Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Search redirect, ie, firefox and safari

Started by Chemwapuwa , May 11 2010 01:48 PM

  • Please log in to reply

#16
Chemwapuwa
Posted 16 May 2010 - 04:53 PM

Chemwapuwa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
OTL logfile created on: 5/16/2010 6:44:18 PM - Run 4
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\chemwapuwa\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 80.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 267.74 Gb Free Space | 89.82% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHEMWAPU-3E99BA
Current User Name: chemwapuwa
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/05/15 22:48:17 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\chemwapuwa\Desktop\OTL.exe
PRC - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/02/18 13:23:54 | 000,265,728 | ---- | M] (Livescribe) -- C:\Program Files\Common Files\Livescribe\PenComm\PenCommService.exe
PRC - [2010/02/11 15:36:12 | 000,300,400 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
PRC - [2009/09/28 10:42:50 | 000,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/01 16:00:50 | 000,794,624 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2007/11/01 15:40:04 | 001,183,744 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2007/11/01 15:35:40 | 000,483,328 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2007/09/28 13:24:36 | 000,156,976 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Maxtor\Sync\SyncServices.exe
PRC - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe


========== Modules (SafeList) ==========

MOD - [2010/05/15 22:48:17 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\chemwapuwa\Desktop\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)
SRV - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/02/18 13:23:54 | 000,265,728 | ---- | M] (Livescribe) [Auto | Running] -- C:\Program Files\Common Files\Livescribe\PenComm\PenCommService.exe -- (PenCommService)
SRV - [2010/02/11 15:36:12 | 000,300,400 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe -- (Kodak AiO Network Discovery Service)
SRV - [2009/11/13 16:13:04 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/09/28 10:42:50 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2007/11/01 16:00:50 | 000,794,624 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2007/11/01 15:40:04 | 001,183,744 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2007/11/01 15:35:40 | 000,483,328 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2007/09/28 13:24:36 | 000,156,976 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Maxtor\Sync\SyncServices.exe -- (Maxtor Sync Service)
SRV - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2005/03/14 13:05:02 | 000,069,632 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2009/11/17 14:46:28 | 000,020,096 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PulseUsb.sys -- (PulseUsb)
DRV - [2009/07/13 16:51:12 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2009/03/09 01:04:25 | 000,250,368 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2008/04/13 12:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/15 15:12:06 | 005,854,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007/12/06 11:51:00 | 000,285,952 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2007/10/31 12:23:20 | 002,236,544 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel®
DRV - [2007/08/27 13:10:36 | 000,012,288 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007/05/03 14:37:08 | 000,022,152 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxopswd.sys -- (MXOPSWD)
DRV - [2006/09/27 20:26:00 | 000,893,952 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2006/08/22 14:39:14 | 001,177,864 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.netflix.com/WiHome
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/04/29 18:56:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKLM\software\mozilla\SeaMonkey 2.0.4\extensions\\Components: C:\Program Files\SeaMonkey\components [2010/04/29 19:00:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\SeaMonkey 2.0.4\extensions\\Plugins: C:\Program Files\SeaMonkey\plugins [2010/04/29 18:59:05 | 000,000,000 | ---D | M]

[2010/05/10 20:59:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\chemwapuwa\Application Data\Mozilla\Extensions
[2010/04/29 19:00:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\chemwapuwa\Application Data\Mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}
[2010/04/29 19:00:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\chemwapuwa\Application Data\Mozilla\SeaMonkey\Profiles\fb2a3ruj.default\extensions

