.)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (JMCR) -- C:\WINDOWS\system32\drivers\jmcr.sys (JMicron Technology Corp.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (EMSC) -- C:\WINDOWS\system32\DRIVERS\EMSC.SYS ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3081203
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3081203

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.order.1: "Search"
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071101000055
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: amznUWL2@amazon.com:1.7
FF - prefs.js..keyword.URL: "http://search.internet-search-results.com/?sid=10101182100&s="

FF - user.js..browser.search.selectedEngine: "Search"
FF - user.js..browser.search.order.1: "Search"
FF - user.js..keyword.URL: "http://search.internet-search-results.com/?sid=10101182100&s="

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.0: C:\Documents and Settings\Molly St.Cyr\Application Data\Facebook\npfbplugin_1_0_0.dll ( )
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Documents and Settings\Molly St.Cyr\Application Data\Facebook\npfbplugin_1_0_1.dll ( )
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Molly St.Cyr\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Documents and Settings\Molly St.Cyr\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/07 21:42:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/05 06:42:29 | 000,000,000 | ---D | M]

[2008/12/27 20:39:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Molly St.Cyr\Application Data\Mozilla\Extensions
[2011/10/09 13:23:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Molly St.Cyr\Application Data\Mozilla\Firefox\Profiles\pmvy2i1n.default\extensions
[2011/08/25 20:36:57 | 000,000,000 | ---D | M] (Add to Amazon Wish List Button) -- C:\Documents and Settings\Molly St.Cyr\Application Data\Mozilla\Firefox\Profiles\pmvy2i1n.default\extensions\amznUWL2@amazon.com
[2010/04/11 00:07:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Molly St.Cyr\Application Data\Mozilla\Firefox\Profiles\pmvy2i1n.default\extensions\DivXWebPlayer@divx.com-trash
[2009/02/21 20:35:10 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Documents and Settings\Molly St.Cyr\Application Data\Mozilla\Firefox\Profiles\pmvy2i1n.default\extensions\moveplayer@movenetworks.com
[2011/08/25 20:36:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Molly St.Cyr\Application Data\Mozilla\Firefox\Profiles\pmvy2i1n.default\extensions\staged-xpis
[2011/10/09 13:23:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/09 00:50:08 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/09/15 03:00:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/10/05 09:30:14 | 000,002,223 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\websearch.xml

========== Chrome ==========

CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - Extension: Add to Amazon Wish List = C:\Documents and Settings\Molly St.Cyr\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.4\
CHR - Extension: AT_ChuckAnderson = C:\Documents and Settings\Molly St.Cyr\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gegkoiakifeoejnjkbnnojkkdoegeofp\3\

