Author Topic: [Inactive] Files hidden/Win32 Olmasco (Read 1947 times)

galan · « **on:** January 04, 2012, 11:08:29 PM »

My ESET NOD32 License expired and my system appears to have become infected with "System Check" and "Win32 Olmasco". NOD32 was unable to clean it. The infection caused the files on the desktop and under the Start menu to be hidden. So far I've run TDSSKiller, SpyBot S&D, and repeated a scan with NOD32 and it doesn't seem to be on the system anymore. The desktop files are no longer hidden but I still can't see the files under the Start menu.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:44:41 PM, on 1/4/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Vid\Vid.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\zstatus.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - (no file)
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [hp 1000 firmware] C:\Program Files\hp LaserJet 1000\fwdl.exe
O4 - HKLM\..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Gail\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files\Logitech\Vid\Vid.exe" -bootmode
O4 - HKCU\..\Run: [Logitech Vid HD] "C:\Program Files\Logitech\Vid\vid.exe" -bootmode
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} (Device Detection) - http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1279843749500
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} (DellSystemLite.Scanner) - http://support.dell.com/systemprofiler/DellSystemLite.CAB
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 9805 bytes

Hoov · « **Reply #1 on:** January 04, 2012, 11:42:53 PM »

Hello, welcome to SpywareHammer.

I go by Hoov, and I will be helping you with your problem. I must ask you to do a few things for me.

First, tell me everything that you have done, if anything, to try and fix this problem.Also tell me any other problems you are having, no matter how small or long you have been dealing with them.

Second, please only use 1 forum to help clear up your problem. Posting on more than 1 and following instructions from more than 1 forum will cause those helping you to pull out thier hair.

Third, follow my instructions - If you can't for some reason, or if you don't understand something, please tell me. If you deviate from my instructions, tell me, it may make a difference on where we go.

Fourth, Have faith. I will do all I can to get your computer working, and if I can't - someone else here will know something else to try.

Fifth, if we start this fix, I need you to stick with me until the end. Just because your computer is running better does not mean it is fixed.

Before we start trying to fix your computer, you need to make sure your data is backed up. Also let me know of any software you have running that encrypts your harddrive.

One last thing, I need you to tell me if this computer belongs to a school or to a company or orginization of some kind. If it does, please let me know. Also tell me if there is an IT department responsible for this computer.

Now onto trying to fix your computer.

Download the following program to your desktop:

Unhide tool

Once the program has been downloaded, double-click on the Unhide.exe icon on your desktop and allow the program to run. This program will remove the +H, or hidden, attribute from all the files on your hard drives. If there are any files that were purposely hidden by you, you will need to hide them again after this tool is run.
Please be patient as this may take several minutes to run, it will scan and fix all Hard drives on your system. You will see a new window with the drive being processed, typically C:\ as below:

Changing as the next drive is processed as below:

You will get a success alert at the end. Re-boot and see if your files are present.

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

Make sure you are connected to the Internet.
Double-click on mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware

Then click Finish.

MBAM will automatically start and you will be asked to update the program before performing a scan.

If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.

On the Scanner tab:

Make sure the "Perform Quick Scan" option is selected.
Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen:

Click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
Exit MBAM when done.

Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

We need to see some information about what is happening in your machine. Please perform the following scan:

Download DDS by sUBs from one of the following links. Save it to your desktop.
- DDS.scr
Double click on the DDS icon, allow it to run.
A small box will open, with an explaination about the tool. No input is needed, the scan is running.
Notepad will open with the results.
Please copy and paste both logs into your next response. You may need more than one response.
Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

galan · « **Reply #2 on:** January 05, 2012, 09:35:22 AM »

Thanks for your help Hoov. All I've done initially to try to fix the problem before seeking help was what I mentioned above and it did seem to improve things. I'm not having any real problems/symptoms other than the files were being hidden and the entire desktop was a blank blue screen (this has since resolved). The system is a home PC; it's mainly used for online research.

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.05.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Gail :: GAIL-EAEF9CB10F [administrator]

1/5/2012 9:49:48 AM
mbam-log-2012-01-05 (09-49-48).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 169190
Time elapsed: 5 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D1EC4CA-4B92-4324-B8F8-C9A6ED06A8AE} (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 6
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowControlPanel (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowRun (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Gail at 10:01:42 on 2012-01-05
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2524 [GMT -5:00]
.
AV: ESET NOD32 Antivirus 5.0 *Enabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Vid\Vid.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\UStorSrv.exe
C:\WINDOWS\system32\zstatus.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WISPTIS.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [cdloader] "c:\documents and settings\gail\application data\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [Logitech Vid] "c:\program files\logitech\vid\Vid.exe" -bootmode
uRun: [Logitech Vid HD] "c:\program files\logitech\vid\vid.exe" -bootmode
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [hp 1000 firmware] c:\program files\hp laserjet 1000\fwdl.exe
mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
mRun: [SetDefPrt] c:\program files\brother\brmfl04g\BrStDvPt.exe
mRun: [ControlCenter2.0] c:\program files\brother\controlcenter2\brctrcen.exe /autorun
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1279843749500
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{EAC74D83-2F36-4649-9F67-BE49E8D7F3F0} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{FFB34155-A195-436C-A1A5-BF4513DC42D2} : DhcpNameServer = 192.168.0.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\gail\application data\mozilla\firefox\profiles\wp8z0511.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z003&form=ZGAADF&q=
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
.
============= SERVICES / DRIVERS ===============
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-3-19 118104]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-3-19 103112]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2011-9-22 974944]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-27 136176]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-7-27 136176]
.
=============== Created Last 30 ================
.
2012-01-05 14:46:59   --------   d-----w-   c:\documents and settings\gail\application data\Malwarebytes
2012-01-05 14:46:53   --------   d-----w-   c:\documents and settings\all users\application data\Malwarebytes
2012-01-05 14:46:50   20464   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-01-05 14:46:50   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2012-01-05 04:33:21   --------   d-----w-   c:\documents and settings\all users\application data\PC Tools
2012-01-04 23:54:06   --------   d-----w-   c:\documents and settings\all users\application data\Spybot - Search & Destroy
2012-01-04 23:52:43   388096   ----a-r-   c:\documents and settings\gail\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-01-04 23:52:42   --------   d-----w-   c:\program files\Trend Micro
2011-12-31 19:20:03   --------   d-----w-   C:\DiD
2011-12-31 05:11:17   --------   d-----w-   c:\program files\DID
2011-12-31 05:06:51   283648   ----a-w-   c:\windows\uninst.exe
2011-12-31 05:06:38   --------   d-----w-   c:\documents and settings\gail\WINDOWS
2011-12-31 03:06:44   --------   d-----w-   c:\program files\iPod
2011-12-31 03:06:40   --------   d-----w-   c:\program files\iTunes
2011-12-31 03:03:47   --------   d-----w-   c:\program files\Bonjour
2011-12-10 20:48:27   --------   d-----w-   c:\program files\ESET
.
==================== Find3M ====================
.
2011-11-23 13:25:32   1859584   ----a-w-   c:\windows\system32\win32k.sys
2011-11-04 19:20:51   916992   ----a-w-   c:\windows\system32\wininet.dll
2011-11-04 19:20:51   43520   ----a-w-   c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51   1469440   ------w-   c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59   385024   ----a-w-   c:\windows\system32\html.iec
2011-11-01 16:07:10   1288704   ----a-w-   c:\windows\system32\ole32.dll
2011-10-28 05:31:48   33280   ----a-w-   c:\windows\system32\csrsrv.dll
2011-10-25 13:37:08   2148864   ----a-w-   c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52:02   2027008   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13:22   186880   ----a-w-   c:\windows\system32\encdec.dll
2011-10-10 14:22:41   692736   ----a-w-   c:\windows\system32\inetcomm.dll
.
============= FINISH: 10:02:06.71 ===============

Hoov · « **Reply #3 on:** January 05, 2012, 11:09:35 AM »

Can you please also post the other log, named attach.txt. Also after running unhide, did the hidden programs and files reappear?

galan · « **Reply #4 on:** January 05, 2012, 11:23:53 AM »

Sorry, please see below. Yes the hidden files have reappeared.

DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 7/22/2010 7:22:54 PM
System Uptime: 1/5/2012 10:04:31 AM (2 hours ago)
.
Motherboard: Dell Inc. | | 0FM586
Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 2394/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 117 GiB total, 71.322 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 116 GiB total, 87.922 GiB free.
F: is CDROM ()
G: is Removable
H: is CDROM ()
I: is FIXED (NTFS) - 466 GiB total, 394.749 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP512: 10/9/2011 9:29:16 AM - System Checkpoint
RP513: 10/10/2011 5:24:58 PM - System Checkpoint
RP514: 10/11/2011 6:05:54 PM - Software Distribution Service 3.0
RP515: 10/12/2011 6:45:23 PM - System Checkpoint
RP516: 10/13/2011 7:21:09 PM - System Checkpoint
RP517: 10/14/2011 7:37:44 PM - System Checkpoint
RP518: 10/15/2011 7:38:53 PM - System Checkpoint
RP519: 10/16/2011 7:58:16 PM - System Checkpoint
RP520: 10/17/2011 8:21:12 PM - System Checkpoint
RP521: 10/18/2011 8:49:14 PM - System Checkpoint
RP522: 10/19/2011 9:37:47 PM - System Checkpoint
RP523: 10/20/2011 9:52:39 PM - System Checkpoint
RP524: 10/21/2011 10:11:27 PM - System Checkpoint
RP525: 10/22/2011 10:48:53 PM - System Checkpoint
RP526: 10/23/2011 10:50:58 PM - System Checkpoint
RP527: 10/25/2011 12:04:01 PM - System Checkpoint
RP528: 10/26/2011 6:01:20 PM - System Checkpoint
RP529: 10/27/2011 7:44:35 PM - System Checkpoint
RP530: 10/28/2011 7:54:37 PM - System Checkpoint
RP531: 10/30/2011 8:43:09 AM - System Checkpoint
RP532: 10/31/2011 6:36:34 PM - System Checkpoint
RP533: 11/1/2011 7:02:50 PM - System Checkpoint
RP534: 11/2/2011 7:14:48 PM - System Checkpoint
RP535: 11/3/2011 7:29:30 PM - System Checkpoint
RP536: 11/4/2011 8:03:18 PM - System Checkpoint
RP537: 11/5/2011 8:12:56 PM - System Checkpoint
RP538: 11/6/2011 7:14:33 PM - System Checkpoint
RP539: 11/7/2011 7:32:27 PM - System Checkpoint
RP540: 11/8/2011 8:54:47 PM - System Checkpoint
RP541: 11/9/2011 9:21:41 PM - System Checkpoint
RP542: 11/10/2011 3:00:14 AM - Software Distribution Service 3.0
RP543: 11/10/2011 10:26:15 PM - Software Distribution Service 3.0
RP544: 11/11/2011 10:32:53 PM - System Checkpoint
RP545: 11/12/2011 10:42:43 PM - System Checkpoint
RP546: 11/14/2011 6:14:10 PM - System Checkpoint
RP547: 11/15/2011 6:37:58 PM - System Checkpoint
RP548: 11/16/2011 6:59:44 PM - System Checkpoint
RP549: 11/17/2011 7:10:56 PM - System Checkpoint
RP550: 11/18/2011 7:53:50 PM - System Checkpoint
RP551: 11/19/2011 8:50:45 PM - System Checkpoint
RP552: 11/20/2011 9:32:51 PM - System Checkpoint
RP553: 11/21/2011 9:56:24 PM - System Checkpoint
RP554: 11/24/2011 11:14:00 AM - System Checkpoint
RP555: 11/25/2011 1:05:14 PM - System Checkpoint
RP556: 11/26/2011 6:14:15 PM - System Checkpoint
RP557: 11/27/2011 6:55:28 PM - System Checkpoint
RP558: 11/28/2011 8:56:33 PM - System Checkpoint
RP559: 11/30/2011 6:12:25 PM - System Checkpoint
RP560: 12/1/2011 7:59:54 PM - System Checkpoint
RP561: 12/2/2011 8:38:03 PM - System Checkpoint
RP562: 12/5/2011 7:30:26 PM - System Checkpoint
RP563: 12/6/2011 8:40:07 PM - System Checkpoint
RP564: 12/7/2011 8:55:14 PM - System Checkpoint
RP565: 12/9/2011 5:32:41 PM - System Checkpoint
RP566: 12/10/2011 5:55:31 PM - System Checkpoint
RP567: 12/11/2011 6:10:17 PM - System Checkpoint
RP568: 12/12/2011 6:37:02 PM - System Checkpoint
RP569: 12/13/2011 7:10:40 PM - System Checkpoint
RP570: 12/13/2011 10:38:03 PM - Software Distribution Service 3.0
RP571: 12/15/2011 8:41:19 PM - System Checkpoint
RP572: 12/17/2011 2:29:56 PM - System Checkpoint
RP573: 12/18/2011 2:39:07 PM - System Checkpoint
RP574: 12/19/2011 7:24:39 PM - System Checkpoint
RP575: 12/21/2011 10:58:07 AM - System Checkpoint
RP576: 12/22/2011 11:20:47 AM - System Checkpoint
RP577: 12/23/2011 11:20:51 AM - System Checkpoint
RP578: 12/24/2011 12:20:51 PM - System Checkpoint
RP579: 12/25/2011 1:12:19 PM - System Checkpoint
RP580: 12/26/2011 2:44:14 PM - System Checkpoint
RP581: 12/27/2011 3:13:23 PM - System Checkpoint
RP582: 12/28/2011 5:37:50 PM - System Checkpoint
RP583: 12/29/2011 6:13:23 PM - System Checkpoint
RP584: 12/30/2011 6:56:59 PM - System Checkpoint
RP585: 12/30/2011 10:04:47 PM - Installed iTunes
RP586: 12/31/2011 10:37:42 PM - System Checkpoint
RP587: 1/1/2012 3:00:14 AM - Software Distribution Service 3.0
RP588: 1/2/2012 3:00:13 AM - Software Distribution Service 3.0
RP589: 1/3/2012 3:40:09 AM - System Checkpoint
RP590: 1/4/2012 7:19:31 AM - System Checkpoint
RP591: 1/4/2012 6:52:41 PM - Installed HiJackThis
RP592: 1/4/2012 9:22:45 PM - Removed Freeware PDF Unlocker
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Digital Editions
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.1.0)
Advertising Center
AMD APP SDK Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Install Manager
Bonjour
Brother MFL-Pro Suite
Call of Duty: Black Ops
CameraHelperMsi
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
ccc-utility
CCC Help English
Dell Wireless WLAN Card
DolbyFiles
erLT
ESET NOD32 Antivirus
Google Update Helper
High Definition Audio Driver Package - KB888111
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
hp LaserJet 1000
ImagXpress
Imation Disk Manager V a Service
Intel(R) PRO Network Connections 12.1.12.0
iTunes
Japanese Fonts Support For Adobe Reader 9
Java Auto Updater
Java(TM) 6 Update 26
Logitech Vid
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS VideoEffects
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
magicJack
Malwarebytes Anti-Malware version 1.60.0.1800
Menu Templates - Starter Kit
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access 2007
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Movie Templates - Starter Kit
Mozilla Firefox (3.6.18)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 9
Nero BurnRights
Nero ControlCenter
Nero CoverDesigner
Nero DiscSpeed
Nero DriveSpeed
Nero InfoTool
Nero Installer
Nero PhotoSnap
Nero Recode
Nero Rescue Agent
Nero ShowTime
Nero StartSmart
Nero Vision
Nero WaveEditor
NeroBurningROM
NeroExpress
neroxml
OGA Notifier 2.0.0048.0
PaperPort
PlayItAll media player 1.0.5
PowerDVD
QuickTime
Realtek High Definition Audio Driver
Safari
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Skype Click to Call
Skype™ 5.5
SoundTrax
System Requirements Lab for Intel
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Microsoft Windows (KB971513)
Update for Outlook 2007 Junk Email Filter (KB2596560)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VirtualCloneDrive
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR 4.00 (32-bit)
XML Paper Specification Shared Components Pack 1.0
.
==== Event Viewer Messages From Past Week ========
.
1/4/2012 7:10:17 PM, error: Service Control Manager [7034] - The Spybot S&D 2 Live Protection Service service terminated unexpectedly. It has done this 1 time(s).
1/4/2012 11:09:30 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the ESET Service service to connect.
1/4/2012 11:09:30 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the ATI Smart service to connect.
1/4/2012 11:09:30 AM, error: Service Control Manager [7000] - The ESET Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/4/2012 11:09:30 AM, error: Service Control Manager [7000] - The ATI Smart service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/3/2012 9:09:31 AM, error: Dhcp [1002] - The IP address lease 192.168.0.101 for the Network Card with network address 00234E7F00BC has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
1/3/2012 9:09:02 AM, error: Dhcp [1002] - The IP address lease 192.168.0.100 for the Network Card with network address 00219B1978AF has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================

Hoov · « **Reply #5 on:** January 05, 2012, 11:40:55 AM »

Just to make sure, everything in your startmenu is back? Also are you having network issues?

Please perform a scan with Panda ActiveScan - ActiveScan does not remove adware/spyware but will autoclean for viruses & worms.
http://www.pandasoftware.com/products/activescan.htm

1. Click "Scan Your PC".
2. A new window will open. Click "Check Now!".
3. Fill in your registration and click "Scan Now!".
4. You may receive an alert on the address bar that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then Click Install ActiveX component.
5. A new window will appear asking "Do you want to install this software?" Name: asinst.cab.
6. Select "Install" to download the ActiveX controls that allows ActiveScan to run.
7. If running MSAS beta you may receive an alert that an IE ActiveX program requires your approval. Click "Allow".
8. Select a device to scan: Click on "Local Disks" [allow it to Auto Clean].
9. When the scan completes, if anything malicious is detected, click the "See Report button", then "Save Report" to your desktop.
10. Post back the results of your scan and any infected files that are found but not deleted.

galan · « **Reply #6 on:** January 05, 2012, 06:29:59 PM »

I'm not sure if I did it correctly, there was no "local disks" or "auto clean" option. But I did a Full System scan. The icons in the Start Menu are back but most of the sub-folders say "(Empty)". Not experiencing any network issues.