O1 HOSTS File: ([2006/02/28 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} http://intel-drv-cdn...reqlab_srlx.cab (System Requirements Lab Class)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.5.0.cab (DLM Control)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1253146200484 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1255835661312 (MUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} http://support.gatew...rvest/gwCID.CAB (compid Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} http://mobileapps.bl...re/AxLoader.cab (RIM AxLoader)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Web-Based Email Tools http://email01.secur...et/Download.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.175.128.46 65.175.128.47
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\chemwapuwa\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\chemwapuwa\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/19 20:08:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/05/16 17:54:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\chemwapuwa\Desktop\gmer
[2010/05/16 17:43:46 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/05/16 13:49:38 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/05/16 04:33:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\chemwapuwa\Local Settings\Application Data\Yahoo!
[2010/05/16 04:24:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\chemwapuwa\Desktop\RootRepeal
[2010/05/16 02:55:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8
[2010/05/16 00:01:48 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/05/15 22:58:47 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/15 22:58:46 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/15 22:58:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/15 22:51:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\chemwapuwa\Desktop\tdsskiller
[2010/05/15 22:48:13 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\chemwapuwa\Desktop\OTL.exe
[2010/05/15 19:47:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
[2010/05/15 02:00:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/05/15 02:00:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/05/11 15:34:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/05/11 14:54:38 | 002,131,808 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\chemwapuwa\Desktop\avg_free_stb_all_9_114_cnet.exe
[2010/05/10 23:08:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2010/05/10 21:27:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\chemwapuwa\Local Settings\Application Data\Threat Expert
[2010/05/10 21:18:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/05/10 20:37:32 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/05/10 20:32:45 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/05/10 20:32:45 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/05/10 20:32:45 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/05/10 20:32:45 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/05/10 20:32:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/05/10 20:32:06 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/05/10 20:19:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\chemwapuwa\Application Data\Malwarebytes
[2010/05/10 20:19:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/05/10 19:57:41 | 006,153,384 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\chemwapuwa\Desktop\mbam-setup.exe
[2010/05/09 16:08:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/05/09 16:08:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/05/05 20:19:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\chemwapuwa\My Documents\Downloads
[2010/04/29 19:00:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\chemwapuwa\Local Settings\Application Data\Mozilla
[2010/04/29 19:00:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\chemwapuwa\Application Data\Mozilla
[2010/04/29 18:59:04 | 000,000,000 | ---D | C] -- C:\Program Files\SeaMonkey
[2010/04/29 18:56:47 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2010/04/29 17:57:54 | 000,000,000 | ---D | C] -- C:\i3dthemes
[2010/04/29 17:48:44 | 000,000,000 | ---D | C] -- C:\Program Files\Starfield
[2010/04/29 17:27:15 | 000,000,000 | ---D | C] -- C:\Program Files\LTMOD
[2010/04/29 17:25:35 | 000,000,000 | ---D | C] -- C:\FrontPage Tools
[2010/04/29 17:25:20 | 000,720,896 | ---- | C] (Indigo Rose Corporation) -- C:\WINDOWS\iun6002.exe
[2010/04/29 17:25:17 | 000,000,000 | ---D | C] -- C:\Program Files\NetPlugin Tags
[2010/04/29 17:24:32 | 000,313,856 | ---- | C] (Softuarium) -- C:\WINDOWS\System32\xwebpic.ocx
[2010/04/29 17:24:32 | 000,073,728 | ---- | C] (DPA Software) -- C:\WINDOWS\System32\DPARTL.dll
[2010/04/29 17:24:32 | 000,049,152 | ---- | C] (DPA Software) -- C:\WINDOWS\System32\DPAMenu.dll
[2010/04/29 17:24:32 | 000,000,000 | ---D | C] -- C:\Program Files\DPA Software
[2010/04/29 17:05:57 | 000,000,000 | ---D | C] -- C:\FPTemplates
[2010/04/29 17:04:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\chemwapuwa\Desktop\websuits
[2010/04/29 16:58:47 | 000,000,000 | --SD | C] -- C:\Documents and Settings\chemwapuwa\My Documents\My Webs
[2010/04/26 14:21:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\chemwapuwa\Desktop\comp
[2010/04/24 18:47:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ZoomBrowser
[2010/04/24 18:46:18 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
[2010/04/23 11:05:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\chemwapuwa\Desktop\shendee