O1 HOSTS File: ([2011/10/19 00:40:55 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4 - HKLM..\Run: [BTMeter] C:\Program Files\Battery Meter\BTMeter.exe (Dell)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
O4 - Startup: C:\Documents and Settings\Molly St.Cyr\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Molly St.Cyr\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Molly St.Cyr\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 21:45:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/01 20:53:42 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/31 19:48:53 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2011/10/31 19:48:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CAT
[2011/10/31 19:43:01 | 000,000,000 | ---D | C] -- C:\CYDELogs
[2011/10/31 19:41:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2011/10/31 19:23:32 | 000,000,000 | ---D | C] -- C:\CAT-Logs
[2011/10/31 10:47:15 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Molly St.Cyr\Desktop\OTL (1).exe
[2011/10/30 21:33:26 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Molly St.Cyr\Desktop\aswMBR.exe
[2011/10/25 09:49:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Molly St.Cyr\Desktop\gmer (2)
[2011/10/25 09:43:26 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Molly St.Cyr\Desktop\dds.scr
[2011/10/24 16:57:35 | 006,723,848 | ---- | C] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Documents and Settings\Molly St.Cyr\Desktop\SASDEFINITIONS (1).EXE
[2011/10/24 16:49:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/10/24 16:49:22 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/10/24 16:48:57 | 012,887,232 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Molly St.Cyr\Desktop\explore.exe
[2011/10/24 16:43:05 | 001,561,392 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Molly St.Cyr\Desktop\iexplore.exe
[2011/10/24 16:41:27 | 003,194,296 | ---- | C] (Javacool Software LLC ) -- C:\Documents and Settings\Molly St.Cyr\Desktop\spywareblastersetup44 (1).exe
[2011/10/24 16:34:21 | 001,071,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCOMCTL.OCX
[2011/10/24 16:34:21 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSSTDFMT.DLL
[2011/10/24 16:30:17 | 003,194,296 | ---- | C] (Javacool Software LLC ) -- C:\Documents and Settings\Molly St.Cyr\Desktop\spywareblastersetup44.exe
[2011/10/24 16:28:25 | 007,682,640 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Molly St.Cyr\Desktop\iexplorer1.exe
[2011/10/24 16:19:37 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Molly St.Cyr\Recent
[2011/10/23 16:31:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/23 16:31:48 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/10/23 12:37:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/10/22 01:49:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Molly St.Cyr\Application Data\SUPERAntiSpyware.com
[2011/10/22 01:49:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/10/22 01:32:05 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/10/22 01:31:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Molly St.Cyr\Local Settings\Application Data\Threat Expert
[2011/10/18 00:29:46 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/10/18 00:29:46 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/10/18 00:29:46 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/10/18 00:29:46 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/10/14 16:03:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/10/13 18:43:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/10/09 16:23:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Molly St.Cyr\Start Menu\Programs\Revo Uninstaller
[2011/10/09 16:23:11 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2011/10/09 15:39:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/10/09 13:53:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Molly St.Cyr\Application Data\Malwarebytes
[2011/10/09 13:53:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/10/09 13:30:00 | 000,138,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\afd.svs
[2011/10/09 13:27:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/10/09 13:27:36 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/09 13:27:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2011/10/09 13:27:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Molly St.Cyr\Start Menu\Programs\Administrative Tools
[2011/10/07 21:55:08 | 000,094,896 | ---- | C] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\52605517.sys
[2011/10/07 21:55:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mbbDD3onn4aQHsK
[2011/10/07 19:14:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\PIF
[2011/10/07 18:49:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WSTB
[2011/10/07 18:49:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wXXXUCCeIBrzNyA
[2011/10/07 18:45:44 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2011/10/05 06:50:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/10/05 06:49:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/10/05 06:48:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe

========== Files - Modified Within 30 Days ==========

[2011/11/01 20:55:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/01 20:55:42 | 1063,702,528 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/01 20:47:02 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/31 19:52:01 | 000,000,389 | RHS- | M] () -- C:\boot.ini
[2011/10/31 19:51:17 | 000,187,408 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/31 19:48:50 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/10/31 19:48:50 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/10/31 19:44:07 | 005,251,072 | ---- | M] () -- C:\WINDOWS\sectest.db
[2011/10/31 15:36:06 | 001,242,562 | ---- | M] () -- C:\Documents and Settings\Molly St.Cyr\Desktop\CAT.exe
[2011/10/31 10:02:24 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Molly St.Cyr\Desktop\OTL (1).exe
[2011/10/31 09:52:08 | 000,000,993 | ---- | M] () -- C:\Documents and Settings\Molly St.Cyr\Desktop\fixme.reg
[2011/10/30 21:40:10 | 001,564,464 | ---- | M] () -- C:\Documents and Settings\Molly St.Cyr\Desktop\TDSSKiller.exe
[2011/10/30 21:39:03 | 001,545,436 | ---- | M] () -- C:\Documents and Settings\Molly St.Cyr\Desktop\tdsskiller (3).zip
[2011/10/30 21:37:09 | 001,545,436 | ---- | M] () -- C:\Documents and Settings\Molly St.Cyr\Desktop\tdsskiller (1).zip
[2011/10/30 21:29:22 | 001,545,436 | ---- | M] () -- C:\Documents and Settings\Molly St.Cyr\Desktop\tdsskiller.zip
[2011/10/30 21:29:12 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Molly St.Cyr\Desktop\aswMBR.exe
[2011/10/25 15:01:04 | 000,015,360 | ---- | M] () -- C:\Documents and Settings\Molly St.Cyr\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/25 09:48:16 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\Molly St.Cyr\Desktop\gmer (2).zip
[2011/10/25 09:46:05 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\Molly St.Cyr\Desktop\gmer (1).zip
[2011/10/25 09:38:59 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Molly St.Cyr\Desktop\dds.scr
[2011/10/24 22:08:28 | 004,758,704 | ---- | M] () -- C:\Documents and Settings\Molly St.Cyr\Desktop\R149798.EXE
[2011/10/24 16:54:31 | 006,723,848 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Documents and Settings\Molly St.Cyr\Desktop\SASDEFINITIONS (1).EXE
[2011/10/24 16:49:36 | 000,001,680 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/10/24 16:46:44 | 012,887,232 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Molly St.Cyr\Desktop\explore.exe
[2011/10/24 16:39:53 | 003,194,296 | ---- | M] (Javacool Software LLC ) -- C:\Documents and Settings\Molly St.Cyr\Desktop\spywareblastersetup44 (1).exe
[2011/10/24 16:22:53 | 003,194,296 | ---- | M] (Javacool Software LLC ) -- C:\Documents and Settings\Molly St.Cyr\Desktop\spywareblastersetup44.exe
[2011/10/24 16:21:40 | 007,682,640 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Molly St.Cyr\Desktop\iexplorer1.exe
[2011/10/24 16:12:40 | 001,561,392 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Molly St.Cyr\Desktop\iexplore.exe
[2011/10/24 15:25:45 | 000,002,048 | ---- | M] () -- C:\Uninstall.dat
[2011/10/23 16:31:55 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/22 01:30:25 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/10/19 00:40:55 | 000,000,736 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/10/14 16:08:48 | 000,111,744 | ---- | M] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2011/10/09 15:35:54 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.bak
[2011/10/07 21:55:08 | 000,094,896 | ---- | M] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\52605517.sys

