Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with rootkit virusTDSS and many others


  • This topic is locked This topic is locked
29 replies to this topic

#1 preschooler

preschooler

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:59 PM

Posted 08 November 2011 - 11:45 PM

Below was my original post (apologies for the incorrect forum post)

http://www.bleepingcomputer.com/forums/topic426975.html

Hi, I have spent the past 3 hours (literally) trying to get the dds log to run correctly. It states it should not take over 3 minutes and each time I have tried to run it, it takes well over a half hour and my pc freezes. Is there another way to get a log? I am at such a loss here....

Thanks.

BC AdBot (Login to Remove)

 


#2 preschooler

preschooler
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:59 PM

Posted 09 November 2011 - 03:46 PM

Attached File  ark.txt   121.5KB   0 downloadsHello, thank you for your patience as I try to follow the guide instructions.
I have attached a GMER log but was unable to get the DDS log to output the log files. The DDS would initiate, run for a bit (about a half hour) and then just freeze my computer. Am hoping the GMER log at least helps.

Sunday I was hit with a delayed write virus that resulted in the dreaded black screen. Found help on line, purchased trojan killer, though it removed some, after another scan by PC tools it showed I had the rootkitTDSS, Trojanagent by pass, trojan downloader and a bunch of other things. They listed it as 12 threats and 175 infections.

Currently, my files are in tact, but my programs show empty on the start up menu. They do show however upon further search in the add/remove program sections.
(Below is my original link which also reflects yet another link so my apologies for the incorrect posts).
I know you are all very busy, so any help is appreciated when you can. Thanks in advance.
Christine

EDIT: Topics merged ~Budapest

Edited by Budapest, 13 November 2011 - 05:35 PM.


#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:59 PM

Posted 13 November 2011 - 09:41 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


The first thing I would like you to do is run this for me - http://download.bleepingcomputer.com/grinler/unhide.exe after it is complete restart the computer and continue with these steps


Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in

    %TEMP%\smtmp\*.* /s

  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTListIt.txt in your next reply.


information and logs:

  • In your next post I need the following

  • .logs from OTL
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 preschooler

preschooler
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:59 PM

Posted 14 November 2011 - 07:33 PM

Hi, I just tried saving the unhide link to the desk top and received an error message.
"error copying file or folder"
Cannot copy unhide[1]: There is not enough free disk space.
Delete one or more files to free disk space and then try again.
To free space on this drive by deleting old or unnecessary files click disk cleanup (which I did not do)

Then tried to just run it from the link and came up with this error message:
Write error in the file pev.exe. Probably the disk is full. then a box popped up with this:
WinRar self extracting archive
Extracting unhide.bat
Extracting grep.exe
Extracting pev.exe
and then in red text, the same "write error " message as above.

I am unable to determine if these are legitimate errors as I continually receive the "pop up balloons" stating I have no firewall (when I do) and that my disk is full.

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:59 PM

Posted 14 November 2011 - 07:54 PM

move to the next program


this is not true - it is the virus
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 preschooler

preschooler
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:59 PM

Posted 14 November 2011 - 08:23 PM

Hi, here is the OTL log. Thanks for your help thus far!

OTL logfile created on: 11/14/2011 8:00:56 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Nancy Redgate\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 50.75 Mb Available Physical Memory | 9.95% Memory free
927.55 Mb Paging File | 41.01 Mb Available in Paging File | 4.42% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38.25 Gb Total Space | 0.00 Gb Free Space | 0.01% Space Free | Partition Type: NTFS

Computer Name: NANCY | User Name: Nancy Redgate | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Nancy Redgate\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
PRC - C:\Program Files\PC Tools\PC Tools Security\pctsGui.exe (PC Tools)
PRC - C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe (PC Tools)
PRC - C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe (PC Tools)
PRC - C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files\Java\jre6\bin\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Common Files\SupportSoft\bin\bcont.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Winamp\winampa.exe ()
PRC - C:\Program Files\Common Files\Dell\EUSW\Support.exe (Dell)
PRC - C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe ( )
PRC - C:\WINDOWS\SYSTEM32\SOL.EXE (Microsoft Corporation)
PRC - C:\Program Files\Norton Utilities\NPROTECT.EXE (Symantec Corporation)
PRC - C:\Program Files\Speed Disk\NOPDB.EXE (Symantec Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\PC Tools\PC Tools Security\NetworkLayer\PCTCFHook.dll ()
MOD - C:\Program Files\PC Tools\PC Tools Security\avengine\sdkBSCtrl.dll ()
MOD - C:\Program Files\PC Tools\PC Tools Security\BDT\Utility.dll ()
MOD - C:\Program Files\PC Tools\PC Tools Security\BDT\BSPatch.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_08bba7e8\mscorlib.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_b3751695\system.drawing.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_c7256e5f\system.windows.forms.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_7c25b26a\system.dll ()
MOD - c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll ()
MOD - c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll ()
MOD - c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll ()
MOD - C:\Program Files\Winamp\winampa.exe ()
MOD - C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\DLBAPP5C.DLL ()
MOD - C:\Program Files\Dell AIO Printer A940\ConvDIB.dll ()


========== Win32 Services (SafeList) ==========

SRV - (Updater Service for StartNow Toolbar) -- File not found
SRV - (HidServ) -- File not found
SRV - (BOCore) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (sdCoreService) -- C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe (PC Tools)
SRV - (sdAuxService) -- C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe (PC Tools)
SRV - (Browser Defender Update Service) -- C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (NProtectService) -- C:\Program Files\Norton Utilities\NPROTECT.EXE (Symantec Corporation)
SRV - (Speed Disk service) -- C:\Program Files\Speed Disk\NOPDB.EXE (Symantec Corporation)