[2010/04/21 23:49:24 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/04/21 23:49:20 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/04/21 23:49:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/04/21 23:47:14 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/04/21 23:45:21 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/04/18 20:59:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\chemwapuwa\Local Settings\Application Data\HuluDesktop
[2010/04/18 20:59:42 | 000,888,928 | ---- | C] (Hulu) -- C:\Documents and Settings\chemwapuwa\Desktop\HuluDesktopSetup.exe
[2010/04/17 11:08:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\kodak
[2010/04/17 11:06:20 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2010/04/17 10:17:20 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2010/03/28 21:54:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\chemwapuwa\Application Data\Google
[2010/03/28 21:32:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\chemwapuwa\Local Settings\Application Data\Temp
[2010/03/28 21:32:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/03/28 21:28:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\chemwapuwa\Application Data\skypePM
[2010/03/28 21:27:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/03/28 21:27:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\chemwapuwa\Local Settings\Application Data\Google
[2010/03/28 21:27:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\chemwapuwa\Application Data\Skype
[2010/03/28 21:27:14 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010/03/28 21:26:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/03/28 21:26:50 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010/03/28 21:26:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2010/03/28 21:22:04 | 000,000,000 | ---D | C] -- C:\Program Files\Code Laboratories
[2010/03/25 21:23:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\chemwapuwa\Application Data\Alawar
[2010/03/25 21:21:55 | 000,000,000 | ---D | C] -- C:\Program Files\WildGames
[2010/03/25 21:15:33 | 034,512,784 | ---- | C] (WildTangent) -- C:\Documents and Settings\chemwapuwa\My Documents\hyperballoidthenextchallenge-setup.exe
[2010/03/25 18:24:00 | 000,000,000 | ---D | C] -- C:\Program Files\Livescribe
[2010/03/22 13:34:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\chemwapuwa\Local Settings\Application Data\Help
[2010/03/22 13:34:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\chemwapuwa\Application Data\Help
[2010/03/22 13:28:51 | 000,317,952 | ---- | C] (Blue Sky Software Corporation.) -- C:\WINDOWS\Roboex32.dll
[2010/03/22 13:26:42 | 000,000,000 | ---D | C] -- C:\Program Files\ALK Technologies
[2010/03/22 10:43:42 | 000,178,000 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\chemwapuwa\Desktop\TDSSKiller.exe
[2010/03/16 19:08:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Streets & Trips
[2010/03/16 19:08:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Location Finder
[2010/03/16 17:06:34 | 014,506,016 | ---- | C] (WildTangent) -- C:\Documents and Settings\chemwapuwa\My Documents\strikeball2-setup.exe
[2010/02/27 13:08:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\chemwapuwa\Application Data\Canon
[2010/02/27 13:07:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\chemwapuwa\Local Settings\Application Data\CANON_INC
[2010/02/21 15:22:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Canon
[2010/02/20 00:45:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/05/16 18:43:16 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/16 18:43:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/16 17:54:32 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\chemwapuwa\Desktop\gmer.exe
[2010/05/16 17:50:58 | 004,194,304 | ---- | M] () -- C:\Documents and Settings\chemwapuwa\ntuser.dat
[2010/05/16 17:50:58 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\chemwapuwa\ntuser.ini
[2010/05/16 17:40:54 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\chemwapuwa\Desktop\gmer.zip
[2010/05/16 13:58:55 | 000,000,638 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/16 13:58:55 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/05/16 13:58:55 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/16 13:55:12 | 000,027,957 | ---- | M] () -- C:\Documents and Settings\chemwapuwa\Desktop\AIG Stubs 122709 - 021310.zip
[2010/05/16 13:31:17 | 000,000,432 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{6D05B59C-29A6-4B50-929C-E9CB78A9A916}.job
[2010/05/16 04:27:31 | 000,000,015 | ---- | M] () -- C:\Documents and Settings\chemwapuwa\Desktop\settings.dat
[2010/05/16 04:24:46 | 000,472,064 | ---- | M] ( ) -- C:\Documents and Settings\chemwapuwa\Desktop\RootRepeal.exe
[2010/05/16 04:11:33 | 000,021,949 | ---- | M] () -- C:\Documents and Settings\chemwapuwa\Desktop\bitdefender.html
[2010/05/15 22:58:50 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/15 22:56:25 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/15 22:51:50 | 000,178,000 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\chemwapuwa\Desktop\TDSSKiller.exe
[2010/05/15 22:48:17 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\chemwapuwa\Desktop\OTL.exe
[2010/05/15 22:47:44 | 006,153,384 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\chemwapuwa\Desktop\mbam-setup.exe
[2010/05/15 22:44:18 | 000,464,491 | ---- | M] () -- C:\Documents and Settings\chemwapuwa\Desktop\RootRepeal.zip
[2010/05/15 22:43:19 | 003,689,423 | R--- | M] () -- C:\Documents and Settings\chemwapuwa\Desktop\george.exe
[2010/05/15 22:29:27 | 000,154,469 | ---- | M] () -- C:\Documents and Settings\chemwapuwa\Desktop\tdsskiller.zip
[2010/05/15 02:12:38 | 000,000,173 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2010/05/11 14:54:50 | 002,131,808 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\chemwapuwa\Desktop\avg_free_stb_all_9_114_cnet.exe