;***********************************************************************************************************************************************************************************
ANALYSIS: 2012-01-05 19:22:25
PROTECTIONS: 1
MALWARE: 49
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
ESET NOD32 Antivirus 5.0 5.0 Yes No
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No c:\documents and settings\gail\cookies\gail@trafficmp[2].txt
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No e:\users\gail\appdata\roaming\microsoft\windows\cookies\low\16yh9734.txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No c:\documents and settings\gail\cookies\gail@casalemedia[1].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No e:\users\gail\appdata\roaming\microsoft\windows\cookies\low\otsskpqf.txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\documents and settings\gail\cookies\386b710m.txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No e:\users\gail\appdata\roaming\microsoft\windows\cookies\8rs13mar.txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\documents and settings\gail\cookies\gail@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No e:\users\gail\appdata\roaming\microsoft\windows\cookies\low\drfm2aoi.txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No e:\users\gail\appdata\roaming\microsoft\windows\cookies\low\8vulsfzg.txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\documents and settings\gail\cookies\gail@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\documents and settings\gail\cookies\vdue054o.txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No c:\documents and settings\gail\cookies\gail@247realmedia[2].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No c:\documents and settings\gail\cookies\gail@fastclick[2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No c:\documents and settings\gail\cookies\6to01xcd.txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No e:\users\gail\appdata\roaming\microsoft\windows\cookies\low\nihzq738.txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No c:\documents and settings\gail\cookies\gail@tribalfusion[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\documents and settings\gail\cookies\gail@mediaplex[1].txt
00145807 Cookie/Linksynergy TrackingCookie No 0 Yes No e:\users\gail\appdata\roaming\microsoft\windows\cookies\low\gail@linksynergy[2].txt
00145807 Cookie/Linksynergy TrackingCookie No 0 Yes No c:\documents and settings\gail\cookies\gail@linksynergy[1].txt
00145869 Cookie/SpyLog TrackingCookie No 0 Yes No c:\documents and settings\gail\cookies\gail@spylog[1].txt
00147806 Cookie/7search TrackingCookie No 0 Yes No c:\documents and settings\gail\cookies\gail@7search[2].txt
00147824 Cookie/Clickbank TrackingCookie No 0 Yes No c:\documents and settings\gail\cookies\gail@clickbank[1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No c:\documents and settings\gail\cookies\gail@com[1].txt
00167647 Cookie/Yadro TrackingCookie No 0 Yes No c:\documents and settings\gail\cookies\gail@yadro[2].txt
00167647 Cookie/Yadro TrackingCookie No 0 Yes No c:\documents and settings\gail\cookies\0rwbw9tj.txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No c:\documents and settings\gail\cookies\gail@xiti[1].txt
00167730 Cookie/Hitbox TrackingCookie No 0 Yes No c:\documents and settings\gail\cookies\gail@ehg.hitbox[1].txt
00167747 Cookie/Azjmp TrackingCookie No 0 Yes No c:\documents and settings\gail\cookies\gail@azjmp[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No c:\documents and settings\gail\cookies\gail@statcounter[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No e:\users\gail\appdata\roaming\microsoft\windows\cookies\low\gail@statcounter[1].txt
00167760 Cookie/Hitslink TrackingCookie No 0 Yes No c:\documents and settings\gail\cookies\gail@counter.hitslink[1].txt
00168048 Cookie/Overture TrackingCookie No 0 Yes No c:\documents and settings\gail\cookies\gail@perf.overture[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\documents and settings\gail\cookies\cnn0kr0y.txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\documents and settings\gail\cookies\9xefonbb.txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No e:\users\gail\appdata\roaming\microsoft\windows\cookies\low\xa7wfs2y.txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\documents and settings\gail\cookies\dcqfjihi.txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\documents and settings\gail\cookies\gail@apmebf[2].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No c:\documents and settings\gail\cookies\gail@burstnet[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\gail\cookies\gail@serving-sys[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\gail\cookies\k388ustx.txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\gail\cookies\gail@bs.serving-sys[2].txt
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No c:\documents and settings\gail\cookies\gail@www.burstbeacon[1].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No c:\documents and settings\gail\cookies\gail@weborama[1].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No c:\documents and settings\gail\cookies\gail@adtech[1].txt
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No e:\users\gail\appdata\roaming\microsoft\windows\cookies\low\mfdf5wz4.txt
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No c:\documents and settings\gail\cookies\gail@server.iad.liveperson[1].txt
00168114 Cookie/onestat.com TrackingCookie No 0 Yes No c:\documents and settings\gail\cookies\gail@stat.onestat[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\documents and settings\gail\cookies\gail@advertising[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\documents and settings\gail\cookies\35zl52je.txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No e:\users\gail\appdata\roaming\microsoft\windows\cookies\low\1d4oi91c.txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\documents and settings\gail\cookies\o1vchiak.txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No c:\documents and settings\gail\cookies\gail@statse.webtrendslive[1].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No e:\users\gail\appdata\roaming\microsoft\windows\cookies\low\gail@statse.webtrendslive[1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No e:\users\gail\appdata\roaming\microsoft\windows\cookies\low\kctbnjyt.txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\documents and settings\gail\cookies\gail@ads.pointroll[1].txt
00170550 Cookie/Humanclick TrackingCookie No 0 Yes No c:\documents and settings\gail\cookies\gail@hc2.humanclick[1].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No c:\documents and settings\gail\cookies\gail@overture[1].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No c:\documents and settings\gail\cookies\9qtx5cz0.txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No e:\users\gail\appdata\roaming\microsoft\windows\cookies\low\gail@overture[2].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No c:\documents and settings\gail\cookies\s92y3gz8.txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No c:\documents and settings\gail\cookies\gail@realmedia[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\documents and settings\gail\cookies\l291skdm.txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\documents and settings\gail\cookies\gail@questionmarket[2].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No c:\documents and settings\gail\cookies\ewuis3d4.txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No e:\users\gail\appdata\roaming\microsoft\windows\cookies\low\x81el06g.txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No c:\documents and settings\gail\cookies\gail@zedo[2].txt
00172449 Cookie/MetriWeb TrackingCookie No 0 Yes No c:\documents and settings\gail\cookies\gail@metriweb[1].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No c:\documents and settings\gail\cookies\gail@bluestreak[2].txt
00182104 Cookie/Hitbox TrackingCookie No 0 Yes No c:\documents and settings\gail\cookies\gail@phg.hitbox[1].txt
00187950 Cookie/bravenetA TrackingCookie No 0 Yes No c:\documents and settings\gail\cookies\gail@bravenet[1].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No c:\documents and settings\gail\cookies\gail@go[2].txt
00207338 Cookie/Target TrackingCookie No 0 Yes No c:\documents and settings\gail\cookies\gail@target[1].txt
00207936 Cookie/Adviva TrackingCookie No 0 Yes No c:\documents and settings\gail\cookies\gail@adviva[2].txt
00207936 Cookie/Adviva TrackingCookie No 0 Yes No e:\users\gail\appdata\roaming\microsoft\windows\cookies\low\jnjfad9e.txt
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No c:\documents and settings\gail\cookies\gail@smartadserver[2].txt
00286736 Cookie/Cgi-bin TrackingCookie No 0 Yes No c:\documents and settings\gail\cookies\gail@www6.addfreestats[1].txt
00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No c:\documents and settings\gail\cookies\gail@ads.addynamix[1].txt
00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No c:\documents and settings\gail\cookies\gail@citi.bridgetrack[2].txt
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
;===================================================================================================================================================================================

Hoov · « **Reply #7 on:** January 05, 2012, 06:52:51 PM »

Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

galan · « **Reply #8 on:** January 05, 2012, 11:39:51 PM »

