Problems with IP config and internet

**Cookiegal** · 20-Nov-2011, 03:47 PM **#16**

1. Please download The Avenger2 by Swandog46 to your Desktop.

Right-click on the Avenger.zip folder and select "Extract All..."
Follow the prompts and extract the Avenger folder to your desktop

2. Copy all the text contained in the code box below to your clipboard by highlighting it and pressing (Ctrl+C):

Code:

Folders to delete:
c:\windows\$NtUninstallKB11092$

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, open the Avenger folder and start The Avenger program by clicking on its icon.

Right-click on the window under Input script here:, and select Paste.
You can also paste the text copied to the clipboard into this window by pressing (Ctrl+V).
Click on Execute
Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

It will restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

5. Please copy/paste the content of C:\avenger.txt into your reply

skittlezpwn43 · 20-Nov-2011, 04:11 PM **#17**

Avenger Text File:

Quote:

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Folder "c:\windows\$NtUninstallKB11092$" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

skittlezpwn43 · 20-Nov-2011, 04:19 PM **#18**

Is it safe to start doing this from the "infected" computer now? I'm kinda tired of the whole switching the USB between computers. I'm just worried that if i DO connect, another Backdoor/Trojan virus will start downloading even more stuff onto my computer (if there is still one left.)

**Cookiegal** · 20-Nov-2011, 04:46 PM **#19**

Yes, you can use the other machine now.

Download OTS.exe to your Desktop.

Close any open browsers.
If your Real protection or Antivirus interferes with OTS, allow it to run.
Double-click on OTS.exe to start the program.
In Additional Scans section put a check in Disabled MS Config Items and EventViewer logs
Now click the Run Scan button on the toolbar.
Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Save that notepad file.

Use the Reply button, scroll down to the attachments section and attach the notepad file here.

skittlezpwn43 · 20-Nov-2011, 05:10 PM **#20**

OTS.txt

**Cookiegal** · 21-Nov-2011, 03:39 PM **#21**

Start OTS. Copy/Paste the information in the code box below into the pane where it says "Paste fix here" and then click the "Run Fix" button.

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the OK button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new HijackThis log please.

Code:

[Kill All Processes]
[Unregister Dlls]
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> 
YN -> HKEY_LOCAL_MACHINE\: URLSearchHooks\\"{03402f96-3dc7-4285-bc50-9e81fefafe43}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< FireFox SearchPlugins [User Folders] > -> 
YY ->  mywebsearch.xml -> C:\Documents and Settings\Cameron Self\Application Data\Mozilla\FireFox\Profiles\s7knhbie.default\searchplugins\mywebsearch.xml
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {2EECD738-5844-4a99-B4B6-146BF802613B} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> {b0cda128-b425-4eef-a174-61a11ac5dbf8} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YN -> "{61539ecd-cc67-4437-a03c-9aaccbd14326}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> "{98889811-442D-49dd-99D7-DC866BE87DBC}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{61539ECD-CC67-4437-A03C-9AACCBD14326}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Cameron Self Startup Folder > -> C:\Documents and Settings\Cameron Self\Start Menu\Programs\Startup
YN -> C:\Documents and Settings\Cameron Self\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk -> 
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
YN -> &Download All using 4shared Desktop -> [C:\Program Files\4shared Desktop\down_all.htm]
YN -> Translate this web page with Babylon -> [res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm]
YN -> Translate with Babylon -> [res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
YN -> {0b83c99c-1efa-4259-858f-bcb33e007a5b}:{61539ecd-cc67-4437-a03c-9aaccbd14326} [HKLM] -> Reg Error: Key error. [Button: AIM Toolbar]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\"{0b83c99c-1efa-4259-858f-bcb33e007a5b}" [HKLM] -> [AIM Toolbar]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
YN -> {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab [Reg Error: Key error.]
YN -> {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab [Reg Error: Key error.]
< File Associations - Select to Repair > -> HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>\
YN -> .exe [@ = exefile] -> Reg Error: Key error.
[Registry - Additional Scans - Safe List]
< Disabled MSConfig Folder Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\
YN -> C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk -> 
YN -> C:^Documents and Settings^Cameron Self^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk -> 
< Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\
YN -> UserFaultCheck hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
[Files/Folders - Created Within 30 Days]
NY ->  54 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY ->  33 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp
NY ->  3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
[Files/Folders - Modified Within 30 Days]
NY ->  rzr-gt42.rar -> C:\Documents and Settings\Cameron Self\Desktop\rzr-gt42.rar
NY ->  54 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY ->  33 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp
NY ->  3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
[Files - No Company Name]
NY ->  283032330 -> C:\WINDOWS\283032330
NY ->  rzr-gt42.rar -> C:\Documents and Settings\Cameron Self\Desktop\rzr-gt42.rar
NY ->  47h7308i05434q7ml6uhge302 -> C:\Documents and Settings\Cameron Self\Local Settings\Application Data\47h7308i05434q7ml6uhge302
NY ->  47h7308i05434q7ml6uhge302 -> C:\Documents and Settings\All Users\Application Data\47h7308i05434q7ml6uhge302
[Empty Temp Folders]
[EmptyFlash]
[EmptyJava]
[Start Explorer]
[Reboot]

skittlezpwn43 · 21-Nov-2011, 07:22 PM **#22**

OTS.txt:

Quote:

All Processes Killed
[Registry - Safe List]
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\URLSearchHooks\\{03402f96-3dc7-4285-bc50-9e81fefafe43} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03402f96-3dc7-4285-bc50-9e81fefafe43}\ not found.
C:\Documents and Settings\Cameron Self\Application Data\Mozilla\FireFox\Profiles\s7knhbie.default\searchplugins\mywebsearch.xm l moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{b0cda128-b425-4eef-a174-61a11ac5dbf8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b0cda128-b425-4eef-a174-61a11ac5dbf8}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\{61539ecd-cc67-4437-a03c-9aaccbd14326} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61539ecd-cc67-4437-a03c-9aaccbd14326}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{61539ECD-CC67-4437-A03C-9AACCBD14326} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61539ECD-CC67-4437-A03C-9AACCBD14326}\ not found.
C:\Documents and Settings\Cameron Self\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk moved successfully.
File C:\Documents and Settings\Cameron Self\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Download All using 4shared Desktop\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Translate this web page with Babylon\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Translate with Babylon\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0b83c99c-1efa-4259-858f-bcb33e007a5b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0b83c99c-1efa-4259-858f-bcb33e007a5b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0b83c99c-1efa-4259-858f-bcb33e007a5b}:{61539ecd-cc67-4437-a03c-9aaccbd14326}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{0b83c99c-1efa-4259-858f-bcb33e007a5b} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0b83c99c-1efa-4259-858f-bcb33e007a5b}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\Contains\Files\ not found.
not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}\Contains\Files\ not found.
not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Classes\.exe\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Classes\exefile\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe\shell\open\exefile\\'' updated successfully.
[Registry - Additional Scans - Safe List]
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk\ deleted successfully.
File C:\WINDOWS\pss\dobe Reader Speed Launch.lnk not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Cameron Self^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk\ deleted successfully.
File C:\WINDOWS\pss\ollerCoaster Tycoon 3 Registration.lnk not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UserFaultCheck hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ not found.
File not found.
[Files/Folders - Created Within 30 Days]
C:\WINDOWS\System32\ConduitEngine.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\System32\SET6EA.tmp deleted successfully.
C:\WINDOWS\System32\SET744.tmp deleted successfully.
C:\WINDOWS\System32\SET745.tmp deleted successfully.
C:\WINDOWS\System32\SET746.tmp deleted successfully.
C:\WINDOWS\System32\SET747.tmp deleted successfully.
C:\WINDOWS\System32\SET748.tmp deleted successfully.
C:\WINDOWS\System32\SET749.tmp deleted successfully.
C:\WINDOWS\System32\SET74A.tmp deleted successfully.
C:\WINDOWS\System32\SET74B.tmp deleted successfully.
C:\WINDOWS\System32\SET74F.tmp deleted successfully.
C:\WINDOWS\System32\SET750.tmp deleted successfully.
C:\WINDOWS\System32\SET751.tmp deleted successfully.
C:\WINDOWS\System32\SET752.tmp deleted successfully.
C:\WINDOWS\System32\SET753.tmp deleted successfully.
C:\WINDOWS\System32\SET757.tmp deleted successfully.
C:\WINDOWS\System32\SET759.tmp deleted successfully.
C:\WINDOWS\System32\SET75B.tmp deleted successfully.
C:\WINDOWS\System32\SET75C.tmp deleted successfully.
C:\WINDOWS\System32\SET75D.tmp deleted successfully.
C:\WINDOWS\System32\SET75E.tmp deleted successfully.
C:\WINDOWS\System32\SET760.tmp deleted successfully.
C:\WINDOWS\System32\SET761.tmp deleted successfully.
C:\WINDOWS\System32\SET763.tmp deleted successfully.
C:\WINDOWS\System32\SET766.tmp deleted successfully.
C:\WINDOWS\System32\SET767.tmp deleted successfully.
C:\WINDOWS\System32\SET76A.tmp deleted successfully.
C:\WINDOWS\System32\SET76B.tmp deleted successfully.
C:\WINDOWS\System32\SET76C.tmp deleted successfully.
C:\WINDOWS\System32\SET76D.tmp deleted successfully.
C:\WINDOWS\System32\SET76E.tmp deleted successfully.
C:\WINDOWS\System32\SET770.tmp deleted successfully.
C:\WINDOWS\System32\SET772.tmp deleted successfully.
C:\WINDOWS\System32\SET773.tmp deleted successfully.
C:\WINDOWS\System32\SET774.tmp deleted successfully.
C:\WINDOWS\System32\SET776.tmp deleted successfully.
C:\WINDOWS\System32\SET777.tmp deleted successfully.
C:\WINDOWS\System32\SET778.tmp deleted successfully.
C:\WINDOWS\System32\SET79C.tmp deleted successfully.
C:\WINDOWS\System32\SET79D.tmp deleted successfully.
C:\WINDOWS\System32\SET79E.tmp deleted successfully.
C:\WINDOWS\System32\SET79F.tmp deleted successfully.
C:\WINDOWS\System32\SET7A0.tmp deleted successfully.
C:\WINDOWS\System32\SET7A1.tmp deleted successfully.
C:\WINDOWS\System32\SET7A4.tmp deleted successfully.
C:\WINDOWS\System32\SET7A6.tmp deleted successfully.
C:\WINDOWS\System32\SET98.tmp deleted successfully.
C:\WINDOWS\System32\SET9A.tmp deleted successfully.
C:\WINDOWS\System32\SET9F.tmp deleted successfully.
C:\WINDOWS\System32\SETA6.tmp deleted successfully.
C:\WINDOWS\System32\SETAF.tmp deleted successfully.
C:\WINDOWS\System32\SETB1.tmp deleted successfully.
C:\WINDOWS\System32\SETB4.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET6F3.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET6F4.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET6F5.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET6F7.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET6FB.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET6FC.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET6FD.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET6FE.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET6FF.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET700.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET702.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET703.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET704.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET707.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET708.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET709.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET70A.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET70C.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET70D.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET70F.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET710.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET712.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET713.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET714.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET715.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET716.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET717.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET719.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET71B.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET71C.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET71E.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET71F.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET720.tmp deleted successfully.
C:\WINDOWS\004658_.tmp deleted successfully.
C:\WINDOWS\CD6E97C6310B487A945E18965FF0E20E.TMP\WiseCustomCalla.dll deleted successfully.
C:\WINDOWS\CD6E97C6310B487A945E18965FF0E20E.TMP\WiseData.ini deleted successfully.
C:\WINDOWS\CD6E97C6310B487A945E18965FF0E20E.TMP folder deleted successfully.
C:\WINDOWS\msdownld.tmp folder deleted successfully.
[Files/Folders - Modified Within 30 Days]
C:\Documents and Settings\Cameron Self\Desktop\rzr-gt42.rar moved successfully.
[Files - No Company Name]
C:\WINDOWS\283032330 moved successfully.
File C:\Documents and Settings\Cameron Self\Desktop\rzr-gt42.rar not found!
C:\Documents and Settings\Cameron Self\Local Settings\Application Data\47h7308i05434q7ml6uhge302 moved successfully.
C:\Documents and Settings\All Users\Application Data\47h7308i05434q7ml6uhge302 moved successfully.
[Empty Temp Folders]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Cameron
->Temp folder emptied: 1615969890 bytes
->Temporary Internet Files folder emptied: 418981203 bytes
->Java cache emptied: 19331729 bytes
->FireFox cache emptied: 104701220 bytes
->Flash cache emptied: 1978370 bytes