========== Files Created - No Company Name ==========

[2011/10/31 19:43:03 | 005,251,072 | ---- | C] () -- C:\WINDOWS\sectest.db
[2011/10/31 15:48:19 | 1063,702,528 | -HS- | C] () -- C:\hiberfil.sys
[2011/10/31 15:39:21 | 001,242,562 | ---- | C] () -- C:\Documents and Settings\Molly St.Cyr\Desktop\CAT.exe
[2011/10/31 09:54:33 | 000,000,993 | ---- | C] () -- C:\Documents and Settings\Molly St.Cyr\Desktop\fixme.reg
[2011/10/30 21:41:16 | 001,545,436 | ---- | C] () -- C:\Documents and Settings\Molly St.Cyr\Desktop\tdsskiller (3).zip
[2011/10/30 21:40:50 | 001,564,464 | ---- | C] () -- C:\Documents and Settings\Molly St.Cyr\Desktop\TDSSKiller.exe
[2011/10/30 21:38:20 | 001,545,436 | ---- | C] () -- C:\Documents and Settings\Molly St.Cyr\Desktop\tdsskiller (1).zip
[2011/10/30 21:33:26 | 001,545,436 | ---- | C] () -- C:\Documents and Settings\Molly St.Cyr\Desktop\tdsskiller.zip
[2011/10/25 09:49:22 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\Molly St.Cyr\Desktop\gmer (2).zip
[2011/10/25 09:47:08 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\Molly St.Cyr\Desktop\gmer (1).zip
[2011/10/24 22:11:16 | 004,758,704 | ---- | C] () -- C:\Documents and Settings\Molly St.Cyr\Desktop\R149798.EXE
[2011/10/24 16:49:36 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/10/23 16:31:55 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/22 13:28:54 | 000,001,120 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk
[2011/10/22 13:28:54 | 000,001,059 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk
[2011/10/22 13:28:54 | 000,000,866 | ---- | C] () -- C:\Documents and Settings\Molly St.Cyr\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
[2011/10/22 02:08:20 | 000,002,048 | ---- | C] () -- C:\Uninstall.dat
[2011/10/18 00:29:46 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/10/18 00:29:46 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/10/18 00:29:46 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/10/18 00:29:46 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/10/18 00:29:46 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/10/13 18:30:25 | 000,111,744 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2010/02/07 21:04:48 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/12/06 23:47:38 | 000,015,360 | ---- | C] () -- C:\Documents and Settings\Molly St.Cyr\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/28 15:19:24 | 000,002,106 | ---- | C] () -- C:\Documents and Settings\Molly St.Cyr\Application Data\wklnhst.dat
[2008/12/27 20:39:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/12/03 06:39:35 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2008/12/03 06:39:20 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2008/12/03 06:38:03 | 000,001,154 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/12/03 06:01:09 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/12/03 05:27:36 | 000,266,240 | ---- | C] () -- C:\WINDOWS\System32\EMSC.DLL
[2008/12/03 05:27:36 | 000,009,856 | ---- | C] () -- C:\WINDOWS\System32\drivers\EMSC.sys
[2008/04/25 21:47:34 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/04/25 21:44:05 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/04/25 16:33:19 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/25 16:33:18 | 000,443,482 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/25 16:33:18 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/25 16:33:18 | 000,072,582 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/25 16:33:18 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/25 16:33:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/25 16:33:17 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/25 16:33:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2008/04/25 16:33:14 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/25 16:33:14 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/25 16:33:10 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/25 16:33:06 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/25 09:39:19 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/04/25 09:38:33 | 000,187,408 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== LOP Check ==========