00:34:37.0888 5212   TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
00:34:38.0388 5212   ============================================================
00:34:38.0388 5212   Current date / time: 2012/01/06 00:34:38.0388
00:34:38.0388 5212   SystemInfo:
00:34:38.0388 5212
00:34:38.0388 5212   OS Version: 5.1.2600 ServicePack: 3.0
00:34:38.0388 5212   Product type: Workstation
00:34:38.0388 5212   ComputerName: GAIL-EAEF9CB10F
00:34:38.0388 5212   UserName: Gail
00:34:38.0388 5212   Windows directory: C:\WINDOWS
00:34:38.0388 5212   System windows directory: C:\WINDOWS
00:34:38.0388 5212   Processor architecture: Intel x86
00:34:38.0388 5212   Number of processors: 4
00:34:38.0388 5212   Page size: 0x1000
00:34:38.0388 5212   Boot type: Normal boot
00:34:38.0388 5212   ============================================================
00:34:44.0592 5212   Initialize success
00:35:30.0748 5544   ============================================================
00:35:30.0748 5544   Scan started
00:35:30.0748 5544   Mode: Manual;
00:35:30.0748 5544   ============================================================
00:35:31.0717 5544   Abiosdsk - ok
00:35:31.0748 5544   abp480n5 - ok
00:35:31.0795 5544   ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
00:35:31.0795 5544   ACPI - ok
00:35:31.0842 5544   ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
00:35:31.0842 5544   ACPIEC - ok
00:35:31.0967 5544   adpu160m - ok
00:35:32.0170 5544   aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
00:35:32.0170 5544   aec - ok
00:35:32.0467 5544   AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
00:35:32.0467 5544   AFD - ok
00:35:32.0607 5544   Aha154x - ok
00:35:32.0763 5544   aic78u2 - ok
00:35:32.0951 5544   aic78xx - ok
00:35:32.0982 5544   AliIde - ok
00:35:32.0982 5544   amsint - ok
00:35:33.0013 5544   asc - ok
00:35:33.0029 5544   asc3350p - ok
00:35:33.0060 5544   asc3550 - ok
00:35:33.0107 5544   AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
00:35:33.0107 5544   AsyncMac - ok
00:35:33.0138 5544   atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
00:35:33.0138 5544   atapi - ok
00:35:33.0138 5544   Atdisk - ok
00:35:33.0326 5544   ati2mtag (011388ddc5b83ef4a0b2b829735c646f) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
00:35:33.0357 5544   ati2mtag - ok
00:35:33.0404 5544   AtiHdmiService (d9bc8892b9440a2551b8148c57aa039e) C:\WINDOWS\system32\drivers\AtiHdmi.sys
00:35:33.0404 5544   AtiHdmiService - ok
00:35:33.0451 5544   Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
00:35:33.0451 5544   Atmarpc - ok
00:35:33.0482 5544   audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
00:35:33.0482 5544   audstub - ok
00:35:33.0545 5544   BCM43XX (e9ea635b8432d68f0005b3f6cebab837) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
00:35:33.0545 5544   BCM43XX - ok
00:35:33.0592 5544   Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
00:35:33.0592 5544   Beep - ok
00:35:33.0623 5544   BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\Drivers\BrScnUsb.sys
00:35:33.0623 5544   BrScnUsb - ok
00:35:33.0670 5544   BrSerIf (d48c13f4a409aee8dafaddac81e34557) C:\WINDOWS\system32\Drivers\BrSerIf.sys
00:35:33.0670 5544   BrSerIf - ok
00:35:33.0717 5544   BrUsbSer (8fa0ac830a8312912a3aa0c0431cba0d) C:\WINDOWS\system32\Drivers\BrUsbSer.sys
00:35:33.0717 5544   BrUsbSer - ok
00:35:33.0779 5544   cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
00:35:33.0779 5544   cbidf2k - ok
00:35:33.0826 5544   CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
00:35:33.0826 5544   CCDECODE - ok
00:35:33.0857 5544   cd20xrnt - ok
00:35:33.0904 5544   Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
00:35:33.0904 5544   Cdaudio - ok
00:35:33.0951 5544   Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
00:35:33.0967 5544   Cdfs - ok
00:35:33.0982 5544   Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
00:35:33.0982 5544   Cdrom - ok
00:35:33.0982 5544   Changer - ok
00:35:33.0998 5544   CmdIde - ok
00:35:33.0998 5544   Cpqarray - ok
00:35:34.0092 5544   cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys
00:35:34.0092 5544   cpudrv - ok
00:35:34.0123 5544   dac2w2k - ok
00:35:34.0154 5544   dac960nt - ok
00:35:34.0217 5544   Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
00:35:34.0217 5544   Disk - ok
00:35:34.0263 5544   dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
00:35:34.0279 5544   dmboot - ok
00:35:34.0279 5544   dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
00:35:34.0279 5544   dmio - ok
00:35:34.0295 5544   dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
00:35:34.0295 5544   dmload - ok
00:35:34.0326 5544   DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
00:35:34.0326 5544   DMusic - ok
00:35:34.0326 5544   dpti2o - ok
00:35:34.0373 5544   drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
00:35:34.0373 5544   drmkaud - ok
00:35:34.0435 5544   e1express (34aaa3b298a852b3663e6e0d94d12945) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
00:35:34.0435 5544   e1express - ok
00:35:34.0498 5544   eamon (9309c5c9831203436e64cf2ae605c5d7) C:\WINDOWS\system32\DRIVERS\eamon.sys
00:35:34.0513 5544   eamon - ok
00:35:34.0529 5544   ehdrv (deff87f04ab5f6dd5edf2b80853bbe10) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
00:35:34.0529 5544   ehdrv - ok
00:35:34.0576 5544   ElbyCDIO (d71233d7ccc2e64f8715a20428d5a33b) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
00:35:34.0576 5544   ElbyCDIO - ok
00:35:34.0623 5544   epfwtdir (06c65ac0a703cf8eea4f284d901a1550) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
00:35:34.0623 5544   epfwtdir - ok
00:35:34.0670 5544   Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
00:35:34.0670 5544   Fastfat - ok
00:35:34.0701 5544   Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
00:35:34.0701 5544   Fdc - ok
00:35:34.0748 5544   FilterService (20fe03294ac1429ae88a64c2f754b0d4) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
00:35:34.0748 5544   FilterService - ok
00:35:34.0810 5544   Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
00:35:34.0810 5544   Fips - ok
00:35:34.0826 5544   Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
00:35:34.0826 5544   Flpydisk - ok
00:35:34.0888 5544   FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
00:35:34.0888 5544   FltMgr - ok
00:35:34.0935 5544   Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
00:35:34.0935 5544   Fs_Rec - ok
00:35:34.0982 5544   Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
00:35:34.0998 5544   Ftdisk - ok
00:35:35.0045 5544   GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
00:35:35.0045 5544   GEARAspiWDM - ok
00:35:35.0092 5544   Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
00:35:35.0092 5544   Gpc - ok
00:35:35.0123 5544   HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
00:35:35.0123 5544   HDAudBus - ok
00:35:35.0138 5544   hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
00:35:35.0154 5544   hidusb - ok
00:35:35.0201 5544   hpn - ok
00:35:35.0279 5544   HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
00:35:35.0279 5544   HTTP - ok
00:35:35.0310 5544   i2omgmt - ok
00:35:35.0326 5544   i2omp - ok
00:35:35.0357 5544   i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
00:35:35.0357 5544   i8042prt - ok
00:35:35.0404 5544   Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
00:35:35.0404 5544   Imapi - ok
00:35:35.0420 5544   ini910u - ok
00:35:35.0560 5544   IntcAzAudAddService (dbc702fbc70dc58d9122ce56eadbd659) C:\WINDOWS\system32\drivers\RtkHDAud.sys
00:35:35.0592 5544   IntcAzAudAddService - ok
00:35:35.0623 5544   IntelIde - ok
00:35:35.0701 5544   intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
00:35:35.0701 5544   intelppm - ok
00:35:35.0748 5544   Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
00:35:35.0748 5544   Ip6Fw - ok
00:35:35.0795 5544   IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
00:35:35.0795 5544   IpFilterDriver - ok
00:35:35.0857 5544   IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
00:35:35.0857 5544   IpInIp - ok
00:35:35.0904 5544   IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
00:35:35.0904 5544   IpNat - ok
00:35:35.0935 5544   IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
00:35:35.0935 5544   IPSec - ok
00:35:35.0967 5544   IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
00:35:35.0967 5544   IRENUM - ok
00:35:35.0998 5544   isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
00:35:35.0998 5544   isapnp - ok
00:35:36.0060 5544   Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
00:35:36.0060 5544   Kbdclass - ok
00:35:36.0107 5544   kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
00:35:36.0107 5544   kbdhid - ok
00:35:36.0138 5544   kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
00:35:36.0138 5544   kmixer - ok
00:35:36.0170 5544   KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
00:35:36.0170 5544   KSecDD - ok
00:35:36.0201 5544   lbrtfdc - ok
00:35:36.0279 5544   LVPr2Mon (8be71d7edb8c7494913722059f760dd0) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
00:35:36.0279 5544   LVPr2Mon - ok
00:35:36.0326 5544   LVRS (e52f5a2cadcf08d07f559962f807a0a2) C:\WINDOWS\system32\DRIVERS\lvrs.sys
00:35:36.0326 5544   LVRS - ok
00:35:36.0513 5544   LVUVC (c3d02260beb2b48dea1efdfca91e4b69) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
00:35:36.0545 5544   LVUVC - ok
00:35:36.0607 5544   mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
00:35:36.0623 5544   mnmdd - ok
00:35:36.0638 5544   Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
00:35:36.0638 5544   Modem - ok
00:35:36.0670 5544   Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
00:35:36.0670 5544   Mouclass - ok
00:35:36.0701 5544   mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
00:35:36.0701 5544   mouhid - ok
00:35:36.0717 5544   MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