User: Cameron Self
->Temp folder emptied: 35670829 bytes
->Temporary Internet Files folder emptied: 5734874 bytes
->Java cache emptied: 31455823 bytes
->FireFox cache emptied: 52039883 bytes
->Google Chrome cache emptied: 258819473 bytes
->Apple Safari cache emptied: 27648 bytes
->Flash cache emptied: 82076 bytes

User: Default User
->Temp folder emptied: 16384 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 56466 bytes

User: Kathy

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 456 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 22012 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 24052057 bytes
RecycleBin emptied: 939362614 bytes

Total Files Cleaned = 3,346.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Cameron
->Flash cache emptied: 0 bytes

User: Cameron Self
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Kathy

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

[EMPTYJAVA]

User: Administrator

User: All Users

User: Cameron
->Java cache emptied: 0 bytes

User: Cameron Self
->Java cache emptied: 0 bytes

User: Default User

User: Kathy

User: LocalService
->Java cache emptied: 0 bytes

User: NetworkService

Total Java Files Cleaned = 0.00 mb

< End of fix log >
OTS by OldTimer - Version 3.1.46.0 fix logfile created on 11212011_170530

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

HijackThis log:

Quote:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:19:58 PM, on 11/21/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Documents and Settings\Cameron Self\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/home?AF=17708
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=0061215
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: NCH Toolbar - {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Program Files\NCH\prxtbNC2.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O2 - BHO: (no name) - {3AA8347C-4AA5-4DC2-8350-2F556BABF0AA} - C:\PROGRA~1\SMARTM~1\IEHelper.dll
O2 - BHO: Softonic-Eng7 - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\prxtbSof2.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Device Doctor - {bb6d9528-45f5-4c75-91c9-93290710ec4c} - C:\Program Files\Device_Doctor\prxtbDev2.dll
O2 - BHO: NCH - {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Program Files\NCH\prxtbNC2.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\prxtbSof2.dll
O3 - Toolbar: Device Doctor Toolbar - {bb6d9528-45f5-4c75-91c9-93290710ec4c} - C:\Program Files\Device_Doctor\prxtbDev2.dll
O3 - Toolbar: NCH Toolbar - {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Program Files\NCH\prxtbNC2.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SearchSettings] "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\BitTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1166664182406
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/bej...loader_v10.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Malwarebytes Corporation - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

--
End of file - 13847 bytes

**Cookiegal** · 21-Nov-2011, 10:17 PM **#23**

Please run the following on-line scanner. Note that you must use Internet Explorer to perform the scan.

Note: If you're running a 64-bit system you have to choose the 32-bit option in IE. To do that, go to the Start Menu and right-click the Internet Explorer (32-bit) icon and then select 'Run as administrator' from the right-click menu.

http://www.eset.com/online-scanner

Accept the Terms of Use and then press the Start button

Allow the ActiveX control to be installed.

Put a check by Remove found threats and then run the scan.

When the scan is finished, you will see the results in a window.

A log.txt file is created here: C:\Program Files\EsetOnlineScanner\log.txt.

Open the log file with Notepad and copy and paste the contents here please.

skittlezpwn43 · 22-Nov-2011, 09:57 PM **#24**

Eset Scanner Log:

Quote:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=01ff6d6660653a488a9bc11ebb151fa9
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-11-23 01:08:48
# local_time=2011-11-22 08:08:48 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=276194
# found=59
# cleaned=58
# scan_time=8715
C:\Documents and Settings\All Users\Application Data\TorrentEasy\LibInstaller.exe a variant of Win32/Adware.GoodMedia.B application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Cameron\Local Settings\Application Data\Xenocode\ApplianceCaches\KumaClient.exe_v2A737A33\Native\STUBEXE\@PROG RAMFILES@\Kuma Games\Kuma.exe probably a variant of Win32/Agent.ETCVBWS trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Cameron Self\Application Data\OpenCandy\OpenCandy_8C60861A4BF94322BF40102584A230E9\registrybooster(2 ).exe a variant of Win32/RegistryBooster application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Cameron Self\My Documents\sv\d\3DSexVilla2-Everlust-Install.exe Win32/TrojanDownloader.Autoit.NCR trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Application Updater\ probably a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Application Updater\ApplicationUpdater.exe probably a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\enDEE\G0xMHEqmgBUxr6.cpl a variant of Win32/Sefnit.AL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll Win32/Adware.Yontoo.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\TorrentEasy\extensions.exe.vir a variant of Win32/Adware.GoodMedia.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Cameron Self\Local Settings\Application Data\0abbde10\X.vir Win32/Sirefef.DD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\Application Updater\ApplicationUpdater.exe.vir probably a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe.vir Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\iPod\bin\iPodService.exe.vir Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\Java\jre6\bin\jqs.exe.vir Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe.vir Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\Ati2evxx.exe.vir Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\c_92464.nl_.vir a variant of Win32/Sirefef.CR trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\afd.sys.vir a variant of Win32/Rootkit.Kryptik.DM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\imapi.sys.vir a variant of Win32/Rootkit.Kryptik.DM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\ipsec.sys.vir a variant of Win32/Rootkit.Kryptik.DM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\redbook.sys.vir a variant of Win32/Rootkit.Kryptik.DM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP118\A0035277.dll a variant of Win32/Toolbar.Babylon application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP118\A0035279.exe probably a variant of Win32/Toolbar.Babylon application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP121\A0040138.rbf a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP121\A0040139.rbf probably a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP137\A0041565.exe a variant of Win32/Injector.EPH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP143\A0041681.exe a variant of Win32/Inject.NDT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP143\A0041682.exe a variant of Win32/Inject.NDT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP149\A0042247.exe probably a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP153\A0044559.sys Win32/Sirefef.DM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP153\A0044568.sys a variant of Win32/Rootkit.Kryptik.DM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP153\A0045568.sys a variant of Win32/Rootkit.Kryptik.DM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP155\A0046582.sys a variant of Win32/Rootkit.Kryptik.DM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP156\A0047636.rbf Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP156\A0047648.rbf Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP167\A0052546.sys a variant of Win32/Rootkit.Kryptik.DM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP167\A0052647.dll a variant of Win32/Adware.Yontoo.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP167\A0052651.exe a variant of Win32/Adware.GoodMedia.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP167\A0052656.sys a variant of Win32/Rootkit.Kryptik.DM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP167\A0052657.sys a variant of Win32/Rootkit.Kryptik.DM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP167\A0052658.sys a variant of Win32/Rootkit.Kryptik.DM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP167\A0052659.exe Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP167\A0052660.exe probably a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP167\A0052661.exe Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP167\A0052662.exe Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP167\A0052663.exe Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP167\A0052664.exe Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP167\A0052665.exe Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP171\A0057235.exe a variant of Win32/Adware.GoodMedia.B application (deleted - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP171\A0057236.exe probably a variant of Win32/Agent.ETCVBWS trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP171\A0057237.exe a variant of Win32/RegistryBooster application (deleted - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP171\A0057238.exe probably a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP171\A0057239.exe a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP171\A0057240.cpl a variant of Win32/Sefnit.AL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP171\A0057241.dll Win32/Adware.Yontoo.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\AscConTest.dll Win32/Adware.Ascentive application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\drivers\intelppm.sys a variant of Win32/Rootkit.Kryptik.DM trojan (unable to clean) 00000000000000000000000000000000 I