[2011/10/22 01:31:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/10/31 19:48:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CAT
[2010/07/26 08:09:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2011/10/24 16:48:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/12/03 05:27:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vista32
[2008/12/03 05:27:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vista64
[2010/01/02 20:13:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2011/10/09 14:03:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WSTB
[2008/12/03 05:58:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\XP32
[2011/02/09 21:48:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Molly St.Cyr\Application Data\Dropbox
[2010/02/01 00:15:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Molly St.Cyr\Application Data\Facebook
[2010/07/12 18:38:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Molly St.Cyr\Application Data\FinalMediaPlayer
[2010/06/19 15:41:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Molly St.Cyr\Application Data\OpenOffice.org
[2008/12/28 15:19:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Molly St.Cyr\Application Data\Template
[2010/01/02 20:13:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Molly St.Cyr\Application Data\Western Digital

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\system32\drivers\*.sys /90 >
[2011/10/07 21:55:08 | 000,094,896 | ---- | M] (Kaspersky Lab, GERT) -- C:\WINDOWS\system32\drivers\52605517.sys
[2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2011/10/14 16:08:48 | 000,111,744 | ---- | M] () -- C:\WINDOWS\system32\drivers\TrueSight.sys

< %systemroot%\*. /mp /s >

< c:\$recycle.bin\*.* /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-09-28 10:08:36


< MD5 for: AGP440.SYS >
[2008/04/14 08:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\I386\sp3.cab:AGP440.sys
[2008/04/14 08:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/14 08:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\AGP440.SYS
[2008/04/14 08:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2008/04/14 08:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\I386\sp3.cab:atapi.sys
[2008/04/14 08:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 08:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/14 08:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008/04/14 08:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\i386\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2008/04/14 08:00:00 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\I386\AUTOCHK.EXE
[2008/04/14 08:00:00 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\system32\autochk.exe

< MD5 for: BEEP.SYS >
[2008/04/14 08:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\ERDNT\cache\beep.sys
[2008/04/14 08:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 08:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/14 08:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe

< MD5 for: KERNEL32.DLL >
[2009/03/21 10:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\ERDNT\cache\kernel32.dll
[2009/03/21 10:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\system32\dllcache\kernel32.dll
[2009/03/21 10:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\system32\kernel32.dll
[2009/03/21 09:59:23 | 000,991,744 | ---- | M] (Microsoft Corporation) MD5=DA11D9D6ECBDF0F93436A4B7C13F7BEC -- C:\WINDOWS\$hf_mig$\KB959426\SP3QFE\kernel32.dll

< MD5 for: MSWSOCK.DLL >
[2008/06/20 12:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=943337D786A56729263071623BBB9DE5 -- C:\WINDOWS\ERDNT\cache\mswsock.dll
[2008/06/20 12:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=943337D786A56729263071623BBB9DE5 -- C:\WINDOWS\SoftwareDistribution\Download\ff0686f2f699fa07ed5ad0848fa3055b\sp3gdr\mswsock.dll
[2008/06/20 12:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=943337D786A56729263071623BBB9DE5 -- C:\WINDOWS\system32\dllcache\mswsock.dll
[2008/06/20 12:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=943337D786A56729263071623BBB9DE5 -- C:\WINDOWS\system32\mswsock.dll
[2008/06/20 13:43:05 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\mswsock.dll
[2008/06/20 13:43:05 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[2008/06/20 13:43:05 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS\SoftwareDistribution\Download\ff0686f2f699fa07ed5ad0848fa3055b\sp3qfe\mswsock.dll