00:35:36.0717 5544   MountMgr - ok
00:35:36.0732 5544   mraid35x - ok
00:35:36.0748 5544   MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
00:35:36.0748 5544   MRxDAV - ok
00:35:36.0795 5544   MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
00:35:36.0795 5544   MRxSmb - ok
00:35:36.0842 5544   Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
00:35:36.0842 5544   Msfs - ok
00:35:36.0873 5544   MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
00:35:36.0873 5544   MSKSSRV - ok
00:35:36.0920 5544   MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
00:35:36.0920 5544   MSPCLOCK - ok
00:35:36.0951 5544   MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
00:35:36.0951 5544   MSPQM - ok
00:35:37.0013 5544   mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
00:35:37.0013 5544   mssmbios - ok
00:35:37.0060 5544   MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
00:35:37.0060 5544   MSTEE - ok
00:35:37.0107 5544   Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
00:35:37.0107 5544   Mup - ok
00:35:37.0138 5544   NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
00:35:37.0138 5544   NABTSFEC - ok
00:35:37.0170 5544   NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
00:35:37.0170 5544   NDIS - ok
00:35:37.0217 5544   NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
00:35:37.0217 5544   NdisIP - ok
00:35:37.0279 5544   NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
00:35:37.0279 5544   NdisTapi - ok
00:35:37.0342 5544   Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
00:35:37.0342 5544   Ndisuio - ok
00:35:37.0373 5544   NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
00:35:37.0373 5544   NdisWan - ok
00:35:37.0404 5544   NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
00:35:37.0404 5544   NDProxy - ok
00:35:37.0420 5544   NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
00:35:37.0420 5544   NetBIOS - ok
00:35:37.0467 5544   NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
00:35:37.0467 5544   NetBT - ok
00:35:37.0498 5544   Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
00:35:37.0498 5544   Npfs - ok
00:35:37.0529 5544   Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
00:35:37.0529 5544   Ntfs - ok
00:35:37.0560 5544   Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
00:35:37.0560 5544   Null - ok
00:35:37.0576 5544   NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
00:35:37.0576 5544   NwlnkFlt - ok
00:35:37.0607 5544   NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
00:35:37.0623 5544   NwlnkFwd - ok
00:35:37.0670 5544   Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
00:35:37.0670 5544   Parport - ok
00:35:37.0701 5544   PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
00:35:37.0701 5544   PartMgr - ok
00:35:37.0732 5544   ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
00:35:37.0732 5544   ParVdm - ok
00:35:37.0748 5544   pavboot (3adb8bd6154a3ef87496e8fce9c22493) C:\WINDOWS\system32\drivers\pavboot.sys
00:35:37.0748 5544   pavboot - ok
00:35:37.0763 5544   PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
00:35:37.0763 5544   PCI - ok
00:35:37.0779 5544   PCIDump - ok
00:35:37.0795 5544   PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
00:35:37.0795 5544   PCIIde - ok
00:35:37.0842 5544   Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
00:35:37.0842 5544   Pcmcia - ok
00:35:37.0873 5544   PDCOMP - ok
00:35:37.0920 5544   PDFRAME - ok
00:35:37.0967 5544   PDRELI - ok
00:35:37.0982 5544   PDRFRAME - ok
00:35:38.0029 5544   perc2 - ok
00:35:38.0060 5544   perc2hib - ok
00:35:38.0123 5544   PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
00:35:38.0123 5544   PptpMiniport - ok
00:35:38.0138 5544   PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
00:35:38.0138 5544   PSched - ok
00:35:38.0154 5544   Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
00:35:38.0154 5544   Ptilink - ok
00:35:38.0170 5544   ql1080 - ok
00:35:38.0217 5544   Ql10wnt - ok
00:35:38.0263 5544   ql12160 - ok
00:35:38.0295 5544   ql1240 - ok
00:35:38.0342 5544   ql1280 - ok
00:35:38.0388 5544   RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
00:35:38.0388 5544   RasAcd - ok
00:35:38.0404 5544   Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
00:35:38.0420 5544   Rasl2tp - ok
00:35:38.0451 5544   RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
00:35:38.0451 5544   RasPppoe - ok
00:35:38.0498 5544   Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
00:35:38.0498 5544   Raspti - ok
00:35:38.0576 5544   Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
00:35:38.0576 5544   Rdbss - ok
00:35:38.0592 5544   RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
00:35:38.0592 5544   RDPCDD - ok
00:35:38.0638 5544   rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
00:35:38.0638 5544   rdpdr - ok
00:35:38.0685 5544   RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
00:35:38.0701 5544   RDPWD - ok
00:35:38.0732 5544   redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
00:35:38.0732 5544   redbook - ok
00:35:38.0795 5544   Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
00:35:38.0795 5544   Secdrv - ok
00:35:38.0826 5544   Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
00:35:38.0826 5544   Serial - ok
00:35:38.0857 5544   Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
00:35:38.0857 5544   Sfloppy - ok
00:35:38.0873 5544   Simbad - ok
00:35:38.0904 5544   SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
00:35:38.0904 5544   SLIP - ok
00:35:38.0920 5544   Sparrow - ok
00:35:38.0935 5544   splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
00:35:38.0935 5544   splitter - ok
00:35:38.0951 5544   sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
00:35:38.0951 5544   sr - ok
00:35:39.0013 5544   Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
00:35:39.0013 5544   Srv - ok
00:35:39.0045 5544   streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
00:35:39.0060 5544   streamip - ok
00:35:39.0092 5544   swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
00:35:39.0092 5544   swenum - ok
00:35:39.0123 5544   swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
00:35:39.0123 5544   swmidi - ok
00:35:39.0154 5544   symc810 - ok
00:35:39.0170 5544   symc8xx - ok
00:35:39.0201 5544   sym_hi - ok
00:35:39.0232 5544   sym_u3 - ok
00:35:39.0248 5544   sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
00:35:39.0248 5544   sysaudio - ok
00:35:39.0310 5544   Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
00:35:39.0310 5544   Tcpip - ok
00:35:39.0342 5544   TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
00:35:39.0357 5544   TDPIPE - ok
00:35:39.0388 5544   TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
00:35:39.0388 5544   TDTCP - ok
00:35:39.0435 5544   TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
00:35:39.0435 5544   TermDD - ok
00:35:39.0451 5544   TosIde - ok
00:35:39.0482 5544   Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
00:35:39.0482 5544   Udfs - ok
00:35:39.0498 5544   ultra - ok
00:35:39.0545 5544   Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
00:35:39.0545 5544   Update - ok
00:35:39.0592 5544   USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
00:35:39.0592 5544   USBAAPL - ok
00:35:39.0623 5544   usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
00:35:39.0638 5544   usbaudio - ok
00:35:39.0670 5544   usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
00:35:39.0670 5544   usbccgp - ok
00:35:39.0732 5544   usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
00:35:39.0732 5544   usbehci - ok
00:35:39.0779 5544   usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
00:35:39.0795 5544   usbhub - ok
00:35:39.0842 5544   usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
00:35:39.0842 5544   usbprint - ok
00:35:39.0873 5544   usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
00:35:39.0873 5544   usbscan - ok
00:35:39.0904 5544   USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
00:35:39.0904 5544   USBSTOR - ok
00:35:39.0935 5544   usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
00:35:39.0935 5544   usbuhci - ok
00:35:39.0967 5544   usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
00:35:39.0982 5544   usbvideo - ok
00:35:40.0013 5544   VClone (fce98c43b5c5db8e0da8ea0e2b45e044) C:\WINDOWS\system32\DRIVERS\VClone.sys
00:35:40.0013 5544   VClone - ok
00:35:40.0029 5544   VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
00:35:40.0029 5544   VgaSave - ok
00:35:40.0029 5544   ViaIde - ok
00:35:40.0076 5544   VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
00:35:40.0076 5544   VolSnap - ok
00:35:40.0092 5544   Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
00:35:40.0092 5544   Wanarp - ok
00:35:40.0107 5544   WDICA - ok
00:35:40.0123 5544   wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
00:35:40.0123 5544   wdmaud - ok
00:35:40.0185 5544   WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
00:35:40.0185 5544   WSTCODEC - ok
00:35:40.0248 5544   WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
00:35:40.0248 5544   WudfPf - ok
00:35:40.0295 5544   WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
00:35:40.0295 5544   WudfRd - ok
00:35:40.0310 5544   MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
00:35:40.0342 5544   \Device\Harddisk0\DR0 - ok
00:35:40.0342 5544   MBR (0x1B8) (8ff255184f078c9c04e6a2ce66117c5c) \Device\Harddisk1\DR3
00:35:40.0357 5544   \Device\Harddisk1\DR3 - ok
00:35:40.0357 5544   Boot (0x1200) (b0513166327f82d1e6a555a9ed13c05d) \Device\Harddisk0\DR0\Partition0
00:35:40.0357 5544   \Device\Harddisk0\DR0\Partition0 - ok
00:35:40.0373 5544   Boot (0x1200) (2ee975d9da4bcd201477788d9fdf1ba1) \Device\Harddisk0\DR0\Partition1
00:35:40.0373 5544   \Device\Harddisk0\DR0\Partition1 - ok