skittlezpwn43 · 23-Nov-2011, 08:09 PM **#25**

bump

**Cookiegal** · 23-Nov-2011, 09:35 PM **#26**

Please go to the following link and run TDSSKiller:

http://support.kaspersky.com/viruses...?qid=208280684

Allow it cure anything if prompted.

Please post the log back here.

skittlezpwn43 · 24-Nov-2011, 12:13 AM **#27**

23:56:32.0578 2512 TDSS rootkit removing tool 2.6.20.0 Nov 22 2011 12:05:55
23:56:32.0875 2512 ============================================================
23:56:32.0875 2512 Current date / time: 2011/11/23 23:56:32.0875
23:56:32.0875 2512 SystemInfo:
23:56:32.0875 2512
23:56:32.0875 2512 OS Version: 5.1.2600 ServicePack: 3.0
23:56:32.0875 2512 Product type: Workstation
23:56:32.0875 2512 ComputerName: MAIN
23:56:32.0875 2512 UserName: Cameron Self
23:56:32.0875 2512 Windows directory: C:\WINDOWS
23:56:32.0875 2512 System windows directory: C:\WINDOWS
23:56:32.0875 2512 Processor architecture: Intel x86
23:56:32.0875 2512 Number of processors: 2
23:56:32.0875 2512 Page size: 0x1000
23:56:32.0875 2512 Boot type: Normal boot
23:56:32.0875 2512 ============================================================
23:56:33.0343 2512 Initialize success
23:56:34.0312 0572 ============================================================
23:56:34.0312 0572 Scan started
23:56:34.0312 0572 Mode: Manual;
23:56:34.0312 0572 ============================================================
23:56:36.0343 0572 .imapi - ok
23:56:36.0531 0572 A3AB (886a8a267b39bf510ddd1838fda9756e) C:\WINDOWS\system32\DRIVERS\A3AB.sys
23:56:36.0546 0572 A3AB - ok
23:56:36.0562 0572 Abiosdsk - ok
23:56:36.0671 0572 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
23:56:36.0671 0572 abp480n5 - ok
23:56:36.0734 0572 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:56:36.0734 0572 ACPI - ok
23:56:36.0796 0572 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
23:56:36.0796 0572 ACPIEC - ok
23:56:36.0890 0572 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
23:56:36.0890 0572 adpu160m - ok
23:56:36.0968 0572 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
23:56:36.0968 0572 aec - ok
23:56:37.0031 0572 AegisP (2f7f3e8da380325866e566f5d5ec23d5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
23:56:37.0031 0572 AegisP - ok
23:56:37.0109 0572 AFD (f6b7b1ecd7b41736bdb6ff4b092bcb79) C:\WINDOWS\System32\drivers\afd.sys
23:56:37.0109 0572 AFD - ok
23:56:37.0281 0572 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
23:56:37.0281 0572 agp440 - ok
23:56:37.0375 0572 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
23:56:37.0375 0572 agpCPQ - ok
23:56:37.0437 0572 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
23:56:37.0437 0572 Aha154x - ok
23:56:37.0562 0572 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
23:56:37.0578 0572 aic78u2 - ok
23:56:37.0593 0572 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
23:56:37.0593 0572 aic78xx - ok
23:56:37.0703 0572 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
23:56:37.0703 0572 AliIde - ok
23:56:37.0718 0572 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
23:56:37.0718 0572 alim1541 - ok
23:56:37.0812 0572 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
23:56:37.0812 0572 amdagp - ok
23:56:37.0859 0572 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
23:56:37.0859 0572 amsint - ok
23:56:37.0937 0572 ANIO (920298c7aef97d8168d219d35975d295) C:\WINDOWS\system32\ANIO.SYS
23:56:37.0968 0572 ANIO - ok
23:56:38.0109 0572 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
23:56:38.0125 0572 asc - ok
23:56:38.0203 0572 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
23:56:38.0218 0572 asc3350p - ok
23:56:38.0250 0572 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
23:56:38.0250 0572 asc3550 - ok
23:56:38.0421 0572 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:56:38.0421 0572 AsyncMac - ok
23:56:38.0515 0572 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
23:56:38.0515 0572 atapi - ok
23:56:38.0531 0572 Atdisk - ok
23:56:38.0843 0572 ati2mtag (6d7e913b48488bb5c73ee7ad53b017d8) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
23:56:39.0109 0572 ati2mtag - ok
23:56:39.0296 0572 AtiHdmiService (7e13f3f0f4c4c337a6949a18d1d23089) C:\WINDOWS\system32\drivers\AtiHdmi.sys
23:56:39.0296 0572 AtiHdmiService - ok
23:56:39.0375 0572 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:56:39.0375 0572 Atmarpc - ok
23:56:39.0468 0572 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
23:56:39.0468 0572 audstub - ok
23:56:39.0640 0572 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
23:56:39.0640 0572 Beep - ok
23:56:39.0703 0572 Bridge (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
23:56:39.0718 0572 Bridge - ok
23:56:39.0734 0572 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
23:56:39.0734 0572 BridgeMP - ok
23:56:39.0765 0572 catchme - ok
23:56:39.0828 0572 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
23:56:39.0828 0572 cbidf - ok
23:56:39.0843 0572 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
23:56:39.0843 0572 cbidf2k - ok
23:56:39.0906 0572 CCDECODE (fdc06e2ada8c468ebb161624e03976cf) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
23:56:39.0906 0572 CCDECODE - ok
23:56:40.0000 0572 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
23:56:40.0000 0572 cd20xrnt - ok
23:56:40.0046 0572 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
23:56:40.0062 0572 Cdaudio - ok
23:56:40.0109 0572 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
23:56:40.0109 0572 Cdfs - ok
23:56:40.0140 0572 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:56:40.0140 0572 Cdrom - ok
23:56:40.0140 0572 Changer - ok