========== Driver Services (SafeList) ==========

DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (PCTSD) -- C:\WINDOWS\SYSTEM32\DRIVERS\PCTSD.sys (PC Tools)
DRV - (PCTCore) -- C:\WINDOWS\system32\drivers\PCTCore.sys (PC Tools)
DRV - (pctEFA) -- C:\WINDOWS\system32\drivers\pctEFA.sys (PC Tools)
DRV - (pctDS) -- C:\WINDOWS\system32\drivers\pctDS.sys (PC Tools)
DRV - (PCTBD) -- C:\WINDOWS\SYSTEM32\DRIVERS\PCTBD.sys (PC Tools)
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (MCSTRM) -- C:\WINDOWS\System32\drivers\mcstrm.sys (RealNetworks, Inc.)
DRV - (ZG760_XP) -- C:\WINDOWS\SYSTEM32\DRIVERS\WlanGZXP.sys (ZyDAS Technology Corporation)
DRV - (iAimFP4) -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys (Intel® Corporation)
DRV - (iAimFP3) -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys (Intel® Corporation)
DRV - (iAimTV4) -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys (Intel® Corporation)
DRV - (iAimTV3) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys (Intel® Corporation)
DRV - (iAimTV1) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys (Intel® Corporation)
DRV - (iAimTV0) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys (Intel® Corporation)
DRV - (i81x) -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys (Intel® Corporation)
DRV - (iAimFP0) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys (Intel® Corporation)
DRV - (iAimFP1) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys (Intel® Corporation)
DRV - (iAimFP2) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys (Intel® Corporation)
DRV - (IntelC52) -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys (Intel Corporation)
DRV - (IntelC51) -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys (Intel Corporation)
DRV - (IntelC53) -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys (Intel Corporation)
DRV - (mohfilt) -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys (Intel Corporation)
DRV - (SymEvent) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation)
DRV - (bcm4sbxp) -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys (Broadcom Corporation)
DRV - (omci) -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys (Dell Computer Corporation)
DRV - (NPDriver) -- C:\WINDOWS\SYSTEM32\DRIVERS\NPDRIVER.SYS (Symantec Corporation)
DRV - (EL90XBC) -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS (3Com Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3213113866-4064316633-1904042771-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-3213113866-4064316633-1904042771-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3213113866-4064316633-1904042771-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-3213113866-4064316633-1904042771-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-3213113866-4064316633-1904042771-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.xfinity.com/customer/start/?attr=mm&cid=insDate05102011
IE - HKU\S-1-5-21-3213113866-4064316633-1904042771-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.xfinity.com/customer/start/?attr=mm&cid=insDate05102011
IE - HKU\S-1-5-21-3213113866-4064316633-1904042771-1007\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKU\S-1-5-21-3213113866-4064316633-1904042771-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3213113866-4064316633-1904042771-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-3213113866-4064316633-1904042771-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/npracplug;version=1.0.0.0: C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll (RealNetworks)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Nancy Redgate\Application Data\Facebook\npfbplugin_1_0_3.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\PC Tools\PC Tools Security\BDT\Firefox\ [2011/11/07 00:21:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/08/17 19:57:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2010/10/12 12:41:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Nancy Redgate\Application Data\Mozilla\Extensions
[2010/10/12 12:41:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Nancy Redgate\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/06/01 12:30:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/06 21:01:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}