[2010/05/09 16:12:57 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/05/08 16:13:10 | 000,264,478 | ---- | M] () -- C:\Documents and Settings\chemwapuwa\Desktop\bingo may2010.pdf
[2010/05/05 21:50:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/29 19:03:58 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/04/29 18:59:07 | 000,001,564 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SeaMonkey.lnk
[2010/04/29 18:56:49 | 000,001,668 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Thunderbird.lnk
[2010/04/29 17:25:08 | 000,720,896 | ---- | M] (Indigo Rose Corporation) -- C:\WINDOWS\iun6002.exe
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/28 13:27:00 | 000,000,440 | ---- | M] () -- C:\Documents and Settings\chemwapuwa\My Documents\001_02.jpg
[2010/04/28 13:27:00 | 000,000,350 | ---- | M] () -- C:\Documents and Settings\chemwapuwa\My Documents\bullet_03.jpg
[2010/04/27 16:29:08 | 000,205,824 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/04/24 18:47:18 | 000,000,923 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ZoomBrowser EX.lnk
[2010/04/24 18:47:01 | 000,000,762 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Picture Style Editor.lnk
[2010/04/24 18:46:37 | 000,000,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\EOS Utility.lnk
[2010/04/24 18:46:19 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Digital Photo Professional.lnk
[2010/04/23 19:57:12 | 000,346,112 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2010/04/23 12:59:20 | 000,057,312 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/04/21 23:49:45 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/04/21 23:47:23 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/04/18 20:59:54 | 000,002,014 | ---- | M] () -- C:\Documents and Settings\chemwapuwa\Desktop\Hulu Desktop.lnk
[2010/04/18 20:59:47 | 000,888,928 | ---- | M] (Hulu) -- C:\Documents and Settings\chemwapuwa\Desktop\HuluDesktopSetup.exe
[2010/04/17 11:11:53 | 000,275,760 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/17 11:10:00 | 000,000,775 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\KODAK AiO Home Center.lnk
[2010/04/17 11:03:53 | 000,072,480 | ---- | M] () -- C:\Documents and Settings\chemwapuwa\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/16 20:15:20 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/16 12:59:51 | 000,048,253 | ---- | M] () -- C:\Documents and Settings\chemwapuwa\Desktop\jobsearch0301-0312.pdf
[2010/04/12 15:07:55 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\chemwapuwa\My Documents\tax audit.doc
[2010/03/28 21:28:26 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/03/28 21:26:52 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/03/28 21:23:10 | 000,000,899 | ---- | M] () -- C:\Documents and Settings\chemwapuwa\Desktop\CL-Eye Test.lnk
[2010/03/28 21:23:08 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_WinUSB_01009.Wdf
[2010/03/28 21:23:01 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2010/03/28 21:22:06 | 000,074,752 | ---- | M] () -- C:\WINDOWS\System32\CLEyeDevices.dll
[2010/03/28 16:18:18 | 004,292,024 | -H-- | M] () -- C:\Documents and Settings\chemwapuwa\Local Settings\Application Data\IconCache.db
[2010/03/25 21:22:31 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play Strike Ball 2.lnk
[2010/03/25 21:18:52 | 034,512,784 | ---- | M] (WildTangent) -- C:\Documents and Settings\chemwapuwa\My Documents\hyperballoidthenextchallenge-setup.exe
[2010/03/25 21:04:27 | 014,506,016 | ---- | M] (WildTangent) -- C:\Documents and Settings\chemwapuwa\My Documents\strikeball2-setup.exe
[2010/03/25 18:24:03 | 000,000,927 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Livescribe Desktop.lnk
[2010/03/23 12:36:23 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\chemwapuwa\My Documents\trip locas.xls
[2010/03/22 13:28:54 | 000,001,775 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PCMILER 20 Guided Tour.lnk
[2010/03/22 13:28:54 | 000,001,768 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PCMILER 20 User's Guide.lnk
[2010/03/22 13:28:54 | 000,000,899 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PCMILER 20.lnk
[2010/03/22 13:00:32 | 000,510,584 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/22 13:00:32 | 000,435,828 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/22 13:00:32 | 000,068,558 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/20 10:11:21 | 001,886,106 | ---- | M] () -- C:\Documents and Settings\chemwapuwa\Desktop\bingo_calendar_march_2010.pdf
[2010/03/16 20:14:32 | 000,016,384 | ---- | M] () -- C:\Documents and Settings\chemwapuwa\Desktop\pt chrt.xls
[2010/03/16 19:08:20 | 000,030,720 | ---- | M] () -- C:\Documents and Settings\chemwapuwa\My Documents\2007 tax audit.xls
[2010/03/16 16:42:35 | 000,372,785 | ---- | M] () -- C:\Documents and Settings\chemwapuwa\Desktop\Hard_Mazes_Set_6.pdf
[2010/03/16 16:41:42 | 000,048,894 | ---- | M] () -- C:\Documents and Settings\chemwapuwa\Desktop\Easy_Mazes_Set_4.pdf
[2010/03/16 16:41:05 | 000,048,809 | ---- | M] () -- C:\Documents and Settings\chemwapuwa\Desktop\Easy_Mazes_Set_3.pdf
[2010/03/16 16:08:24 | 000,644,395 | ---- | M] () -- C:\Documents and Settings\chemwapuwa\Desktop\Difficult_Mazes_Set_1.pdf
[2010/03/16 11:37:00 | 001,217,552 | ---- | M] () -- C:\Documents and Settings\chemwapuwa\My Documents\p1542--2008.pdf
[2010/03/16 11:35:47 | 001,152,673 | ---- | M] () -- C:\Documents and Settings\chemwapuwa\My Documents\p1542--2007.pdf
[2010/03/15 20:07:57 | 010,232,486 | ---- | M] () -- C:\Documents and Settings\chemwapuwa\Desktop\round maze.bmp
[2010/03/15 19:23:14 | 000,004,859 | ---- | M] () -- C:\Documents and Settings\chemwapuwa\Desktop\maze50.png