23:56:40.0203 0572 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
23:56:40.0203 0572 CmdIde - ok
23:56:40.0234 0572 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
23:56:40.0234 0572 Cpqarray - ok
23:56:40.0265 0572 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
23:56:40.0265 0572 dac2w2k - ok
23:56:40.0281 0572 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
23:56:40.0281 0572 dac960nt - ok
23:56:40.0328 0572 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
23:56:40.0328 0572 Disk - ok
23:56:40.0390 0572 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
23:56:40.0390 0572 DLABOIOM - ok
23:56:40.0390 0572 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
23:56:40.0390 0572 DLACDBHM - ok
23:56:40.0421 0572 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
23:56:40.0421 0572 DLADResN - ok
23:56:40.0437 0572 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
23:56:40.0437 0572 DLAIFS_M - ok
23:56:40.0468 0572 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
23:56:40.0468 0572 DLAOPIOM - ok
23:56:40.0484 0572 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
23:56:40.0484 0572 DLAPoolM - ok
23:56:40.0484 0572 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
23:56:40.0484 0572 DLARTL_N - ok
23:56:40.0515 0572 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
23:56:40.0515 0572 DLAUDFAM - ok
23:56:40.0531 0572 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
23:56:40.0531 0572 DLAUDF_M - ok
23:56:40.0609 0572 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
23:56:40.0625 0572 dmboot - ok
23:56:40.0687 0572 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
23:56:40.0687 0572 dmio - ok
23:56:40.0718 0572 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
23:56:40.0718 0572 dmload - ok
23:56:40.0765 0572 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
23:56:40.0781 0572 DMusic - ok
23:56:40.0812 0572 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
23:56:40.0812 0572 dpti2o - ok
23:56:40.0859 0572 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
23:56:40.0859 0572 drmkaud - ok
23:56:40.0875 0572 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
23:56:40.0875 0572 DRVMCDB - ok
23:56:40.0906 0572 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
23:56:40.0906 0572 DRVNDDM - ok
23:56:40.0953 0572 dsiarhwprog (f35b5d0cc142b87e687fc504baa69d82) C:\WINDOWS\system32\Drivers\dsiarhwprog.sys
23:56:40.0953 0572 dsiarhwprog - ok
23:56:41.0062 0572 DSproct (2ac2372ffad9adc85672cc8e8ae14be9) C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys
23:56:41.0062 0572 DSproct - ok
23:56:41.0171 0572 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
23:56:41.0171 0572 E100B - ok
23:56:41.0296 0572 e1express (00192f0c612591d585594e9467e6ca8b) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
23:56:41.0296 0572 e1express - ok
23:56:41.0406 0572 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
23:56:41.0421 0572 Fastfat - ok
23:56:41.0515 0572 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
23:56:41.0515 0572 Fdc - ok
23:56:41.0578 0572 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
23:56:41.0578 0572 Fips - ok
23:56:41.0640 0572 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
23:56:41.0640 0572 Flpydisk - ok
23:56:41.0703 0572 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
23:56:41.0703 0572 FltMgr - ok
23:56:41.0734 0572 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:56:41.0734 0572 Fs_Rec - ok
23:56:41.0765 0572 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:56:41.0765 0572 Ftdisk - ok
23:56:41.0812 0572 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
23:56:41.0812 0572 GEARAspiWDM - ok
23:56:41.0859 0572 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:56:41.0859 0572 Gpc - ok
23:56:41.0890 0572 GTNDIS5 (fc80052194d5708254a346568f0e77c0) C:\WINDOWS\system32\GTNDIS5.SYS
23:56:41.0968 0572 GTNDIS5 - ok
23:56:42.0015 0572 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
23:56:42.0015 0572 HDAudBus - ok
23:56:42.0062 0572 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:56:42.0062 0572 HidUsb - ok
23:56:42.0093 0572 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
23:56:42.0093 0572 hpn - ok
23:56:42.0156 0572 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
23:56:42.0156 0572 HTTP - ok
23:56:42.0203 0572 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
23:56:42.0203 0572 i2omgmt - ok
23:56:42.0234 0572 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
23:56:42.0234 0572 i2omp - ok
23:56:42.0265 0572 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:56:42.0265 0572 i8042prt - ok
23:56:42.0296 0572 iaStor (019cf5f31c67030841233c545a0e217a) C:\WINDOWS\system32\drivers\iaStor.sys
23:56:42.0312 0572 iaStor - ok
23:56:42.0375 0572 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
23:56:42.0375 0572 Imapi - ok
23:56:42.0406 0572 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
23:56:42.0406 0572 ini910u - ok
23:56:42.0437 0572 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
23:56:42.0453 0572 IntelIde - ok
23:56:42.0484 0572 intelppm (8bcdcdc99c2a7d37306c0b64a77a48f3) C:\WINDOWS\system32\DRIVERS\intelppm.sys
23:56:42.0484 0572 intelppm ( Rootkit.Win32.ZAccess.e ) - infected
23:56:42.0484 0572 intelppm - detected Rootkit.Win32.ZAccess.e (0)
23:56:42.0531 0572 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
23:56:42.0531 0572 Ip6Fw - ok
23:56:42.0578 0572 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:56:42.0578 0572 IpFilterDriver - ok
23:56:42.0625 0572 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:56:42.0625 0572 IpInIp - ok