O1 HOSTS File: ([2008/04/26 08:28:00 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PC Tools Browser Defender BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (StartNow Toolbar Helper) - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll ()
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ST) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (MSNToolBandBHO) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Defender) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll ()
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-3213113866-4064316633-1904042771-1007\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKU\S-1-5-21-3213113866-4064316633-1904042771-1007\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKU\S-1-5-21-3213113866-4064316633-1904042771-1007\..\Toolbar\WebBrowser: (PC Tools Browser Defender) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKU\S-1-5-21-3213113866-4064316633-1904042771-1007\..\Toolbar\WebBrowser: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ddoctorv2] C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe (Dell)
O4 - HKLM..\Run: [ISTray] C:\Program Files\PC Tools\PC Tools Security\pctsGui.exe (PC Tools)
O4 - HKLM..\Run: [StartNowToolbarHelper] "C:\Program Files\StartNow Toolbar\ToolbarHelper.exe" File not found
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKU\S-1-5-21-3213113866-4064316633-1904042771-1007..\Run: [Desktop Software] C:\Program Files\Common Files\SupportSoft\bin\bcont.exe (SupportSoft, Inc.)
O4 - HKU\S-1-5-21-3213113866-4064316633-1904042771-1007..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-3213113866-4064316633-1904042771-1007..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108847
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 223
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3213113866-4064316633-1904042771-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3213113866-4064316633-1904042771-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3213113866-4064316633-1904042771-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKU\S-1-5-21-3213113866-4064316633-1904042771-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKU\S-1-5-21-3213113866-4064316633-1904042771-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKU\S-1-5-21-3213113866-4064316633-1904042771-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 1
O7 - HKU\S-1-5-21-3213113866-4064316633-1904042771-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_17.dll (Sun Microsystems, Inc.)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O15 - HKU\S-1-5-21-3213113866-4064316633-1904042771-1007\..Trusted Domains: ([]msn in My Computer)
O15 - HKU\S-1-5-21-3213113866-4064316633-1904042771-1007\..Trusted Domains: ani-search.com ([www] http in Local intranet)
O15 - HKU\S-1-5-21-3213113866-4064316633-1904042771-1007\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-3213113866-4064316633-1904042771-1007\..Trusted Domains: capecodfive.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-3213113866-4064316633-1904042771-1007\..Trusted Domains: higsearch.com ([www] http in Local intranet)
O15 - HKU\S-1-5-21-3213113866-4064316633-1904042771-1007\..Trusted Domains: mlspropertyfinder.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-3213113866-4064316633-1904042771-1007\..Trusted Domains: povidon.com ([tomb] http in Local intranet)
O15 - HKU\S-1-5-21-3213113866-4064316633-1904042771-1007\..Trusted Domains: searchixz.com ([www] http in Local intranet)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon%20FiOS%20Installer.cab (Support.com Configuration Class)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} http://zone.msn.com/bingame/rtlw/default/ReflexiveWebGameLoader.cab (WebGameLoader Class)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www2.snapfish.com/SnapfishActivia.cab (Snapfish Activia)
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} http://zone.msn.com/bingame/amad/default/atomaders.cab (AtlAtomadersCtlAttrib Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} http://www.cvsphoto.com/upload/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} http://www.mpix.com/Customer/Uploading/activex/ImageUploader4.cab (Image Uploader Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.71.230 68.87.73.246
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{501A4A5C-99DA-4B7A-B8FC-C8513F0A759E}: DhcpNameServer = 68.87.71.230 68.87.73.246
O18 - Protocol\Filter\x-sdch - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Nancy Redgate\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Nancy Redgate\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O29 - HKLM SecurityProviders - (zwebauth.dll) -C:\WINDOWS\System32\ZWebAuth.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 09:59:58 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/14 19:58:55 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Nancy Redgate\Desktop\OTL.exe
[2011/11/09 12:12:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nancy Redgate\Desktop\gmer
[2011/11/09 01:09:18 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Nancy Redgate\Desktop\dds.scr
[2011/11/08 21:11:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Nancy Redgate\Start Menu\Programs\Administrative Tools
[2011/11/08 18:00:05 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/11/08 17:55:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/11/07 08:27:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nancy Redgate\Local Settings\Application Data\Threat Expert
[2011/11/07 00:21:48 | 000,056,840 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTBD.sys
[2011/11/07 00:21:47 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2011/11/07 00:21:46 | 002,291,664 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2011/11/07 00:21:46 | 001,681,360 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2011/11/07 00:20:42 | 000,252,840 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2011/11/07 00:20:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PC Tools Security
[2011/11/07 00:20:17 | 000,017,848 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctBTFix.sys
[2011/11/07 00:19:48 | 000,070,536 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2011/11/07 00:19:17 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools
[2011/11/07 00:17:34 | 000,660,992 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctEFA.sys
[2011/11/07 00:17:34 | 000,341,656 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctDS.sys
[2011/11/07 00:17:22 | 000,331,880 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2011/11/07 00:17:22 | 000,162,584 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2011/11/07 00:17:17 | 000,185,560 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTSD.sys
[2011/11/07 00:17:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011/11/07 00:14:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nancy Redgate\Application Data\TestApp
[2011/11/07 00:14:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2011/11/06 19:59:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\GridinSoft
[2011/11/06 19:59:06 | 000,000,000 | ---D | C] -- C:\Program Files\GridinSoft Trojan Killer
[2011/11/06 19:56:44 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Nancy Redgate\Recent
[2011/11/06 18:52:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nancy Redgate\Start Menu\Programs\System Restore
[2006/11/27 12:07:41 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[13 C:\Documents and Settings\Nancy Redgate\My Documents\*.tmp files -> C:\Documents and Settings\Nancy Redgate\My Documents\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/14 19:59:01 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nancy Redgate\Desktop\OTL.exe
[2011/11/14 00:44:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/11/14 00:44:29 | 534,843,392 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/12 14:55:04 | 000,000,284 | -H-- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/11/09 12:11:48 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\Nancy Redgate\Desktop\gmer.zip
[2011/11/08 21:11:13 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Nancy Redgate\Desktop\dds.scr
[2011/11/08 21:07:45 | 000,000,607 | -H-- | M] () -- C:\WINDOWS\DELLSTAT.INI
[2011/11/08 21:04:48 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Nancy Redgate\defogger_reenable
[2011/11/08 21:04:15 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Nancy Redgate\Desktop\Defogger.exe
[2011/11/07 00:20:28 | 000,001,839 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PC Tools Spyware Doctor with AntiVirus.lnk
[2011/11/07 00:18:44 | 000,852,264 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/11/07 00:14:33 | 000,002,116 | ---- | M] () -- C:\Documents and Settings\Nancy Redgate\Desktop\sdasetup[1].exe.lnk
[2011/11/06 22:51:39 | 000,004,566 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/11/06 19:59:14 | 000,000,814 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Trojan Killer.lnk
[2011/11/06 18:54:19 | 000,000,448 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1kAlMiG2Kb7FzP
[2011/11/06 18:52:10 | 000,000,280 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~1kAlMiG2Kb7FzP
[2011/11/06 18:52:10 | 000,000,216 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~1kAlMiG2Kb7FzPr
[2011/11/06 17:38:44 | 000,435,082 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2011/11/06 17:38:44 | 000,069,072 | -H-- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2011/10/28 11:03:18 | 000,070,536 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2011/10/28 11:02:54 | 000,185,560 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTSD.sys
[2011/10/28 11:01:36 | 000,017,848 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\pctBTFix.sys
[2011/10/28 10:40:58 | 000,252,840 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2011/10/25 13:38:20 | 000,149,456 | ---- | M] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2011/10/25 13:38:18 | 002,291,664 | ---- | M] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2011/10/25 13:38:18 | 001,681,360 | ---- | M] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2011/10/25 13:38:08 | 000,767,952 | ---- | M] () -- C:\WINDOWS\BDTSupport.dll
[2011/10/22 15:11:14 | 000,331,880 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2011/10/22 15:11:08 | 000,162,584 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[13 C:\Documents and Settings\Nancy Redgate\My Documents\*.tmp files -> C:\Documents and Settings\Nancy Redgate\My Documents\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/09 12:11:45 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\Nancy Redgate\Desktop\gmer.zip
[2011/11/09 11:23:50 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Nancy Redgate\Desktop\Defogger.exe
[2011/11/08 21:04:48 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Nancy Redgate\defogger_reenable
[2011/11/07 00:21:47 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2011/11/07 00:21:47 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2011/11/07 00:21:47 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2011/11/07 00:21:47 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2011/11/07 00:21:46 | 000,003,488 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2011/11/07 00:20:28 | 000,001,839 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PC Tools Spyware Doctor with AntiVirus.lnk
[2011/11/07 00:17:44 | 000,852,264 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/11/07 00:14:33 | 000,002,116 | ---- | C] () -- C:\Documents and Settings\Nancy Redgate\Desktop\sdasetup[1].exe.lnk
[2011/11/06 19:59:14 | 000,000,814 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Trojan Killer.lnk
[2011/11/06 19:14:02 | 000,001,957 | -H-- | C] () -- C:\Documents and Settings\All Users\Desktop\Comcast Desktop Software.lnk
[2011/11/06 18:52:10 | 000,000,216 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~1kAlMiG2Kb7FzPr
[2011/11/06 18:52:09 | 000,000,280 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~1kAlMiG2Kb7FzP
[2011/11/06 18:51:46 | 000,000,448 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1kAlMiG2Kb7FzP
[2009/11/08 10:06:27 | 000,000,664 | -H-- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/05/23 16:21:47 | 180,880,928 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/05/23 16:08:11 | 001,263,904 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2009/05/07 10:39:46 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2008/12/19 15:02:22 | 000,002,704 | -H-- | C] () -- C:\WINDOWS\System32\TDSSlxwp.dll
[2008/12/19 15:02:18 | 000,000,441 | ---- | C] () -- C:\WINDOWS\System32\TDSSorvd.dat
[2008/05/18 11:48:57 | 000,027,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamcatchme.sys
[2008/05/18 11:48:56 | 000,015,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/01/26 09:27:04 | 000,006,903 | -HS- | C] () -- C:\WINDOWS\System32\abeeg.ini
[2007/10/27 08:01:01 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
[2007/10/26 20:41:27 | 000,000,268 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\Rock
[2007/10/26 20:41:26 | 000,000,268 | R--- | C] () -- C:\Documents and Settings\Nancy Redgate\Application Data\Repeat Routines
[2007/10/26 20:41:26 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLds.DAT
[2007/10/04 14:58:18 | 000,694,009 | -HS- | C] () -- C:\WINDOWS\System32\csvtnipb.ini
[2007/10/03 14:56:07 | 000,693,841 | -HS- | C] () -- C:\WINDOWS\System32\ssbeaaki.ini
[2007/10/03 05:24:31 | 000,693,772 | -HS- | C] () -- C:\WINDOWS\System32\aevvjdtp.ini
[2007/10/02 05:21:39 | 000,693,592 | -HS- | C] () -- C:\WINDOWS\System32\ndpkmfhy.ini
[2007/10/01 05:21:32 | 000,693,541 | -HS- | C] () -- C:\WINDOWS\System32\gwokxylk.ini
[2007/09/30 05:18:35 | 000,693,472 | -HS- | C] () -- C:\WINDOWS\System32\dabbdpft.ini
[2007/09/29 05:21:44 | 000,693,448 | -HS- | C] () -- C:\WINDOWS\System32\bwyodtbi.ini
[2007/09/27 21:34:05 | 000,693,466 | -HS- | C] () -- C:\WINDOWS\System32\onvxduls.ini
[2007/07/30 09:00:23 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\msoffice.ini
[2007/05/13 18:58:44 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\resourceGeneric.dll
[2006/07/06 18:40:38 | 000,012,288 | ---- | C] () -- C:\Documents and Settings\Nancy Redgate\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/06/18 17:31:04 | 000,010,640 | -H-- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/12/29 15:59:09 | 000,000,029 | -H-- | C] () -- C:\WINDOWS\popcinfo.dat
[2005/05/14 12:18:53 | 000,000,022 | -H-- | C] () -- C:\WINDOWS\_ISNU.INI
[2005/05/14 09:51:14 | 000,000,155 | -H-- | C] () -- C:\WINDOWS\winamp.ini
[2005/05/14 09:24:33 | 000,001,255 | -H-- | C] () -- C:\WINDOWS\System32\MRT.INI
[2005/05/14 08:46:06 | 000,000,377 | -H-- | C] () -- C:\WINDOWS\ODBC.INI
[2005/04/26 16:08:24 | 000,016,973 | ---- | C] () -- C:\WINDOWS\System32\ZWebAuth.dll
[2005/04/26 15:26:35 | 000,000,715 | -H-- | C] () -- C:\WINDOWS\aolback.exe.lnk
[2004/11/15 19:52:38 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\ftpupd.exe
[2004/10/17 15:04:09 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Nancy Redgate\Application Data\PFP110JPR.{PB
[2004/10/17 15:04:09 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Nancy Redgate\Application Data\PFP110JCM.{PB
[2004/10/17 15:01:30 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Nancy Redgate\Local Settings\Application Data\fusioncache.dat
[2004/10/17 14:36:46 | 000,000,031 | -H-- | C] () -- C:\WINDOWS\AUTHMGR.INI
[2004/10/17 14:09:08 | 000,000,607 | -H-- | C] () -- C:\WINDOWS\DELLSTAT.INI
[2004/08/02 13:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/03/16 17:08:47 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2004/03/16 17:03:22 | 000,149,504 | -H-- | C] () -- C:\WINDOWS\UNWISE.EXE
[2004/03/16 16:57:44 | 000,000,258 | -H-- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI
[2004/03/16 16:51:45 | 000,000,138 | -H-- | C] () -- C:\WINDOWS\wininit.ini
[2004/03/16 16:47:21 | 000,000,780 | -H-- | C] () -- C:\WINDOWS\orun32.ini
[2004/03/16 16:28:54 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2004/03/16 16:27:04 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/03/16 16:26:48 | 000,435,082 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2004/03/16 16:26:48 | 000,069,072 | -H-- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2004/03/16 16:12:50 | 000,000,550 | -H-- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003/08/14 00:13:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2002/11/13 14:40:22 | 000,040,960 | -H-- | C] () -- C:\WINDOWS\System32\dlbavs.dll
[2002/10/08 15:24:44 | 000,000,177 | -H-- | C] () -- C:\WINDOWS\System32\dlbacoin.ini
[2002/09/03 10:05:08 | 000,204,120 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2002/09/03 09:59:14 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/09/03 09:56:30 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002/09/03 09:31:46 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2002/09/03 09:31:44 | 000,004,594 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/08/29 06:00:00 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\MLANG.DAT
[2002/08/29 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
[2002/08/29 06:00:00 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\DSSEC.DAT
[2002/08/29 06:00:00 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\MIB.BIN
[2002/08/29 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
[2002/08/29 06:00:00 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/08/29 06:00:00 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\NOISE.DAT