[2010/03/15 19:21:40 | 000,039,888 | ---- | M] () -- C:\Documents and Settings\chemwapuwa\Desktop\maze1.jpg
[2010/03/15 14:16:07 | 000,058,222 | ---- | M] () -- C:\Documents and Settings\chemwapuwa\Desktop\Snapshot 2010-03-14 23-30-28.tiff
[2010/03/15 01:46:10 | 000,064,876 | ---- | M] () -- C:\Documents and Settings\chemwapuwa\Desktop\attachments_2010_03_15.zip
[2010/03/14 22:46:00 | 001,367,262 | ---- | M] () -- C:\Documents and Settings\chemwapuwa\Desktop\Snapshot 2010-03-14 23-30-28dx.tiff
[2010/03/10 11:51:02 | 000,039,424 | ---- | M] () -- C:\Documents and Settings\chemwapuwa\My Documents\Tina L.doc
[2010/03/05 18:06:29 | 000,081,511 | ---- | M] () -- C:\Documents and Settings\chemwapuwa\Desktop\AIG Stubs 122709 - 021310.pdf
[2010/03/04 11:51:46 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\chemwapuwa\My Documents\To whom it may concern.doc
[2010/03/02 11:56:41 | 000,109,058 | ---- | M] () -- C:\Documents and Settings\chemwapuwa\My Documents\TaxReturnfrank.pdf
[2010/02/28 20:47:09 | 000,078,336 | ---- | M] () -- C:\Documents and Settings\chemwapuwa\Desktop\hand and foot.doc
[2010/02/21 19:16:06 | 006,758,756 | ---- | M] () -- C:\Documents and Settings\chemwapuwa\My Documents\bessanlisa income info.tif
[2010/02/21 19:15:51 | 001,323,393 | ---- | M] () -- C:\Documents and Settings\chemwapuwa\My Documents\bessanlisa income info.pdf
[2010/02/20 02:38:40 | 003,274,140 | ---- | M] () -- C:\Documents and Settings\chemwapuwa\My Documents\sead ggoyrds.pdf
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/16 17:40:52 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\chemwapuwa\Desktop\gmer.zip
[2010/05/16 04:25:13 | 000,000,015 | ---- | C] () -- C:\Documents and Settings\chemwapuwa\Desktop\settings.dat
[2010/05/16 04:20:24 | 000,021,949 | ---- | C] () -- C:\Documents and Settings\chemwapuwa\Desktop\bitdefender.html
[2010/05/15 22:58:50 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/15 22:44:16 | 000,464,491 | ---- | C] () -- C:\Documents and Settings\chemwapuwa\Desktop\RootRepeal.zip
[2010/05/15 22:43:08 | 003,689,423 | R--- | C] () -- C:\Documents and Settings\chemwapuwa\Desktop\george.exe
[2010/05/15 22:29:24 | 000,154,469 | ---- | C] () -- C:\Documents and Settings\chemwapuwa\Desktop\tdsskiller.zip
[2010/05/15 02:12:38 | 000,000,173 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/05/10 20:37:36 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/05/10 20:37:32 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/05/10 20:32:45 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/05/10 20:32:45 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/05/10 20:32:45 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/05/10 20:32:45 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/05/10 20:32:45 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/05/08 16:13:10 | 000,264,478 | ---- | C] () -- C:\Documents and Settings\chemwapuwa\Desktop\bingo may2010.pdf
[2010/05/05 18:17:26 | 004,194,304 | ---- | C] () -- C:\Documents and Settings\chemwapuwa\ntuser.dat
[2010/04/29 19:03:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/04/29 18:59:07 | 000,001,564 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SeaMonkey.lnk
[2010/04/29 18:56:49 | 000,001,668 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Thunderbird.lnk
[2010/04/28 13:28:33 | 000,000,350 | ---- | C] () -- C:\Documents and Settings\chemwapuwa\My Documents\bullet_03.jpg
[2010/04/28 13:28:27 | 000,000,440 | ---- | C] () -- C:\Documents and Settings\chemwapuwa\My Documents\001_02.jpg
[2010/04/24 18:47:18 | 000,000,923 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ZoomBrowser EX.lnk
[2010/04/24 18:47:01 | 000,000,762 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Picture Style Editor.lnk
[2010/04/24 18:46:37 | 000,000,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\EOS Utility.lnk
[2010/04/24 18:46:19 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Digital Photo Professional.lnk
[2010/04/23 12:59:20 | 000,057,312 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/04/21 23:49:45 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/04/21 23:47:23 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/04/18 20:59:54 | 000,002,014 | ---- | C] () -- C:\Documents and Settings\chemwapuwa\Desktop\Hulu Desktop.lnk
[2010/04/17 11:10:00 | 000,000,775 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\KODAK AiO Home Center.lnk
[2010/04/16 12:59:48 | 000,048,253 | ---- | C] () -- C:\Documents and Settings\chemwapuwa\Desktop\jobsearch0301-0312.pdf
[2010/04/08 15:59:40 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\chemwapuwa\My Documents\tax audit.doc
[2010/03/28 21:28:26 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/03/28 21:26:52 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/03/28 21:23:10 | 000,000,899 | ---- | C] () -- C:\Documents and Settings\chemwapuwa\Desktop\CL-Eye Test.lnk
[2010/03/28 21:23:08 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_WinUSB_01009.Wdf
[2010/03/28 21:23:01 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2010/03/28 21:22:04 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\CLEyeDevices.dll
[2010/03/25 21:22:31 | 000,001,791 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play Strike Ball 2.lnk
[2010/03/25 18:24:03 | 000,000,927 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Livescribe Desktop.lnk
[2010/03/23 12:36:23 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\chemwapuwa\My Documents\trip locas.xls
[2010/03/22 13:28:54 | 000,001,775 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PCMILER 20 Guided Tour.lnk