00:35:40.0373 5544   Boot (0x1200) (37982e79dc8ee53021886109bc6b127a) \Device\Harddisk1\DR3\Partition0
00:35:40.0373 5544   \Device\Harddisk1\DR3\Partition0 - ok
00:35:40.0373 5544   ============================================================
00:35:40.0373 5544   Scan finished
00:35:40.0373 5544   ============================================================
00:35:40.0388 3444   Detected object count: 0
00:35:40.0388 3444   Actual detected object count: 0
00:36:00.0638 5348   ============================================================
00:36:00.0638 5348   Scan started
00:36:00.0638 5348   Mode: Manual;
00:36:00.0638 5348   ============================================================
00:36:01.0388 5348   Abiosdsk - ok
00:36:01.0420 5348   abp480n5 - ok
00:36:01.0482 5348   ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
00:36:01.0482 5348   ACPI - ok
00:36:01.0529 5348   ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
00:36:01.0529 5348   ACPIEC - ok
00:36:01.0560 5348   adpu160m - ok
00:36:01.0576 5348   aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
00:36:01.0576 5348   aec - ok
00:36:01.0623 5348   AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
00:36:01.0623 5348   AFD - ok
00:36:01.0638 5348   Aha154x - ok
00:36:01.0685 5348   aic78u2 - ok
00:36:01.0717 5348   aic78xx - ok
00:36:01.0748 5348   AliIde - ok
00:36:01.0795 5348   amsint - ok
00:36:01.0810 5348   asc - ok
00:36:01.0857 5348   asc3350p - ok
00:36:01.0904 5348   asc3550 - ok
00:36:01.0967 5348   AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
00:36:01.0967 5348   AsyncMac - ok
00:36:01.0998 5348   atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
00:36:01.0998 5348   atapi - ok
00:36:02.0029 5348   Atdisk - ok
00:36:02.0201 5348   ati2mtag (011388ddc5b83ef4a0b2b829735c646f) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
00:36:02.0248 5348   ati2mtag - ok
00:36:02.0310 5348   AtiHdmiService (d9bc8892b9440a2551b8148c57aa039e) C:\WINDOWS\system32\drivers\AtiHdmi.sys
00:36:02.0310 5348   AtiHdmiService - ok
00:36:02.0342 5348   Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
00:36:02.0342 5348   Atmarpc - ok
00:36:02.0388 5348   audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
00:36:02.0404 5348   audstub - ok
00:36:02.0467 5348   BCM43XX (e9ea635b8432d68f0005b3f6cebab837) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
00:36:02.0467 5348   BCM43XX - ok
00:36:02.0513 5348   Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
00:36:02.0513 5348   Beep - ok
00:36:02.0560 5348   BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\Drivers\BrScnUsb.sys
00:36:02.0560 5348   BrScnUsb - ok
00:36:02.0576 5348   BrSerIf (d48c13f4a409aee8dafaddac81e34557) C:\WINDOWS\system32\Drivers\BrSerIf.sys
00:36:02.0576 5348   BrSerIf - ok
00:36:02.0607 5348   BrUsbSer (8fa0ac830a8312912a3aa0c0431cba0d) C:\WINDOWS\system32\Drivers\BrUsbSer.sys
00:36:02.0607 5348   BrUsbSer - ok
00:36:02.0638 5348   cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
00:36:02.0638 5348   cbidf2k - ok
00:36:02.0670 5348   CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
00:36:02.0670 5348   CCDECODE - ok
00:36:02.0670 5348   cd20xrnt - ok
00:36:02.0701 5348   Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
00:36:02.0701 5348   Cdaudio - ok
00:36:02.0748 5348   Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
00:36:02.0748 5348   Cdfs - ok
00:36:02.0779 5348   Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
00:36:02.0779 5348   Cdrom - ok
00:36:02.0795 5348   Changer - ok
00:36:02.0826 5348   CmdIde - ok
00:36:02.0842 5348   Cpqarray - ok
00:36:02.0904 5348   cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys
00:36:02.0904 5348   cpudrv - ok
00:36:02.0935 5348   dac2w2k - ok
00:36:02.0935 5348   dac960nt - ok
00:36:02.0967 5348   Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
00:36:02.0967 5348   Disk - ok
00:36:03.0013 5348   dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
00:36:03.0013 5348   dmboot - ok
00:36:03.0154 5348   dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
00:36:03.0154 5348   dmio - ok
00:36:03.0295 5348   dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
00:36:03.0295 5348   dmload - ok
00:36:03.0529 5348   DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
00:36:03.0529 5348   DMusic - ok
00:36:03.0701 5348   dpti2o - ok
00:36:03.0920 5348   drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
00:36:03.0920 5348   drmkaud - ok
00:36:03.0998 5348   e1express (34aaa3b298a852b3663e6e0d94d12945) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
00:36:03.0998 5348   e1express - ok
00:36:04.0045 5348   eamon (9309c5c9831203436e64cf2ae605c5d7) C:\WINDOWS\system32\DRIVERS\eamon.sys
00:36:04.0045 5348   eamon - ok
00:36:04.0107 5348   ehdrv (deff87f04ab5f6dd5edf2b80853bbe10) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
00:36:04.0107 5348   ehdrv - ok
00:36:04.0154 5348   ElbyCDIO (d71233d7ccc2e64f8715a20428d5a33b) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
00:36:04.0154 5348   ElbyCDIO - ok
00:36:04.0170 5348   epfwtdir (06c65ac0a703cf8eea4f284d901a1550) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
00:36:04.0170 5348   epfwtdir - ok
00:36:04.0217 5348   Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
00:36:04.0217 5348   Fastfat - ok
00:36:04.0248 5348   Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
00:36:04.0248 5348   Fdc - ok
00:36:04.0295 5348   FilterService (20fe03294ac1429ae88a64c2f754b0d4) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
00:36:04.0295 5348   FilterService - ok
00:36:04.0342 5348   Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
00:36:04.0342 5348   Fips - ok
00:36:04.0373 5348   Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
00:36:04.0373 5348   Flpydisk - ok
00:36:04.0404 5348   FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
00:36:04.0404 5348   FltMgr - ok
00:36:04.0435 5348   Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
00:36:04.0435 5348   Fs_Rec - ok
00:36:04.0435 5348   Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
00:36:04.0435 5348   Ftdisk - ok
00:36:04.0498 5348   GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
00:36:04.0498 5348   GEARAspiWDM - ok
00:36:04.0529 5348   Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
00:36:04.0529 5348   Gpc - ok
00:36:04.0592 5348   HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
00:36:04.0592 5348   HDAudBus - ok
00:36:04.0623 5348   hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
00:36:04.0623 5348   hidusb - ok
00:36:04.0638 5348   hpn - ok
00:36:04.0685 5348   HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
00:36:04.0685 5348   HTTP - ok
00:36:04.0685 5348   i2omgmt - ok
00:36:04.0701 5348   i2omp - ok
00:36:04.0748 5348   i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
00:36:04.0748 5348   i8042prt - ok
00:36:04.0779 5348   Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
00:36:04.0779 5348   Imapi - ok
00:36:04.0795 5348   ini910u - ok
00:36:04.0920 5348   IntcAzAudAddService (dbc702fbc70dc58d9122ce56eadbd659) C:\WINDOWS\system32\drivers\RtkHDAud.sys
00:36:04.0935 5348   IntcAzAudAddService - ok
00:36:04.0967 5348   IntelIde - ok
00:36:05.0013 5348   intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
00:36:05.0013 5348   intelppm - ok
00:36:05.0060 5348   Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
00:36:05.0060 5348   Ip6Fw - ok
00:36:05.0107 5348   IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
00:36:05.0107 5348   IpFilterDriver - ok
00:36:05.0154 5348   IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
00:36:05.0154 5348   IpInIp - ok
00:36:05.0217 5348   IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
00:36:05.0217 5348   IpNat - ok
00:36:05.0248 5348   IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
00:36:05.0248 5348   IPSec - ok
00:36:05.0263 5348   IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
00:36:05.0263 5348   IRENUM - ok
00:36:05.0310 5348   isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
00:36:05.0310 5348   isapnp - ok
00:36:05.0342 5348   Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
00:36:05.0342 5348   Kbdclass - ok
00:36:05.0357 5348   kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
00:36:05.0357 5348   kbdhid - ok
00:36:05.0373 5348   kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
00:36:05.0373 5348   kmixer - ok
00:36:05.0404 5348   KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
00:36:05.0404 5348   KSecDD - ok
00:36:05.0435 5348   lbrtfdc - ok
00:36:05.0498 5348   LVPr2Mon (8be71d7edb8c7494913722059f760dd0) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
00:36:05.0498 5348   LVPr2Mon - ok
00:36:05.0545 5348   LVRS (e52f5a2cadcf08d07f559962f807a0a2) C:\WINDOWS\system32\DRIVERS\lvrs.sys
00:36:05.0545 5348   LVRS - ok
00:36:05.0717 5348   LVUVC (c3d02260beb2b48dea1efdfca91e4b69) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
00:36:05.0748 5348   LVUVC - ok
00:36:05.0810 5348   mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
00:36:05.0810 5348   mnmdd - ok
00:36:05.0857 5348   Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
00:36:05.0857 5348   Modem - ok
00:36:05.0904 5348   Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
00:36:05.0904 5348   Mouclass - ok
00:36:05.0951 5348   mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
00:36:05.0951 5348   mouhid - ok
00:36:05.0998 5348   MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
00:36:05.0998 5348   MountMgr - ok
00:36:06.0013 5348   mraid35x - ok
00:36:06.0076 5348   MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
00:36:06.0076 5348   MRxDAV - ok
00:36:06.0123 5348   MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
00:36:06.0123 5348   MRxSmb - ok
00:36:06.0170 5348   Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
00:36:06.0170 5348   Msfs - ok