23:56:42.0656 0572 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:56:42.0671 0572 IpNat - ok
23:56:42.0687 0572 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:56:42.0703 0572 IPSec - ok
23:56:42.0734 0572 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
23:56:42.0734 0572 IRENUM - ok
23:56:42.0750 0572 is3srv - ok
23:56:42.0812 0572 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:56:42.0812 0572 isapnp - ok
23:56:42.0843 0572 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:56:42.0843 0572 Kbdclass - ok
23:56:42.0859 0572 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
23:56:42.0859 0572 kbdhid - ok
23:56:42.0890 0572 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
23:56:42.0906 0572 kmixer - ok
23:56:42.0937 0572 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
23:56:42.0953 0572 KSecDD - ok
23:56:42.0984 0572 lbrtfdc - ok
23:56:43.0062 0572 ManyCam (c6d085c7045200143528136a43a65fde) C:\WINDOWS\system32\DRIVERS\ManyCam.sys
23:56:43.0062 0572 ManyCam - ok
23:56:43.0109 0572 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
23:56:43.0109 0572 MBAMProtector - ok
23:56:43.0171 0572 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
23:56:43.0171 0572 mnmdd - ok
23:56:43.0234 0572 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
23:56:43.0234 0572 Modem - ok
23:56:43.0250 0572 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:56:43.0250 0572 Mouclass - ok
23:56:43.0265 0572 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:56:43.0281 0572 mouhid - ok
23:56:43.0343 0572 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
23:56:43.0343 0572 MountMgr - ok
23:56:43.0421 0572 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
23:56:43.0421 0572 mraid35x - ok
23:56:43.0437 0572 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:56:43.0453 0572 MRxDAV - ok
23:56:43.0515 0572 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:56:43.0531 0572 MRxSmb - ok
23:56:43.0578 0572 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
23:56:43.0578 0572 Msfs - ok
23:56:43.0625 0572 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:56:43.0625 0572 MSKSSRV - ok
23:56:43.0656 0572 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:56:43.0656 0572 MSPCLOCK - ok
23:56:43.0687 0572 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
23:56:43.0687 0572 MSPQM - ok
23:56:43.0750 0572 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:56:43.0750 0572 mssmbios - ok
23:56:43.0812 0572 MSTEE (d5059366b361f0e1124753447af08aa2) C:\WINDOWS\system32\drivers\MSTEE.sys
23:56:43.0812 0572 MSTEE - ok
23:56:43.0875 0572 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
23:56:43.0875 0572 Mup - ok
23:56:43.0937 0572 NABTSFEC (ac31b352ce5e92704056d409834beb74) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
23:56:43.0937 0572 NABTSFEC - ok
23:56:44.0000 0572 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
23:56:44.0000 0572 NDIS - ok
23:56:44.0062 0572 NdisIP (abd7629cf2796250f315c1dd0b6cf7a0) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
23:56:44.0062 0572 NdisIP - ok
23:56:44.0125 0572 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:56:44.0125 0572 NdisTapi - ok
23:56:44.0156 0572 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:56:44.0156 0572 Ndisuio - ok
23:56:44.0203 0572 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:56:44.0218 0572 NdisWan - ok
23:56:44.0250 0572 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
23:56:44.0265 0572 NDProxy - ok
23:56:44.0296 0572 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
23:56:44.0296 0572 NetBIOS - ok
23:56:44.0375 0572 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
23:56:44.0390 0572 NetBT - ok
23:56:44.0500 0572 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
23:56:44.0515 0572 Npfs - ok
23:56:44.0562 0572 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
23:56:44.0562 0572 Ntfs - ok
23:56:44.0609 0572 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
23:56:44.0609 0572 Null - ok
23:56:44.0671 0572 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:56:44.0687 0572 NwlnkFlt - ok
23:56:44.0703 0572 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:56:44.0703 0572 NwlnkFwd - ok
23:56:44.0750 0572 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
23:56:44.0750 0572 NwlnkIpx - ok
23:56:44.0781 0572 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
23:56:44.0781 0572 NwlnkNb - ok
23:56:44.0812 0572 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
23:56:44.0812 0572 NwlnkSpx - ok
23:56:44.0843 0572 NWRDR (36b9b950e3d2e100970a48d8bad86740) C:\WINDOWS\system32\DRIVERS\nwrdr.sys
23:56:44.0843 0572 NWRDR - ok
23:56:44.0906 0572 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
23:56:44.0906 0572 OMCI - ok
23:56:44.0968 0572 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
23:56:44.0984 0572 Parport - ok
23:56:45.0015 0572 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
23:56:45.0015 0572 PartMgr - ok
23:56:45.0046 0572 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
23:56:45.0046 0572 ParVdm - ok
23:56:45.0078 0572 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
23:56:45.0093 0572 PCI - ok
23:56:45.0109 0572 PCIDump - ok
23:56:45.0156 0572 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
23:56:45.0156 0572 PCIIde - ok
23:56:45.0187 0572 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
23:56:45.0187 0572 Pcmcia - ok
23:56:45.0203 0572 PDCOMP - ok
23:56:45.0234 0572 PDFRAME - ok
23:56:45.0250 0572 PDRELI - ok
23:56:45.0281 0572 PDRFRAME - ok
23:56:45.0390 0572 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
23:56:45.0390 0572 perc2 - ok