========== Custom Scans ==========


< %TEMP%\smtmp\*.* /s >

========== Files - Unicode (All) ==========
[2009/05/23 15:56:45 | 000,000,040 | -H-- | M] ()(C:\WINDOWS\System32\????????????????????4???????????????????????) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥噜牥穩湯噜牥穩湯䤠瑮牥敮⁴敓畣楲祴匠極整卜晡䍥湯敮瑣䍜湯楦屧噘敩⹷潣普杩
[2009/05/23 15:56:45 | 000,000,040 | -H-- | C] ()(C:\WINDOWS\System32\????????????????????4???????????????????????) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥噜牥穩湯噜牥穩湯䤠瑮牥敮⁴敓畣楲祴匠極整卜晡䍥湯敮瑣䍜湯楦屧噘敩⹷潣普杩

========== Alternate Data Streams ==========

@Alternate Data Stream - 169 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:918DBCA9

< End of report >

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:59 PM

Posted 14 November 2011 - 08:44 PM

Hello

our harddrive is full dangerously full -

Drive C: | 38.25 Gb Total Space | 0.00 Gb Free Space | 0.01% Space Free |


I want you to run this custom OTL script for me and then let me know how things are after you finish.

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    otl
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [StartNowToolbarHelper] "C:\Program Files\StartNow Toolbar\ToolbarHelper.exe" File not found
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O18 - Protocol\Filter\x-sdch - No CLSID value found
    O20 - Winlogon\Notify\WgaLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
    @Alternate Data Stream - 169 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
    @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
    @Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:918DBCA9  
    O2 - BHO: (StartNow Toolbar Helper) - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll ()
    O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll ()
    [2011/11/06 18:54:19 | 000,000,448 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1kAlMiG2Kb7FzP
    [2011/11/06 18:52:10 | 000,000,280 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~1kAlMiG2Kb7FzP
    [2011/11/06 18:52:10 | 000,000,216 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~1kAlMiG2Kb7FzPr
    [2011/11/06 18:52:10 | 000,000,216 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~1kAlMiG2Kb7FzPr
    [2011/11/06 18:52:09 | 000,000,280 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~1kAlMiG2Kb7FzP
    [2011/11/06 18:51:46 | 000,000,448 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1kAlMiG2Kb7FzP
    [2008/12/19 15:02:22 | 000,002,704 | -H-- | C] () -- C:\WINDOWS\System32\TDSSlxwp.dll
    [2008/12/19 15:02:18 | 000,000,441 | ---- | C] () -- C:\WINDOWS\System32\TDSSorvd.dat
    [2007/10/04 14:58:18 | 000,694,009 | -HS- | C] () -- C:\WINDOWS\System32\csvtnipb.ini
    [2007/10/03 14:56:07 | 000,693,841 | -HS- | C] () -- C:\WINDOWS\System32\ssbeaaki.ini
    [2007/10/03 05:24:31 | 000,693,772 | -HS- | C] () -- C:\WINDOWS\System32\aevvjdtp.ini
    [2007/10/02 05:21:39 | 000,693,592 | -HS- | C] () -- C:\WINDOWS\System32\ndpkmfhy.ini
    [2007/10/01 05:21:32 | 000,693,541 | -HS- | C] () -- C:\WINDOWS\System32\gwokxylk.ini
    [2007/09/30 05:18:35 | 000,693,472 | -HS- | C] () -- C:\WINDOWS\System32\dabbdpft.ini
    [2007/09/29 05:21:44 | 000,693,448 | -HS- | C] () -- C:\WINDOWS\System32\bwyodtbi.ini
    [2007/09/27 21:34:05 | 000,693,466 | -HS- | C] () -- C:\WINDOWS\System32\onvxduls.ini
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [EMPTYTEMP]
    [emptyjava]
    [EMPTYFLASH]
    [RESETHOSTS]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Edited by gringo_pr, 14 November 2011 - 08:44 PM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 preschooler