< MD5 for: NDIS.SYS >
[2008/04/14 08:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ERDNT\cache\ndis.sys
[2008/04/14 08:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys

< MD5 for: NETLOGON.DLL >
[2008/04/14 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/14 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: NTFS.SYS >
[2008/04/14 08:00:00 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\I386\NTFS.SYS
[2008/04/14 08:00:00 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\ERDNT\cache\ntfs.sys
[2008/04/14 08:00:00 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\system32\drivers\ntfs.sys

< MD5 for: NTMSSVC.DLL >
[2008/04/14 08:00:00 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\ERDNT\cache\ntmssvc.dll
[2008/04/14 08:00:00 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\system32\ntmssvc.dll

< MD5 for: PROQUOTA.EXE >
[2008/04/14 08:00:00 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\system32\proquota.exe

< MD5 for: QMGR.DLL >
[2008/04/14 08:00:00 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\ERDNT\cache\qmgr.dll
[2008/04/14 08:00:00 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\qmgr.dll

< MD5 for: SCECLI.DLL >
[2008/04/14 08:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/14 08:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SFCFILES.DLL >
[2008/04/14 08:00:00 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\ERDNT\cache\sfcfiles.dll
[2008/04/14 08:00:00 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\system32\sfcfiles.dll

< MD5 for: SPOOLSV.EXE >
[2010/08/17 09:19:36 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=258DD5D4283FD9F9A7166BE9AE45CE73 -- C:\WINDOWS\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[2010/08/17 09:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\ERDNT\cache\spoolsv.exe
[2010/08/17 09:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\system32\dllcache\spoolsv.exe
[2010/08/17 09:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\system32\spoolsv.exe

< MD5 for: SRSVC.DLL >
[2008/04/14 08:00:00 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\ERDNT\cache\srsvc.dll
[2008/04/14 08:00:00 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\system32\srsvc.dll

< MD5 for: SVCHOST.EXE >
[2008/04/14 08:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/14 08:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: TERMSRV.DLL >
[2008/04/14 08:00:00 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\ERDNT\cache\termsrv.dll
[2008/04/14 08:00:00 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\system32\termsrv.dll

< MD5 for: USERINIT.EXE >
[2008/04/14 08:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/14 08:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: XMLPROV.DLL >
[2008/04/14 08:00:00 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\ERDNT\cache\xmlprov.dll
[2008/04/14 08:00:00 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\system32\xmlprov.dll

< End of report >

#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:13 AM

Posted 02 November 2011 - 08:58 AM

Your log is clean.

Do you know what program/hardware this driver TrueSight.sys file is needed by.

C:\WINDOWS\system32\drivers\TrueSight.sys

Look at the properties and if not identified scan it at Jotti.

>>> Run Jotti's malware scan: Please copy this line (in bold):
C:\WINDOWS\system32\drivers\TrueSight.sys
  • Go to Jotti's malware scan and click the Browse button,
  • A window will open, right-click in the File name field and choose Paste.
  • Click the Submit button and let the scan run uninterrupted.
  • At the end right-click the Permalink button and choose "Copy the link". Posted Image
  • Open Notepad (Start => All Programs => Accessories) and click "Edition" => "Paste".
Please copy and paste these Permalink in your next reply.
If Jotti is busy, please go to http://www.virustotal.com

post the log and let me know what problem persists on this computer.

#12 SeanR

SeanR
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:04:13 AM

Posted 02 November 2011 - 10:50 PM

http://virusscan.jotti.org/en/scanresult/d8061c43a308827479cc77e6554f15e10aa9eb60

There is still no internet. When I run ipconfig /all I have noticed that the computer does not have a dns suffix search list.

#13 nasdaq

nasdaq

  • Malware Response Team
  • 39,179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:13 AM

Posted 03 November 2011 - 08:41 AM

There is still no internet. When I run ipconfig /all I have noticed that the computer does not have a dns suffix search list.


This is not my forte.

I suggest you start a new topic in this forum.
http://www.bleepingcomputer.com/forums/forum21.html
Where you should get better served on this issue.

===

I will keep this topic open for 5 day.

#14 SeanR

SeanR
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:04:13 AM

Posted 03 November 2011 - 09:47 AM

Okay, thank you for your help.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users