[2010/03/22 13:28:54 | 000,001,768 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PCMILER 20 User's Guide.lnk
[2010/03/22 13:28:54 | 000,000,899 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PCMILER 20.lnk
[2010/03/20 10:11:21 | 001,886,106 | ---- | C] () -- C:\Documents and Settings\chemwapuwa\Desktop\bingo_calendar_march_2010.pdf
[2010/03/16 19:32:05 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\chemwapuwa\Desktop\pt chrt.xls
[2010/03/16 16:42:32 | 000,372,785 | ---- | C] () -- C:\Documents and Settings\chemwapuwa\Desktop\Hard_Mazes_Set_6.pdf
[2010/03/16 16:41:41 | 000,048,894 | ---- | C] () -- C:\Documents and Settings\chemwapuwa\Desktop\Easy_Mazes_Set_4.pdf
[2010/03/16 16:41:05 | 000,048,809 | ---- | C] () -- C:\Documents and Settings\chemwapuwa\Desktop\Easy_Mazes_Set_3.pdf
[2010/03/16 16:08:19 | 000,644,395 | ---- | C] () -- C:\Documents and Settings\chemwapuwa\Desktop\Difficult_Mazes_Set_1.pdf
[2010/03/16 11:37:12 | 000,030,720 | ---- | C] () -- C:\Documents and Settings\chemwapuwa\My Documents\2007 tax audit.xls
[2010/03/16 11:37:00 | 001,217,552 | ---- | C] () -- C:\Documents and Settings\chemwapuwa\My Documents\p1542--2008.pdf
[2010/03/16 11:35:47 | 001,152,673 | ---- | C] () -- C:\Documents and Settings\chemwapuwa\My Documents\p1542--2007.pdf
[2010/03/15 20:07:57 | 010,232,486 | ---- | C] () -- C:\Documents and Settings\chemwapuwa\Desktop\round maze.bmp
[2010/03/15 19:23:54 | 000,004,859 | ---- | C] () -- C:\Documents and Settings\chemwapuwa\Desktop\maze50.png
[2010/03/15 19:22:25 | 000,039,888 | ---- | C] () -- C:\Documents and Settings\chemwapuwa\Desktop\maze1.jpg
[2010/03/15 01:46:31 | 001,367,262 | ---- | C] () -- C:\Documents and Settings\chemwapuwa\Desktop\Snapshot 2010-03-14 23-30-28dx.tiff
[2010/03/15 01:46:31 | 000,058,222 | ---- | C] () -- C:\Documents and Settings\chemwapuwa\Desktop\Snapshot 2010-03-14 23-30-28.tiff
[2010/03/15 01:46:10 | 000,064,876 | ---- | C] () -- C:\Documents and Settings\chemwapuwa\Desktop\attachments_2010_03_15.zip
[2010/03/10 11:51:01 | 000,039,424 | ---- | C] () -- C:\Documents and Settings\chemwapuwa\My Documents\Tina L.doc
[2010/03/05 18:07:35 | 000,027,957 | ---- | C] () -- C:\Documents and Settings\chemwapuwa\Desktop\AIG Stubs 122709 - 021310.zip
[2010/03/05 18:06:29 | 000,081,511 | ---- | C] () -- C:\Documents and Settings\chemwapuwa\Desktop\AIG Stubs 122709 - 021310.pdf
[2010/03/05 17:56:08 | 000,052,068 | ---- | C] () -- C:\Documents and Settings\chemwapuwa\Local Settings\Application Data\c4u.log
[2010/03/04 11:51:46 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\chemwapuwa\My Documents\To whom it may concern.doc
[2010/03/02 11:56:41 | 000,109,058 | ---- | C] () -- C:\Documents and Settings\chemwapuwa\My Documents\TaxReturnfrank.pdf
[2010/02/21 19:16:05 | 006,758,756 | ---- | C] () -- C:\Documents and Settings\chemwapuwa\My Documents\bessanlisa income info.tif
[2010/02/21 19:15:51 | 001,323,393 | ---- | C] () -- C:\Documents and Settings\chemwapuwa\My Documents\bessanlisa income info.pdf
[2010/02/20 02:38:40 | 003,274,140 | ---- | C] () -- C:\Documents and Settings\chemwapuwa\My Documents\sead ggoyrds.pdf
[2009/12/16 20:18:10 | 000,225,280 | ---- | C] () -- C:\WINDOWS\System32\net_rim_plazmic_flint_dialog.dll
[2009/11/24 23:51:41 | 000,343,040 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2009/11/24 23:51:41 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2009/11/16 20:56:28 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2009/10/19 19:58:53 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009/10/18 13:12:23 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2006/05/10 09:58:56 | 000,147,456 | ---- | C] () -- C:\WINDOWS\pcmgrfx.dll
[2006/05/09 10:36:24 | 000,151,552 | ---- | C] () -- C:\WINDOWS\pmwssrv.dll
[2006/05/09 10:36:24 | 000,151,552 | ---- | C] () -- C:\WINDOWS\pcmsrv32.dll
[2003/03/09 22:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2003/01/07 17:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/06 17:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2009/12/09 12:45:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Eastman Kodak Company
[2009/12/09 13:49:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kds_kodak
[2009/12/09 11:22:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Livescribe, Inc
[2009/11/16 18:15:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maxtor
[2009/10/15 19:27:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/05/10 22:04:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/11/24 22:27:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2010/04/21 23:49:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/11/23 22:18:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/03/25 21:23:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\chemwapuwa\Application Data\Alawar
[2010/02/27 13:08:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\chemwapuwa\Application Data\Canon
[2010/03/25 18:11:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\chemwapuwa\Application Data\Downloaded Installations
[2009/11/18 03:29:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\chemwapuwa\Application Data\Image Zone Express
[2009/12/16 20:18:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\chemwapuwa\Application Data\Research In Motion
[2009/11/15 15:56:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\chemwapuwa\Application Data\Skinux
[2010/04/28 12:10:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\chemwapuwa\Application Data\Temp
[2009/11/24 22:25:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\chemwapuwa\Application Data\WildTangent
[2010/05/16 13:31:17 | 000,000,432 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{6D05B59C-29A6-4B50-929C-E9CB78A9A916}.job