23:56:45.0421 0572 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
23:56:45.0421 0572 perc2hib - ok
23:56:45.0531 0572 PortTalk - ok
23:56:45.0593 0572 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:56:45.0609 0572 PptpMiniport - ok
23:56:45.0640 0572 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
23:56:45.0640 0572 PSched - ok
23:56:45.0656 0572 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:56:45.0671 0572 Ptilink - ok
23:56:45.0703 0572 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
23:56:45.0718 0572 PxHelp20 - ok
23:56:45.0750 0572 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
23:56:45.0765 0572 ql1080 - ok
23:56:45.0796 0572 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
23:56:45.0796 0572 Ql10wnt - ok
23:56:45.0828 0572 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
23:56:45.0828 0572 ql12160 - ok
23:56:45.0843 0572 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
23:56:45.0843 0572 ql1240 - ok
23:56:45.0875 0572 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
23:56:45.0875 0572 ql1280 - ok
23:56:45.0921 0572 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:56:45.0921 0572 RasAcd - ok
23:56:45.0968 0572 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:56:45.0968 0572 Rasl2tp - ok
23:56:46.0000 0572 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:56:46.0000 0572 RasPppoe - ok
23:56:46.0015 0572 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
23:56:46.0015 0572 Raspti - ok
23:56:46.0046 0572 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:56:46.0062 0572 Rdbss - ok
23:56:46.0078 0572 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:56:46.0078 0572 RDPCDD - ok
23:56:46.0234 0572 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
23:56:46.0250 0572 rdpdr - ok
23:56:46.0343 0572 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
23:56:46.0343 0572 RDPWD - ok
23:56:46.0406 0572 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
23:56:46.0421 0572 redbook - ok
23:56:46.0468 0572 rrtxho - ok
23:56:46.0531 0572 RsFx0103 (fd692c6ffade58f7c4c3c3c9a0ec35bd) C:\WINDOWS\system32\DRIVERS\RsFx0103.sys
23:56:46.0546 0572 RsFx0103 - ok
23:56:46.0609 0572 RT61 (581e74880aeb1dba1cb5ac8e6e6c0a69) C:\WINDOWS\system32\DRIVERS\RT61.sys
23:56:46.0609 0572 RT61 - ok
23:56:46.0671 0572 SaiH0461 (99d9370c1c09cf299681d62e35ea8fa4) C:\WINDOWS\system32\DRIVERS\SaiH0461.sys
23:56:46.0687 0572 SaiH0461 - ok
23:56:46.0750 0572 SaiMini (5a9658d202f28a2481d0a105a9a740a8) C:\WINDOWS\system32\DRIVERS\SaiMini.sys
23:56:46.0750 0572 SaiMini - ok
23:56:46.0781 0572 SaiNtBus (9d4a4afe0a3b4fb2ddb5b30436bad8f8) C:\WINDOWS\system32\drivers\SaiBus.sys
23:56:46.0781 0572 SaiNtBus - ok
23:56:46.0843 0572 SASDIFSV - ok
23:56:46.0859 0572 SASKUTIL - ok
23:56:46.0937 0572 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:56:46.0937 0572 Secdrv - ok
23:56:47.0015 0572 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
23:56:47.0015 0572 serenum - ok
23:56:47.0062 0572 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
23:56:47.0062 0572 Serial - ok
23:56:47.0187 0572 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
23:56:47.0187 0572 Sfloppy - ok
23:56:47.0265 0572 SilverLink (392834adb35deb199b03ae6a6caab23a) C:\WINDOWS\system32\Drivers\SilvrLnk.sys
23:56:47.0265 0572 SilverLink - ok
23:56:47.0281 0572 Simbad - ok
23:56:47.0375 0572 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
23:56:47.0375 0572 sisagp - ok
23:56:47.0437 0572 SLIP (1ffc44d6787ec1ea9a2b1440a90fa5c1) C:\WINDOWS\system32\DRIVERS\SLIP.sys
23:56:47.0437 0572 SLIP - ok
23:56:47.0484 0572 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
23:56:47.0484 0572 Sparrow - ok
23:56:47.0546 0572 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
23:56:47.0546 0572 splitter - ok
23:56:47.0609 0572 sptd (c4bb8a12843d9cbb65f5ff617f389bbd) C:\WINDOWS\system32\Drivers\sptd.sys
23:56:47.0609 0572 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: c4bb8a12843d9cbb65f5ff617f389bbd
23:56:47.0625 0572 sptd ( LockedFile.Multi.Generic ) - warning
23:56:47.0625 0572 sptd - detected LockedFile.Multi.Generic (1)
23:56:47.0671 0572 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
23:56:47.0671 0572 sr - ok
23:56:47.0750 0572 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
23:56:47.0765 0572 Srv - ok
23:56:47.0828 0572 StarOpen (f92254b0bcfcd10caac7bccc7cb7f467) C:\WINDOWS\system32\drivers\StarOpen.sys
23:56:47.0843 0572 StarOpen - ok
23:56:47.0921 0572 STHDA (797fcc1d859b203958e915bb82528da9) C:\WINDOWS\system32\drivers\sthda.sys
23:56:47.0937 0572 STHDA - ok
23:56:48.0000 0572 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
23:56:48.0000 0572 StillCam - ok
23:56:48.0078 0572 streamip (a9f9fd0212e572b84edb9eb661f6bc04) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
23:56:48.0078 0572 streamip - ok
23:56:48.0125 0572 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
23:56:48.0125 0572 swenum - ok
23:56:48.0187 0572 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
23:56:48.0187 0572 swmidi - ok
23:56:48.0250 0572 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
23:56:48.0265 0572 symc810 - ok
23:56:48.0281 0572 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
23:56:48.0281 0572 symc8xx - ok
23:56:48.0343 0572 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
23:56:48.0343 0572 sym_hi - ok
23:56:48.0375 0572 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
23:56:48.0375 0572 sym_u3 - ok
23:56:48.0453 0572 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
23:56:48.0468 0572 sysaudio - ok
23:56:48.0484 0572 szkg5 - ok
23:56:48.0515 0572 szkgfs - ok