preschooler
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:59 PM

Posted 14 November 2011 - 09:45 PM

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\StartNowToolbarHelper deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon\ deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:918DBCA9 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13D095-45C3-4271-9475-F3B48227DD9F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E13D095-45C3-4271-9475-F3B48227DD9F}\ deleted successfully.
C:\Program Files\StartNow Toolbar\Toolbar32.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{5911488E-9D1E-40ec-8CBB-06B231CC153F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\ deleted successfully.
File C:\Program Files\StartNow Toolbar\Toolbar32.dll not found.
C:\Documents and Settings\All Users\Application Data\1kAlMiG2Kb7FzP moved successfully.
C:\Documents and Settings\All Users\Application Data\~1kAlMiG2Kb7FzP moved successfully.
C:\Documents and Settings\All Users\Application Data\~1kAlMiG2Kb7FzPr moved successfully.
File C:\Documents and Settings\All Users\Application Data\~1kAlMiG2Kb7FzPr not found.
File C:\Documents and Settings\All Users\Application Data\~1kAlMiG2Kb7FzP not found.
File C:\Documents and Settings\All Users\Application Data\1kAlMiG2Kb7FzP not found.
C:\WINDOWS\SYSTEM32\TDSSlxwp.dll moved successfully.
C:\WINDOWS\SYSTEM32\TDSSorvd.dat moved successfully.
C:\WINDOWS\SYSTEM32\csvtnipb.ini moved successfully.
C:\WINDOWS\SYSTEM32\ssbeaaki.ini moved successfully.
C:\WINDOWS\SYSTEM32\aevvjdtp.ini moved successfully.

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:59 PM

Posted 14 November 2011 - 09:49 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 preschooler

preschooler
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:59 PM

Posted 15 November 2011 - 04:21 PM

Hello, having trouble with combo fix. I disabled my virus software and still it does not work. Just running and running then eventually freezes the computer. Unfortunately as I have only the one computer, I restarted the computer and ran combo fix again before leaving for work. I am posting this from work so I am not sure what I will get when I get home.

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:59 PM

Posted 16 November 2011 - 08:32 AM

Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 preschooler

preschooler
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:59 PM

Posted 16 November 2011 - 09:28 PM

Hi, tried running combo fix in safe mode for over three hours.... nothing happened. No logs, machine just freezes.

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:59 PM

Posted 16 November 2011 - 09:34 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 preschooler

preschooler
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:59 PM

Posted 16 November 2011 - 09:56 PM

Hopefully this is the right file! Thanks again so much for all your continued help thus far.