00:36:06.0232 5348   MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
00:36:06.0232 5348   MSKSSRV - ok
00:36:06.0279 5348   MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
00:36:06.0279 5348   MSPCLOCK - ok
00:36:06.0295 5348   MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
00:36:06.0295 5348   MSPQM - ok
00:36:06.0326 5348   mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
00:36:06.0326 5348   mssmbios - ok
00:36:06.0373 5348   MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
00:36:06.0373 5348   MSTEE - ok
00:36:06.0404 5348   Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
00:36:06.0404 5348   Mup - ok
00:36:06.0420 5348   NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
00:36:06.0435 5348   NABTSFEC - ok
00:36:06.0482 5348   NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
00:36:06.0482 5348   NDIS - ok
00:36:06.0498 5348   NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
00:36:06.0498 5348   NdisIP - ok
00:36:06.0545 5348   NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
00:36:06.0545 5348   NdisTapi - ok
00:36:06.0576 5348   Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
00:36:06.0576 5348   Ndisuio - ok
00:36:06.0592 5348   NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
00:36:06.0592 5348   NdisWan - ok
00:36:06.0654 5348   NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
00:36:06.0654 5348   NDProxy - ok
00:36:06.0685 5348   NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
00:36:06.0685 5348   NetBIOS - ok
00:36:06.0717 5348   NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
00:36:06.0732 5348   NetBT - ok
00:36:06.0779 5348   Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
00:36:06.0779 5348   Npfs - ok
00:36:06.0810 5348   Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
00:36:06.0810 5348   Ntfs - ok
00:36:06.0842 5348   Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
00:36:06.0842 5348   Null - ok
00:36:06.0888 5348   NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
00:36:06.0888 5348   NwlnkFlt - ok
00:36:06.0920 5348   NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
00:36:06.0920 5348   NwlnkFwd - ok
00:36:06.0998 5348   Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
00:36:06.0998 5348   Parport - ok
00:36:07.0013 5348   PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
00:36:07.0013 5348   PartMgr - ok
00:36:07.0060 5348   ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
00:36:07.0060 5348   ParVdm - ok
00:36:07.0107 5348   pavboot (3adb8bd6154a3ef87496e8fce9c22493) C:\WINDOWS\system32\drivers\pavboot.sys
00:36:07.0107 5348   pavboot - ok
00:36:07.0154 5348   PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
00:36:07.0154 5348   PCI - ok
00:36:07.0185 5348   PCIDump - ok
00:36:07.0217 5348   PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
00:36:07.0217 5348   PCIIde - ok
00:36:07.0263 5348   Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
00:36:07.0263 5348   Pcmcia - ok
00:36:07.0295 5348   PDCOMP - ok
00:36:07.0310 5348   PDFRAME - ok
00:36:07.0310 5348   PDRELI - ok
00:36:07.0310 5348   PDRFRAME - ok
00:36:07.0326 5348   perc2 - ok
00:36:07.0357 5348   perc2hib - ok
00:36:07.0404 5348   PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
00:36:07.0404 5348   PptpMiniport - ok
00:36:07.0404 5348   PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
00:36:07.0404 5348   PSched - ok
00:36:07.0435 5348   Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
00:36:07.0435 5348   Ptilink - ok
00:36:07.0451 5348   ql1080 - ok
00:36:07.0451 5348   Ql10wnt - ok
00:36:07.0467 5348   ql12160 - ok
00:36:07.0467 5348   ql1240 - ok
00:36:07.0498 5348   ql1280 - ok
00:36:07.0513 5348   RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
00:36:07.0513 5348   RasAcd - ok
00:36:07.0545 5348   Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
00:36:07.0545 5348   Rasl2tp - ok
00:36:07.0560 5348   RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
00:36:07.0560 5348   RasPppoe - ok
00:36:07.0576 5348   Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
00:36:07.0576 5348   Raspti - ok
00:36:07.0607 5348   Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
00:36:07.0607 5348   Rdbss - ok
00:36:07.0638 5348   RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
00:36:07.0638 5348   RDPCDD - ok
00:36:07.0654 5348   rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
00:36:07.0654 5348   rdpdr - ok
00:36:07.0717 5348   RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
00:36:07.0717 5348   RDPWD - ok
00:36:07.0779 5348   redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
00:36:07.0779 5348   redbook - ok
00:36:07.0842 5348   Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
00:36:07.0842 5348   Secdrv - ok
00:36:07.0857 5348   Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
00:36:07.0857 5348   Serial - ok
00:36:07.0888 5348   Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
00:36:07.0888 5348   Sfloppy - ok
00:36:07.0904 5348   Simbad - ok
00:36:07.0920 5348   SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
00:36:07.0920 5348   SLIP - ok
00:36:07.0935 5348   Sparrow - ok
00:36:07.0982 5348   splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
00:36:07.0982 5348   splitter - ok
00:36:08.0013 5348   sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
00:36:08.0013 5348   sr - ok
00:36:08.0029 5348   Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
00:36:08.0029 5348   Srv - ok
00:36:08.0060 5348   streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
00:36:08.0060 5348   streamip - ok
00:36:08.0107 5348   swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
00:36:08.0107 5348   swenum - ok
00:36:08.0138 5348   swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
00:36:08.0138 5348   swmidi - ok
00:36:08.0170 5348   symc810 - ok
00:36:08.0185 5348   symc8xx - ok
00:36:08.0185 5348   sym_hi - ok
00:36:08.0201 5348   sym_u3 - ok
00:36:08.0263 5348   sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
00:36:08.0263 5348   sysaudio - ok
00:36:08.0326 5348   Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
00:36:08.0326 5348   Tcpip - ok
00:36:08.0357 5348   TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
00:36:08.0357 5348   TDPIPE - ok
00:36:08.0373 5348   TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
00:36:08.0373 5348   TDTCP - ok
00:36:08.0404 5348   TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
00:36:08.0404 5348   TermDD - ok
00:36:08.0420 5348   TosIde - ok
00:36:08.0467 5348   Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
00:36:08.0467 5348   Udfs - ok
00:36:08.0482 5348   ultra - ok
00:36:08.0529 5348   Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
00:36:08.0529 5348   Update - ok
00:36:08.0576 5348   USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
00:36:08.0576 5348   USBAAPL - ok
00:36:08.0638 5348   usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
00:36:08.0638 5348   usbaudio - ok
00:36:08.0685 5348   usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
00:36:08.0685 5348   usbccgp - ok
00:36:08.0748 5348   usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
00:36:08.0748 5348   usbehci - ok
00:36:08.0795 5348   usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
00:36:08.0795 5348   usbhub - ok
00:36:08.0842 5348   usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
00:36:08.0842 5348   usbprint - ok
00:36:08.0888 5348   usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
00:36:08.0888 5348   usbscan - ok
00:36:08.0920 5348   USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
00:36:08.0920 5348   USBSTOR - ok
00:36:08.0951 5348   usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
00:36:08.0951 5348   usbuhci - ok
00:36:08.0998 5348   usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
00:36:08.0998 5348   usbvideo - ok
00:36:09.0076 5348   VClone (fce98c43b5c5db8e0da8ea0e2b45e044) C:\WINDOWS\system32\DRIVERS\VClone.sys
00:36:09.0076 5348   VClone - ok
00:36:09.0076 5348   VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
00:36:09.0076 5348   VgaSave - ok
00:36:09.0092 5348   ViaIde - ok
00:36:09.0123 5348   VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
00:36:09.0123 5348   VolSnap - ok
00:36:09.0138 5348   Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
00:36:09.0138 5348   Wanarp - ok
00:36:09.0154 5348   WDICA - ok
00:36:09.0201 5348   wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
00:36:09.0201 5348   wdmaud - ok
00:36:09.0279 5348   WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
00:36:09.0279 5348   WSTCODEC - ok
00:36:09.0342 5348   WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
00:36:09.0342 5348   WudfPf - ok
00:36:09.0388 5348   WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
00:36:09.0388 5348   WudfRd - ok
00:36:09.0404 5348   MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
00:36:09.0435 5348   \Device\Harddisk0\DR0 - ok
00:36:09.0435 5348   MBR (0x1B8) (8ff255184f078c9c04e6a2ce66117c5c) \Device\Harddisk1\DR3
00:36:09.0451 5348   \Device\Harddisk1\DR3 - ok
00:36:09.0451 5348   Boot (0x1200) (b0513166327f82d1e6a555a9ed13c05d) \Device\Harddisk0\DR0\Partition0
00:36:09.0451 5348   \Device\Harddisk0\DR0\Partition0 - ok
00:36:09.0467 5348   Boot (0x1200) (2ee975d9da4bcd201477788d9fdf1ba1) \Device\Harddisk0\DR0\Partition1
00:36:09.0467 5348   \Device\Harddisk0\DR0\Partition1 - ok
00:36:09.0467 5348   Boot (0x1200) (37982e79dc8ee53021886109bc6b127a) \Device\Harddisk1\DR3\Partition0
00:36:09.0467 5348   \Device\Harddisk1\DR3\Partition0 - ok
00:36:09.0467 5348   ============================================================
00:36:09.0467 5348   Scan finished
00:36:09.0467 5348   ============================================================
00:36:09.0498 5488   Detected object count: 0
00:36:09.0498 5488   Actual detected object count: 0