23:56:48.0578 0572 Tcpip (ad978a1b783b5719720cff204b666c8e) C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:56:48.0593 0572 Tcpip - ok
23:56:48.0640 0572 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
23:56:48.0656 0572 TDPIPE - ok
23:56:48.0671 0572 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
23:56:48.0671 0572 TDTCP - ok
23:56:48.0718 0572 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
23:56:48.0718 0572 TermDD - ok
23:56:48.0765 0572 TiglUsb - ok
23:56:48.0843 0572 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
23:56:48.0843 0572 TosIde - ok
23:56:48.0906 0572 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
23:56:48.0921 0572 Udfs - ok
23:56:48.0953 0572 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
23:56:48.0968 0572 ultra - ok
23:56:49.0031 0572 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
23:56:49.0046 0572 Update - ok
23:56:49.0125 0572 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
23:56:49.0125 0572 USBAAPL - ok
23:56:49.0187 0572 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
23:56:49.0187 0572 usbaudio - ok
23:56:49.0250 0572 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:56:49.0250 0572 usbccgp - ok
23:56:49.0265 0572 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:56:49.0265 0572 usbehci - ok
23:56:49.0312 0572 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:56:49.0312 0572 usbhub - ok
23:56:49.0375 0572 USBIO (f90d8f845095fcd6924e3d751c04e442) C:\WINDOWS\system32\Drivers\usbio.sys
23:56:49.0375 0572 USBIO - ok
23:56:49.0406 0572 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
23:56:49.0437 0572 usbprint - ok
23:56:49.0531 0572 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
23:56:49.0546 0572 usbscan - ok
23:56:49.0562 0572 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:56:49.0562 0572 USBSTOR - ok
23:56:49.0625 0572 USBTINSP (6112ecb865b57ebada4e06c167943ee6) C:\WINDOWS\system32\DRIVERS\tinspusb.sys
23:56:49.0625 0572 USBTINSP - ok
23:56:49.0656 0572 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
23:56:49.0656 0572 usbuhci - ok
23:56:49.0703 0572 VClone (fce98c43b5c5db8e0da8ea0e2b45e044) C:\WINDOWS\system32\DRIVERS\VClone.sys
23:56:49.0703 0572 VClone - ok
23:56:49.0718 0572 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
23:56:49.0734 0572 VgaSave - ok
23:56:49.0765 0572 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
23:56:49.0781 0572 viaagp - ok
23:56:49.0828 0572 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
23:56:49.0828 0572 ViaIde - ok
23:56:49.0875 0572 vncmirror (3b8f222b23917c041e4da29ccc57e7d0) C:\WINDOWS\system32\DRIVERS\vncmirror.sys
23:56:49.0875 0572 vncmirror - ok
23:56:49.0906 0572 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
23:56:49.0906 0572 VolSnap - ok
23:56:49.0984 0572 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:56:49.0984 0572 Wanarp - ok
23:56:50.0000 0572 WDICA - ok
23:56:50.0046 0572 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
23:56:50.0062 0572 wdmaud - ok
23:56:50.0140 0572 WinFLdrv (7acc77e135a709ae0f7e1df428a2f908) C:\WINDOWS\system32\WinFLdrv.sys
23:56:50.0296 0572 Suspicious file (Hidden): C:\WINDOWS\system32\WinFLdrv.sys. md5: 7acc77e135a709ae0f7e1df428a2f908
23:56:50.0296 0572 WinFLdrv ( HiddenFile.Multi.Generic ) - warning
23:56:50.0296 0572 WinFLdrv - detected HiddenFile.Multi.Generic (1)
23:56:50.0484 0572 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
23:56:50.0484 0572 WS2IFSL - ok
23:56:50.0531 0572 WSTCODEC (233cdd1c06942115802eb7ce6669e099) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
23:56:50.0531 0572 WSTCODEC - ok
23:56:50.0593 0572 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
23:56:50.0625 0572 WudfPf - ok
23:56:50.0671 0572 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
23:56:50.0671 0572 WudfRd - ok
23:56:50.0796 0572 MBR (0x1B8) (5cb90281d1a59b251f6603134774eec3) \Device\Harddisk0\DR0
23:56:50.0812 0572 \Device\Harddisk0\DR0 - ok
23:56:50.0828 0572 Boot (0x1200) (5aa2a69000845fd10d92103aaaab2f5f) \Device\Harddisk0\DR0\Partition0
23:56:50.0828 0572 \Device\Harddisk0\DR0\Partition0 - ok
23:56:50.0828 0572 ============================================================
23:56:50.0828 0572 Scan finished
23:56:50.0828 0572 ============================================================
23:56:50.0875 2752 Detected object count: 3
23:56:50.0875 2752 Actual detected object count: 3
23:57:07.0781 2752 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\intelppm.sys) error 1813
23:57:10.0500 2752 Backup copy found, using it..
23:57:10.0515 2752 C:\WINDOWS\system32\DRIVERS\intelppm.sys - will be cured on reboot
23:57:12.0437 2752 intelppm ( Rootkit.Win32.ZAccess.e ) - User select action: Cure
23:57:12.0437 2752 sptd ( LockedFile.Multi.Generic ) - skipped by user
23:57:12.0437 2752 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
23:57:12.0437 2752 WinFLdrv ( HiddenFile.Multi.Generic ) - skipped by user
23:57:12.0437 2752 WinFLdrv ( HiddenFile.Multi.Generic ) - User select action: Skip
23:57:26.0296 2952 Deinitialize success

**Cookiegal** · 24-Nov-2011, 12:55 PM **#28**

Go to Start - Run - type in type diskmgmt.msc and click OK to open Disk Management.

Drag the right side of the window all the way to the right so you can see all of the columns and then take a screenshot and post it here please.

skittlezpwn43 · 24-Nov-2011, 02:02 PM **#29**

Screenshot:

**Cookiegal** · 24-Nov-2011, 04:38 PM **#30**

Please post a new HijackThis log.

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Problems with IP config and internet

Find the solution to your computer problem!

Find the solution to your
computer problem!