21:49:51.0843 3404 TDSS rootkit removing tool 2.6.19.0 Nov 16 2011 12:18:50
21:49:52.0265 3404 ============================================================
21:49:52.0265 3404 Current date / time: 2011/11/16 21:49:52.0265
21:49:52.0265 3404 SystemInfo:
21:49:52.0265 3404
21:49:52.0265 3404 OS Version: 5.1.2600 ServicePack: 3.0
21:49:52.0265 3404 Product type: Workstation
21:49:52.0265 3404 ComputerName: NANCY
21:49:52.0265 3404 UserName: Nancy Redgate
21:49:52.0265 3404 Windows directory: C:\WINDOWS
21:49:52.0265 3404 System windows directory: C:\WINDOWS
21:49:52.0265 3404 Processor architecture: Intel x86
21:49:52.0265 3404 Number of processors: 1
21:49:52.0265 3404 Page size: 0x1000
21:49:52.0265 3404 Boot type: Normal boot
21:49:52.0265 3404 ============================================================
21:49:55.0093 3404 Initialize success
21:50:03.0531 3440 ============================================================
21:50:03.0531 3440 Scan started
21:50:03.0531 3440 Mode: Manual;
21:50:03.0531 3440 ============================================================
21:50:04.0875 3440 Abiosdsk - ok
21:50:05.0062 3440 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
21:50:05.0062 3440 abp480n5 - ok
21:50:05.0265 3440 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:50:05.0265 3440 ACPI - ok
21:50:05.0421 3440 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
21:50:05.0421 3440 ACPIEC - ok
21:50:05.0625 3440 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys
21:50:05.0625 3440 adpu160m - ok
21:50:05.0812 3440 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
21:50:05.0812 3440 aeaudio - ok
21:50:05.0984 3440 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:50:05.0984 3440 aec - ok
21:50:06.0171 3440 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
21:50:06.0171 3440 AFD - ok
21:50:06.0343 3440 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\System32\DRIVERS\agp440.sys
21:50:06.0343 3440 agp440 - ok
21:50:06.0593 3440 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
21:50:06.0593 3440 agpCPQ - ok
21:50:06.0859 3440 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys
21:50:06.0859 3440 Aha154x - ok
21:50:07.0093 3440 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys
21:50:07.0093 3440 aic78u2 - ok
21:50:07.0328 3440 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys
21:50:07.0328 3440 aic78xx - ok
21:50:07.0515 3440 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys
21:50:07.0515 3440 AliIde - ok
21:50:07.0703 3440 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\System32\DRIVERS\alim1541.sys
21:50:07.0703 3440 alim1541 - ok
21:50:07.0875 3440 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\System32\DRIVERS\amdagp.sys
21:50:07.0875 3440 amdagp - ok
21:50:08.0046 3440 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys
21:50:08.0046 3440 amsint - ok
21:50:08.0234 3440 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys
21:50:08.0234 3440 asc - ok
21:50:08.0421 3440 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys
21:50:08.0421 3440 asc3350p - ok
21:50:08.0609 3440 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys
21:50:08.0609 3440 asc3550 - ok
21:50:08.0812 3440 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:50:08.0812 3440 AsyncMac - ok
21:50:09.0000 3440 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:50:09.0000 3440 atapi - ok
21:50:09.0109 3440 Atdisk - ok
21:50:09.0203 3440 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:50:09.0203 3440 Atmarpc - ok
21:50:09.0437 3440 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:50:09.0437 3440 audstub - ok
21:50:09.0593 3440 bcm4sbxp (068523d2cd260069b19ad68adea0d739) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
21:50:09.0593 3440 bcm4sbxp - ok
21:50:09.0703 3440 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:50:09.0703 3440 Beep - ok
21:50:09.0859 3440 BOCDRIVE - ok
21:50:10.0046 3440 bvrp_pci - ok
21:50:10.0265 3440 catchme - ok
21:50:10.0484 3440 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
21:50:10.0484 3440 cbidf - ok
21:50:10.0656 3440 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:50:10.0656 3440 cbidf2k - ok
21:50:10.0828 3440 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
21:50:10.0828 3440 cd20xrnt - ok
21:50:11.0000 3440 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:50:11.0015 3440 Cdaudio - ok
21:50:11.0109 3440 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:50:11.0109 3440 Cdfs - ok
21:50:11.0296 3440 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:50:11.0296 3440 Cdrom - ok
21:50:11.0437 3440 Changer - ok
21:50:11.0625 3440 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys
21:50:11.0625 3440 CmdIde - ok
21:50:11.0828 3440 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys
21:50:11.0828 3440 Cpqarray - ok
21:50:12.0031 3440 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
21:50:12.0031 3440 dac2w2k - ok
21:50:12.0203 3440 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys
21:50:12.0218 3440 dac960nt - ok
21:50:12.0437 3440 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:50:12.0437 3440 Disk - ok
21:50:12.0671 3440 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
21:50:12.0703 3440 dmboot - ok
21:50:12.0906 3440 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
21:50:12.0921 3440 dmio - ok
21:50:13.0078 3440 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:50:13.0078 3440 dmload - ok
21:50:13.0281 3440 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:50:13.0281 3440 DMusic - ok
21:50:13.0609 3440 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys
21:50:13.0609 3440 dpti2o - ok
21:50:13.0796 3440 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:50:13.0796 3440 drmkaud - ok
21:50:13.0968 3440 drvmcdb (7f056a52bcba3102d2d37a4a2646c807) C:\WINDOWS\system32\drivers\drvmcdb.sys
21:50:13.0968 3440 drvmcdb - ok
21:50:14.0218 3440 drvnddm (d3c1e501ed42e77574b3095309dd4075) C:\WINDOWS\system32\drivers\drvnddm.sys
21:50:14.0218 3440 drvnddm - ok
21:50:14.0421 3440 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
21:50:14.0437 3440 EL90XBC - ok
21:50:14.0656 3440 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:50:14.0656 3440 Fastfat - ok
21:50:14.0906 3440 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
21:50:14.0906 3440 Fdc - ok
21:50:15.0109 3440 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
21:50:15.0109 3440 Fips - ok
21:50:15.0296 3440 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:50:15.0296 3440 Flpydisk - ok
21:50:15.0546 3440 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
21:50:15.0546 3440 FltMgr - ok
21:50:15.0843 3440 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:50:15.0843 3440 Fs_Rec - ok
21:50:16.0015 3440 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:50:16.0015 3440 Ftdisk - ok
21:50:16.0250 3440 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
21:50:16.0250 3440 GEARAspiWDM - ok
21:50:16.0484 3440 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:50:16.0484 3440 Gpc - ok
21:50:16.0734 3440 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:50:16.0734 3440 HidUsb - ok
21:50:17.0015 3440 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys
21:50:17.0015 3440 hpn - ok
21:50:17.0250 3440 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:50:17.0250 3440 HTTP - ok
21:50:17.0453 3440 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
21:50:17.0453 3440 i2omgmt - ok
21:50:17.0671 3440 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\System32\DRIVERS\i2omp.sys
21:50:17.0671 3440 i2omp - ok
21:50:17.0875 3440 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:50:17.0875 3440 i8042prt - ok
21:50:18.0015 3440 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
21:50:18.0031 3440 i81x - ok
21:50:18.0281 3440 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
21:50:18.0281 3440 iAimFP0 - ok
21:50:18.0453 3440 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
21:50:18.0453 3440 iAimFP1 - ok
21:50:18.0640 3440 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
21:50:18.0640 3440 iAimFP2 - ok
21:50:18.0890 3440 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
21:50:18.0890 3440 iAimFP3 - ok
21:50:19.0062 3440 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
21:50:19.0062 3440 iAimFP4 - ok
21:50:19.0250 3440 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
21:50:19.0250 3440 iAimTV0 - ok
21:50:19.0437 3440 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
21:50:19.0437 3440 iAimTV1 - ok