Hoov · « **Reply #9 on:** January 06, 2012, 10:19:26 AM »

* Anyone other than the originator of this thread, you would be best advised to not run combofix without guidance from someone trained in its use. It is a very powerful tool that can cause damage to your computer if used wrong.

Run comboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Also make sure you close all your browsers just before the instructions tell you to start the scanner.

Please include the C:\ComboFix.txt in your next reply for further review.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

galan · « **Reply #10 on:** January 06, 2012, 11:58:32 AM »

ComboFix 12-01-06.01 - Gail 01/06/2012 12:50:11.1.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2428 [GMT -5:00]
Running from: c:\documents and settings\Gail\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 5.0 *Disabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\~OtxzMAdeY7kqEj
c:\documents and settings\All Users\Application Data\~OtxzMAdeY7kqEjr
c:\documents and settings\All Users\Application Data\OtxzMAdeY7kqEj
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Gail\Application Data\Mozilla\Firefox\Profiles\wp8z0511.default\searchplugins\bing-zugo.xml
c:\documents and settings\Gail\Application Data\PriceGong
c:\documents and settings\Gail\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Gail\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Gail\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Gail\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Gail\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Gail\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Gail\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Gail\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Gail\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Gail\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Gail\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Gail\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Gail\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Gail\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Gail\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Gail\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Gail\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Gail\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Gail\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Gail\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Gail\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Gail\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Gail\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Gail\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Gail\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Gail\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Gail\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Gail\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Gail\g2ax_customer_downloadhelper_win32_x86.exe
c:\documents and settings\Gail\Local Settings\Application Data\.#
c:\documents and settings\Gail\Local Settings\Application Data\.#\MBX@184@383470.###
c:\documents and settings\Gail\Local Settings\Application Data\.#\MBX@184@383480.###
c:\documents and settings\Gail\Local Settings\Application Data\.#\MBX@184@383490.###
c:\documents and settings\Gail\Local Settings\Application Data\.#\MBX@184@3834A0.###
c:\documents and settings\Gail\Local Settings\Application Data\.#\MBX@53C@383470.###
c:\documents and settings\Gail\Local Settings\Application Data\.#\MBX@53C@383480.###
c:\documents and settings\Gail\Local Settings\Application Data\.#\MBX@53C@383490.###
c:\documents and settings\Gail\Local Settings\Application Data\.#\MBX@53C@3834A0.###
c:\documents and settings\Gail\Local Settings\Application Data\.#\MBX@720@383470.###
c:\documents and settings\Gail\Local Settings\Application Data\.#\MBX@720@383480.###
c:\documents and settings\Gail\Local Settings\Application Data\.#\MBX@720@383490.###
c:\documents and settings\Gail\Local Settings\Application Data\.#\MBX@720@3834A0.###
c:\documents and settings\Gail\Local Settings\Application Data\.#\MBX@97C@383470.###
c:\documents and settings\Gail\Local Settings\Application Data\.#\MBX@97C@383480.###
c:\documents and settings\Gail\Local Settings\Application Data\.#\MBX@97C@383490.###
c:\documents and settings\Gail\Local Settings\Application Data\.#\MBX@97C@3834A0.###
c:\documents and settings\Gail\Local Settings\Application Data\.#\MBX@F50@383470.###
c:\documents and settings\Gail\Local Settings\Application Data\.#\MBX@F50@383480.###
c:\documents and settings\Gail\Local Settings\Application Data\.#\MBX@F50@383490.###
c:\documents and settings\Gail\Local Settings\Application Data\.#\MBX@F50@3834A0.###
c:\documents and settings\Gail\My Documents\~WRL0001.tmp
c:\documents and settings\Gail\My Documents\~WRL0002.tmp
c:\documents and settings\Gail\Start Menu\Programs\System Check\System Check.lnk
c:\documents and settings\Gail\Start Menu\Programs\System Check\Uninstall System Check.lnk
c:\documents and settings\Gail\WINDOWS
c:\windows\system32\SETB19.tmp
c:\windows\system32\SETB1B.tmp
c:\windows\system32\SETB1F.tmp
c:\windows\system32\SETB20.tmp
c:\windows\system32\SETB27.tmp
c:\windows\system32\SETB29.tmp
c:\windows\system32\spool\prtprocs\w32x86\pcldll6l.dll
c:\windows\system32\spool\prtprocs\w32x86\zpp.dll
E:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-12-06 to 2012-01-06 )))))))))))))))))))))))))))))))
.
.
2012-01-05 17:59 . 2009-06-30 15:37   28552   ----a-w-   c:\windows\system32\drivers\pavboot.sys
2012-01-05 17:59 . 2012-01-05 17:59   --------   d-----w-   c:\program files\Panda Security
2012-01-05 17:59 . 2012-01-05 17:59   --------   d-----w-   c:\windows\LastGood
2012-01-05 14:46 . 2012-01-05 14:46   --------   d-----w-   c:\documents and settings\Gail\Application Data\Malwarebytes
2012-01-05 14:46 . 2012-01-05 14:46   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2012-01-05 14:46 . 2012-01-05 14:46   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2012-01-05 14:46 . 2011-12-10 20:24   20464   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-01-05 04:33 . 2012-01-05 04:33   --------   d-----w-   c:\documents and settings\All Users\Application Data\PC Tools
2012-01-04 23:54 . 2012-01-05 00:09   --------   d-----w-   c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2012-01-04 23:52 . 2012-01-04 23:52   388096   ----a-r-   c:\documents and settings\Gail\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-04 23:52 . 2012-01-04 23:52   --------   d-----w-   c:\program files\Trend Micro
2011-12-31 19:20 . 2011-12-31 19:20   --------   d-----w-   C:\DiD
2011-12-31 05:11 . 2011-12-31 05:11   --------   d-----w-   c:\program files\DID
2011-12-31 05:06 . 1996-01-09 10:38   283648   ----a-w-   c:\windows\uninst.exe
2011-12-31 03:06 . 2011-12-31 03:06   --------   d-----w-   c:\program files\iPod
2011-12-31 03:06 . 2011-12-31 03:07   --------   d-----w-   c:\program files\iTunes
2011-12-31 03:03 . 2011-12-31 03:03   --------   d-----w-   c:\program files\Bonjour
2011-12-10 20:48 . 2011-12-10 20:48   --------   d-----w-   c:\program files\ESET
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-23 13:25 . 2004-08-04 04:17   1859584   ----a-w-   c:\windows\system32\win32k.sys
2011-11-04 19:20 . 2004-08-04 05:56   1469440   ------w-   c:\windows\system32\inetcpl.cpl
2011-11-04 19:20 . 2004-08-04 05:56   916992   ----a-w-   c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2004-08-04 05:56   43520   ----a-w-   c:\windows\system32\licmgr10.dll
2011-11-04 11:23 . 2004-08-04 03:59   385024   ----a-w-   c:\windows\system32\html.iec
2011-11-01 16:07 . 2004-08-04 05:56   1288704   ----a-w-   c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2004-08-04 05:56   33280   ----a-w-   c:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 2004-08-04 04:18   2148864   ----a-w-   c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2004-08-03 22:59   2027008   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13 . 2004-08-04 05:56   186880   ----a-w-   c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2010-07-22 23:19   692736   ----a-w-   c:\windows\system32\inetcomm.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\documents and settings\Gail\Application Data\mjusbsp\cdloader2.exe" [2011-08-23 50592]
"Logitech Vid"="c:\program files\Logitech\Vid\Vid.exe" [2010-05-11 6061400]
"Logitech Vid HD"="c:\program files\Logitech\Vid\vid.exe" [2010-05-11 6061400]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-01-09 16859648]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-09 2183168]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
"hp 1000 firmware"="c:\program files\hp LaserJet 1000\fwdl.exe" [2001-12-15 36864]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 40960]
"SetDefPrt"="c:\program files\Brother\Brmfl04g\BrStDvPt.exe" [2004-11-11 49152]
"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2005-01-07 864256]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-08 98304]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 3080264]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute   REG_MULTI_SZ     autocheck autochk *\0\0sdnclean.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Activision\\Call of Duty - Black Ops\\BlackOps.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Logitech\\Vid\\Vid.exe"=
"c:\\Documents and Settings\\Gail\\Application Data\\mjusbsp\\magicJack.exe"=
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [3/19/2009 10:44 AM 118104]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [3/19/2009 10:45 AM 103112]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [9/22/2011 12:03 PM 974944]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/27/2010 1:47 AM 136176]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 10:58 AM 11336]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/27/2010 1:47 AM 136176]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 58607140
*Deregistered* - 58607140
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:34]
.
2012-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-27 06:47]
.
2012-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-27 06:47]
.
2012-01-06 c:\windows\Tasks\User_Feed_Synchronization-{3E045906-B672-4A9A-8B43-6F7D37DA6C2C}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Gail\Application Data\Mozilla\Firefox\Profiles\wp8z0511.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z003&form=ZGAADF&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Imation Disk Manager V a Service - c:\docume~1\Gail\LOCALS~1\Temp\Imation Disk Manager V a.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-06 12:53
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1008)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\windows\System32\BCMLogon.dll
.
Completion time: 2012-01-06 12:55:10
ComboFix-quarantined-files.txt 2012-01-06 17:54
.
Pre-Run: 75,945,922,560 bytes free
Post-Run: 76,258,045,952 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
;
;Warning: Boot.ini is used on Windows XP and earlier operating systems.
;Warning: Use BCDEDIT.exe to modify Windows Vista boot options.
;
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /NOEXECUTE=OPTIN /FASTDETECT
.
- - End Of File - - 711185CBC02664AC6AECA26F58EE829C

Hoov · « **Reply #11 on:** January 06, 2012, 01:10:00 PM »

Did the other missing items come back? How is the computer running now?

galan · « **Reply #12 on:** January 06, 2012, 01:48:17 PM »

No they are still missing. The system itself is running fine however.

Hoov · « **Reply #13 on:** January 06, 2012, 03:22:24 PM »

Please run unhide again and let me know how it goes.

galan · « **Reply #14 on:** January 06, 2012, 03:40:12 PM »

I did and they are still hidden. Everything is working fine otherwise though. Do you think the system is still infected?

News:

Author Topic: [Inactive] Files hidden/Win32 Olmasco (Read 1947 times)

galan

[Inactive] Files hidden/Win32 Olmasco

Hoov

Re: [In Progress] Files hidden/Win32 Olmasco

galan

Re: [In Progress] Files hidden/Win32 Olmasco

Hoov

Re: [In Progress] Files hidden/Win32 Olmasco

galan

Re: [In Progress] Files hidden/Win32 Olmasco

Hoov

Re: [In Progress] Files hidden/Win32 Olmasco

galan

Re: [In Progress] Files hidden/Win32 Olmasco

Hoov

Re: [In Progress] Files hidden/Win32 Olmasco

galan

Re: [In Progress] Files hidden/Win32 Olmasco

Hoov

Re: [In Progress] Files hidden/Win32 Olmasco

galan

Re: [In Progress] Files hidden/Win32 Olmasco

Hoov

Re: [In Progress] Files hidden/Win32 Olmasco

galan

Re: [In Progress] Files hidden/Win32 Olmasco

Hoov

Re: [In Progress] Files hidden/Win32 Olmasco

galan

Re: [In Progress] Files hidden/Win32 Olmasco