21:50:19.0609 3440 iAimTV2 - ok
21:50:19.0703 3440 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
21:50:19.0703 3440 iAimTV3 - ok
21:50:19.0890 3440 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
21:50:19.0890 3440 iAimTV4 - ok
21:50:20.0125 3440 ialm (44b7d5a4f2bd9fe21aea0bb0bace38c4) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
21:50:20.0171 3440 ialm - ok
21:50:20.0421 3440 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:50:20.0421 3440 Imapi - ok
21:50:20.0656 3440 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys
21:50:20.0656 3440 ini910u - ok
21:50:20.0906 3440 IntelC51 (7509c548400f4c9e0211e3f6e66abbe6) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
21:50:20.0953 3440 IntelC51 - ok
21:50:21.0218 3440 IntelC52 (9584ffdd41d37f2c239681d0dac2513e) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
21:50:21.0296 3440 IntelC52 - ok
21:50:21.0515 3440 IntelC53 (de2686c0e012e6ae24acd6e79eb7ff5d) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
21:50:21.0515 3440 IntelC53 - ok
21:50:21.0781 3440 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys
21:50:21.0781 3440 IntelIde - ok
21:50:21.0968 3440 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:50:21.0968 3440 intelppm - ok
21:50:22.0156 3440 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
21:50:22.0156 3440 ip6fw - ok
21:50:22.0328 3440 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:50:22.0343 3440 IpFilterDriver - ok
21:50:22.0515 3440 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:50:22.0515 3440 IpInIp - ok
21:50:22.0703 3440 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:50:22.0703 3440 IpNat - ok
21:50:22.0890 3440 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:50:22.0890 3440 IPSec - ok
21:50:23.0031 3440 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:50:23.0046 3440 IRENUM - ok
21:50:23.0234 3440 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:50:23.0234 3440 isapnp - ok
21:50:23.0437 3440 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:50:23.0437 3440 Kbdclass - ok
21:50:23.0625 3440 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:50:23.0625 3440 kmixer - ok
21:50:23.0750 3440 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:50:23.0750 3440 KSecDD - ok
21:50:23.0812 3440 lbrtfdc - ok
21:50:23.0953 3440 MCSTRM (5bb01b9f582259d1fb7653c5c1da3653) C:\WINDOWS\system32\drivers\MCSTRM.sys
21:50:23.0953 3440 MCSTRM - ok
21:50:24.0093 3440 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:50:24.0093 3440 mnmdd - ok
21:50:24.0218 3440 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
21:50:24.0234 3440 Modem - ok
21:50:24.0375 3440 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
21:50:24.0375 3440 MODEMCSA - ok
21:50:24.0500 3440 mohfilt (59b8b11ff70728eec60e72131c58b716) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
21:50:24.0500 3440 mohfilt - ok
21:50:24.0625 3440 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:50:24.0625 3440 Mouclass - ok
21:50:24.0750 3440 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:50:24.0750 3440 mouhid - ok
21:50:24.0875 3440 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:50:24.0875 3440 MountMgr - ok
21:50:25.0000 3440 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys
21:50:25.0000 3440 mraid35x - ok
21:50:25.0171 3440 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
21:50:25.0234 3440 MREMP50 - ok
21:50:25.0390 3440 MREMP50a64 - ok
21:50:25.0421 3440 MREMPR5 - ok
21:50:25.0437 3440 MRENDIS5 - ok
21:50:25.0484 3440 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
21:50:25.0484 3440 MRESP50 - ok
21:50:25.0640 3440 MRESP50a64 - ok
21:50:25.0843 3440 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:50:25.0843 3440 MRxDAV - ok
21:50:26.0031 3440 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:50:26.0062 3440 MRxSmb - ok
21:50:26.0296 3440 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:50:26.0296 3440 Msfs - ok
21:50:26.0515 3440 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:50:26.0515 3440 MSKSSRV - ok
21:50:26.0718 3440 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:50:26.0718 3440 MSPCLOCK - ok
21:50:26.0937 3440 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:50:26.0937 3440 MSPQM - ok
21:50:27.0171 3440 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:50:27.0187 3440 mssmbios - ok
21:50:27.0421 3440 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
21:50:27.0421 3440 Mup - ok
21:50:27.0734 3440 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:50:27.0734 3440 NDIS - ok
21:50:27.0968 3440 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:50:27.0968 3440 NdisTapi - ok
21:50:28.0140 3440 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:50:28.0140 3440 Ndisuio - ok
21:50:28.0359 3440 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:50:28.0375 3440 NdisWan - ok
21:50:28.0578 3440 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
21:50:28.0578 3440 NDProxy - ok
21:50:28.0765 3440 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:50:28.0765 3440 NetBIOS - ok
21:50:28.0937 3440 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:50:28.0937 3440 NetBT - ok
21:50:29.0125 3440 NPDriver (c0e6afd4c945331475141f0fbb7f950e) C:\WINDOWS\system32\Drivers\NPDRIVER.SYS
21:50:29.0140 3440 NPDriver - ok
21:50:29.0312 3440 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:50:29.0328 3440 Npfs - ok
21:50:29.0562 3440 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:50:29.0593 3440 Ntfs - ok
21:50:29.0828 3440 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:50:29.0828 3440 Null - ok
21:50:30.0031 3440 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:50:30.0093 3440 nv - ok
21:50:30.0343 3440 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:50:30.0343 3440 NwlnkFlt - ok
21:50:30.0593 3440 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:50:30.0593 3440 NwlnkFwd - ok
21:50:30.0750 3440 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys
21:50:30.0750 3440 omci - ok
21:50:30.0937 3440 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
21:50:30.0937 3440 P3 - ok
21:50:31.0171 3440 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
21:50:31.0171 3440 Parport - ok
21:50:31.0453 3440 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:50:31.0453 3440 PartMgr - ok
21:50:31.0687 3440 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
21:50:31.0687 3440 ParVdm - ok
21:50:31.0843 3440 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
21:50:31.0843 3440 PCI - ok
21:50:32.0000 3440 PCIDump - ok
21:50:32.0156 3440 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:50:32.0156 3440 PCIIde - ok
21:50:32.0375 3440 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
21:50:32.0375 3440 Pcmcia - ok
21:50:32.0500 3440 PDCOMP - ok
21:50:32.0625 3440 PDFRAME - ok
21:50:32.0687 3440 PDRELI - ok
21:50:32.0765 3440 PDRFRAME - ok
21:50:32.0890 3440 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys
21:50:32.0890 3440 perc2 - ok
21:50:33.0078 3440 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys
21:50:33.0078 3440 perc2hib - ok
21:50:33.0312 3440 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:50:33.0328 3440 PptpMiniport - ok
21:50:33.0531 3440 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
21:50:33.0531 3440 Processor - ok
21:50:33.0750 3440 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:50:33.0765 3440 Ptilink - ok
21:50:33.0984 3440 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
21:50:33.0984 3440 PxHelp20 - ok
21:50:34.0250 3440 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys
21:50:34.0265 3440 ql1080 - ok
21:50:34.0453 3440 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
21:50:34.0453 3440 Ql10wnt - ok
21:50:34.0687 3440 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys
21:50:34.0687 3440 ql12160 - ok
21:50:34.0890 3440 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys
21:50:34.0890 3440 ql1240 - ok
21:50:35.0093 3440 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys
21:50:35.0093 3440 ql1280 - ok
21:50:35.0265 3440 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:50:35.0265 3440 RasAcd - ok
21:50:35.0437 3440 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:50:35.0453 3440 Rasl2tp - ok
21:50:35.0656 3440 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:50:35.0656 3440 RasPppoe - ok
21:50:35.0781 3440 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:50:35.0796 3440 Raspti - ok
21:50:35.0953 3440 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:50:35.0953 3440 Rdbss - ok
21:50:36.0171 3440 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:50:36.0171 3440 RDPCDD - ok
21:50:36.0359 3440 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:50:36.0359 3440 rdpdr - ok
21:50:36.0578 3440 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
21:50:36.0578 3440 RDPWD - ok
21:50:36.0765 3440 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:50:36.0765 3440 redbook - ok
21:50:36.0984 3440 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
21:50:36.0984 3440 SASDIFSV - ok
21:50:37.0062 3440 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
21:50:37.0062 3440 SASENUM - ok
21:50:37.0140 3440 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
21:50:37.0140 3440 SASKUTIL - ok
21:50:37.0375 3440 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:50:37.0375 3440 Secdrv - ok
21:50:37.0593 3440 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
21:50:37.0593 3440 serenum - ok
21:50:37.0765 3440 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
21:50:37.0765 3440 Serial - ok
21:50:38.0031 3440 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:50:38.0031 3440 Sfloppy - ok
21:50:38.0156 3440 Simbad - ok
21:50:38.0343 3440 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\System32\DRIVERS\sisagp.sys
21:50:38.0343 3440 sisagp - ok
21:50:38.0625 3440 smwdm (31fd0707c7dbe715234f2823b27214fe) C:\WINDOWS\system32\drivers\smwdm.sys
21:50:38.0656 3440 smwdm - ok
21:50:38.0890 3440 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys
21:50:38.0890 3440 Sparrow - ok
21:50:39.0093 3440 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:50:39.0093 3440 splitter - ok
21:50:39.0328 3440 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
21:50:39.0328 3440 sr - ok
21:50:39.0562 3440 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
21:50:39.0578 3440 Srv - ok
21:50:39.0812 3440 sscdbhk5 (328e8bb94ec58480f60458fb4b8437a7) C:\WINDOWS\system32\drivers\sscdbhk5.sys
21:50:39.0812 3440 sscdbhk5 - ok
21:50:40.0031 3440 ssrtln (7ec8b427cee5c0cdac066320b93f1355) C:\WINDOWS\system32\drivers\ssrtln.sys
21:50:40.0031 3440 ssrtln - ok
21:50:40.0265 3440 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:50:40.0265 3440 swenum - ok
21:50:40.0500 3440 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:50:40.0515 3440 swmidi - ok
21:50:40.0718 3440 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys
21:50:40.0718 3440 symc810 - ok
21:50:40.0906 3440 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys
21:50:40.0906 3440 symc8xx - ok
21:50:41.0093 3440 SymEvent (083fe6483dc16a02af2434d04b7d7aea) C:\Program Files\Symantec\SYMEVENT.SYS
21:50:41.0093 3440 SymEvent - ok
21:50:41.0343 3440 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys
21:50:41.0343 3440 sym_hi - ok
21:50:41.0515 3440 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys
21:50:41.0515 3440 sym_u3 - ok
21:50:41.0750 3440 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:50:41.0750 3440 sysaudio - ok
21:50:41.0968 3440 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:50:41.0984 3440 Tcpip - ok
21:50:42.0187 3440 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:50:42.0203 3440 TDPIPE - ok
21:50:42.0375 3440 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:50:42.0375 3440 TDTCP - ok
21:50:42.0593 3440 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:50:42.0593 3440 TermDD - ok
21:50:42.0765 3440 tfsnboio (c229bf90443be8d3bd2b65d7f3ac0f35) C:\WINDOWS\system32\dla\tfsnboio.sys
21:50:42.0765 3440 tfsnboio - ok
21:50:42.0921 3440 tfsncofs (79ee9fcd7728e54ab8fbc30962f0416f) C:\WINDOWS\system32\dla\tfsncofs.sys
21:50:42.0921 3440 tfsncofs - ok
21:50:43.0078 3440 tfsndrct (9efb37e7de17d783a059b653f7e8afad) C:\WINDOWS\system32\dla\tfsndrct.sys
21:50:43.0078 3440 tfsndrct - ok
21:50:43.0234 3440 tfsndres (130254995ebedcb34d62e8d78ec9dbd0) C:\WINDOWS\system32\dla\tfsndres.sys
21:50:43.0234 3440 tfsndres - ok
21:50:43.0406 3440 tfsnifs (9b40e1e4aeed849812a2e43a388a7e77) C:\WINDOWS\system32\dla\tfsnifs.sys
21:50:43.0406 3440 tfsnifs - ok
21:50:43.0609 3440 tfsnopio (818047ad850b312705aa17ca96b9427d) C:\WINDOWS\system32\dla\tfsnopio.sys
21:50:43.0609 3440 tfsnopio - ok
21:50:43.0765 3440 tfsnpool (4603e813bcc6dd465cd8d2afd37fa90d) C:\WINDOWS\system32\dla\tfsnpool.sys
21:50:43.0765 3440 tfsnpool - ok
21:50:43.0937 3440 tfsnudf (6fc2cd904a9a55acfdfc780a611a75ed) C:\WINDOWS\system32\dla\tfsnudf.sys
21:50:43.0937 3440 tfsnudf - ok
21:50:44.0093 3440 tfsnudfa (d4afa4d00f8db3fd1c15b3fe49c3a96c) C:\WINDOWS\system32\dla\tfsnudfa.sys
21:50:44.0093 3440 tfsnudfa - ok
21:50:44.0265 3440 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys
21:50:44.0265 3440 TosIde - ok
21:50:44.0468 3440 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:50:44.0484 3440 Udfs - ok
21:50:44.0687 3440 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys
21:50:44.0687 3440 ultra - ok
21:50:44.0906 3440 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:50:44.0921 3440 Update - ok
21:50:45.0156 3440 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
21:50:45.0156 3440 USBAAPL - ok
21:50:45.0328 3440 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:50:45.0328 3440 usbccgp - ok
21:50:45.0546 3440 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:50:45.0546 3440 usbehci - ok
21:50:45.0671 3440 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:50:45.0671 3440 usbhub - ok
21:50:45.0843 3440 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:50:45.0843 3440 usbprint - ok
21:50:46.0031 3440 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:50:46.0031 3440 usbscan - ok
21:50:46.0187 3440 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:50:46.0187 3440 USBSTOR - ok
21:50:46.0406 3440 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:50:46.0406 3440 usbuhci - ok
21:50:46.0625 3440 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:50:46.0625 3440 VgaSave - ok
21:50:46.0890 3440 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\System32\DRIVERS\viaagp.sys
21:50:46.0890 3440 viaagp - ok
21:50:47.0140 3440 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys
21:50:47.0140 3440 ViaIde - ok
21:50:47.0343 3440 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
21:50:47.0343 3440 VolSnap - ok
21:50:47.0578 3440 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:50:47.0578 3440 Wanarp - ok
21:50:47.0687 3440 wanatw - ok
21:50:47.0718 3440 WDICA - ok
21:50:47.0828 3440 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:50:47.0828 3440 wdmaud - ok
21:50:48.0171 3440 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:50:48.0171 3440 WS2IFSL - ok
21:50:48.0359 3440 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:50:48.0359 3440 WudfPf - ok
21:50:48.0546 3440 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:50:48.0562 3440 WudfRd - ok
21:50:48.0843 3440 ZG760_XP (bd6354de4d081de96c79bdb53f55ca82) C:\WINDOWS\system32\DRIVERS\WlanGZXP.sys
21:50:48.0859 3440 ZG760_XP - ok
21:50:49.0093 3440 {6080A529-897E-4629-A488-ABA0C29B635E} (fd1f4e9cf06c71c8d73a24acf18d8296) C:\WINDOWS\system32\drivers\ialmsbw.sys
21:50:49.0093 3440 {6080A529-897E-4629-A488-ABA0C29B635E} - ok
21:50:49.0296 3440 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (d4d7331d33d1fa73e588e5ce0d90a4c1) C:\WINDOWS\system32\drivers\ialmkchw.sys
21:50:49.0312 3440 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok
21:50:49.0375 3440 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
21:50:49.0406 3440 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
21:50:49.0406 3440 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
21:50:49.0453 3440 Boot (0x1200) (415a25ef42ce83dd96108a1e4b544737) \Device\Harddisk0\DR0\Partition0
21:50:49.0453 3440 \Device\Harddisk0\DR0\Partition0 - ok
21:50:49.0468 3440 ============================================================
21:50:49.0468 3440 Scan finished
21:50:49.0468 3440 ============================================================
21:50:49.0484 3432 Detected object count: 1
21:50:49.0484 3432 Actual detected object count: 1
21:51:16.0671 3432 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot
21:51:16.0718 3432 \Device\Harddisk0\DR0 - ok
21:51:16.0718 3432 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure
21:51:21.0390 1048 Deinitialize success

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:59 PM

Posted 16 November 2011 - 09:57 PM

Hello


That removed a rootkit now try and run combofix for me


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users