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: ACPIEC.SYS >
[2006/02/28 08:00:00 | 000,011,648 | ---- | M] (Microsoft Corporation) MD5=9859C0F6936E723E4892D7141B1327D5 -- C:\WINDOWS\ERDNT\cache\acpiec.sys
[2006/02/28 08:00:00 | 000,011,648 | ---- | M] (Microsoft Corporation) MD5=9859C0F6936E723E4892D7141B1327D5 -- C:\WINDOWS\system32\drivers\acpiec.sys

< MD5 for: IASTOR.SYS >
[2009/03/09 01:04:07 | 000,495,896 | ---- | M] (Intel Corporation) MD5=C212BE4F068A02E54EB0CF6F5B23569B -- C:\WINDOWS\NLDRV\001\iastor.sys
[2009/03/09 01:04:25 | 000,250,368 | ---- | M] (Intel Corporation) MD5=E9F704CA833BD24BFAA3B4A59707633A -- C:\WINDOWS\NLDRV\002\iastor.sys
[2009/03/09 01:04:25 | 000,250,368 | ---- | M] (Intel Corporation) MD5=E9F704CA833BD24BFAA3B4A59707633A -- C:\WINDOWS\system32\drivers\iaStor.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >
  • 0

Advertisements

#17
RKinner
Posted 16 May 2010 - 05:26 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Sent you the files as a zipped attachment via a PM. First time I've used that feature. Did it wrong for sure the first time so you will get two of them. These are off my XP SP3 so should work. If the files don't come through OK then email me.

Look for a third PM. I sent the wrong zip file.

Put both renamed file in c:\

Then we will let OTL move them for us.


Copy the text between the lines of stars by highlighting and Ctrl + c
***************************************************************************************************

:Files
C:\windows\system32\drivers\iastor.sys|c:\iastor.sys /replace
C:\windows\system32\drivers\acpiec.sys|c:\acpiec.sys /replace

:commands
[Reboot]

*******************************************************************

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done.

Run TDSSKiller and post its log. Let's see if we had any luck.

Ron
  • 0

#18
Chemwapuwa
Posted 16 May 2010 - 06:32 PM

Chemwapuwa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
20:27:54:859 4008 TDSS rootkit removing tool 2.2.8.1 Mar 22 2010 10:43:04
20:27:54:859 4008 ================================================================================
20:27:54:859 4008 SystemInfo:

20:27:54:859 4008 OS Version: 5.1.2600 ServicePack: 3.0
20:27:54:859 4008 Product type: Workstation
20:27:54:859 4008 ComputerName: CHEMWAPU-3E99BA
20:27:54:859 4008 UserName: chemwapuwa
20:27:54:859 4008 Windows directory: C:\WINDOWS
20:27:54:859 4008 Processor architecture: Intel x86
20:27:54:859 4008 Number of processors: 2
20:27:54:859 4008 Page size: 0x1000
20:27:54:859 4008 Boot type: Normal boot
20:27:54:859 4008 ================================================================================
20:27:54:859 4008 UnloadDriverW: NtUnloadDriver error 2
20:27:54:859 4008 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
20:27:54:890 4008 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
20:27:54:890 4008 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
20:27:54:890 4008 wfopen_ex: Trying to KLMD file open
20:27:54:890 4008 wfopen_ex: File opened ok (Flags 2)
20:27:54:890 4008 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
20:27:54:890 4008 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
20:27:54:890 4008 wfopen_ex: Trying to KLMD file open
20:27:54:890 4008 wfopen_ex: File opened ok (Flags 2)
20:27:54:890 4008 Initialize success
20:27:54:890 4008
20:27:54:890 4008 Scanning Services ...
20:27:54:984 4008 Raw services enum returned 339 services
20:27:54:984 4008
20:27:54:984 4008 Scanning Kernel memory ...
20:27:54:984 4008 Devices to scan: 2
20:27:54:984 4008
20:27:54:984 4008 Driver Name: Disk
20:27:54:984 4008 IRP_MJ_CREATE : BA10EBB0
20:27:54:984 4008 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
20:27:54:984 4008 IRP_MJ_CLOSE : BA10EBB0
20:27:54:984 4008 IRP_MJ_READ : BA108D1F
20:27:54:984 4008 IRP_MJ_WRITE : BA108D1F
20:27:54:984 4008 IRP_MJ_QUERY_INFORMATION : 804F4562
20:27:54:984 4008 IRP_MJ_SET_INFORMATION : 804F4562
20:27:54:984 4008 IRP_MJ_QUERY_EA : 804F4562
20:27:54:984 4008 IRP_MJ_SET_EA : 804F4562
20:27:54:984 4008 IRP_MJ_FLUSH_BUFFERS : BA1092E2
20:27:54:984 4008 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
20:27:54:984 4008 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
20:27:54:984 4008 IRP_MJ_DIRECTORY_CONTROL : 804F4562
20:27:54:984 4008 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
20:27:54:984 4008 IRP_MJ_DEVICE_CONTROL : BA1093BB
20:27:54:984 4008 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA10CF28
20:27:54:984 4008 IRP_MJ_SHUTDOWN : BA1092E2
20:27:54:984 4008 IRP_MJ_LOCK_CONTROL : 804F4562
20:27:54:984 4008 IRP_MJ_CLEANUP : 804F4562
20:27:54:984 4008 IRP_MJ_CREATE_MAILSLOT : 804F4562
20:27:54:984 4008 IRP_MJ_QUERY_SECURITY : 804F4562
20:27:54:984 4008 IRP_MJ_SET_SECURITY : 804F4562
20:27:54:984 4008 IRP_MJ_POWER : BA10AC82
20:27:54:984 4008 IRP_MJ_SYSTEM_CONTROL : BA10F99E
20:27:54:984 4008 IRP_MJ_DEVICE_CHANGE : 804F4562
20:27:54:984 4008 IRP_MJ_QUERY_QUOTA : 804F4562
20:27:54:984 4008 IRP_MJ_SET_QUOTA : 804F4562
20:27:55:031 4008 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
20:27:55:031 4008
20:27:55:031 4008 Driver Name: iaStor
20:27:55:031 4008 IRP_MJ_CREATE : 89CF2EE4
20:27:55:031 4008 IRP_MJ_CREATE_NAMED_PIPE : 89CF2EE4
20:27:55:031 4008 IRP_MJ_CLOSE : 89CF2EE4
20:27:55:031 4008 IRP_MJ_READ : 89CF2EE4
20:27:55:031 4008 IRP_MJ_WRITE : 89CF2EE4
20:27:55:031 4008 IRP_MJ_QUERY_INFORMATION : 89CF2EE4
20:27:55:031 4008 IRP_MJ_SET_INFORMATION : 89CF2EE4
20:27:55:031 4008 IRP_MJ_QUERY_EA : 89CF2EE4
20:27:55:031 4008 IRP_MJ_SET_EA : 89CF2EE4
20:27:55:031 4008 IRP_MJ_FLUSH_BUFFERS : 89CF2EE4
20:27:55:031 4008 IRP_MJ_QUERY_VOLUME_INFORMATION : 89CF2EE4
20:27:55:031 4008 IRP_MJ_SET_VOLUME_INFORMATION : 89CF2EE4
20:27:55:031 4008 IRP_MJ_DIRECTORY_CONTROL : 89CF2EE4
20:27:55:031 4008 IRP_MJ_FILE_SYSTEM_CONTROL : 89CF2EE4
20:27:55:031 4008 IRP_MJ_DEVICE_CONTROL : 89CF2EE4
20:27:55:031 4008 IRP_MJ_INTERNAL_DEVICE_CONTROL : 89CF2EE4
20:27:55:031 4008 IRP_MJ_SHUTDOWN : 89CF2EE4
20:27:55:031 4008 IRP_MJ_LOCK_CONTROL : 89CF2EE4
20:27:55:031 4008 IRP_MJ_CLEANUP : 89CF2EE4
20:27:55:031 4008 IRP_MJ_CREATE_MAILSLOT : 89CF2EE4
20:27:55:031 4008 IRP_MJ_QUERY_SECURITY : 89CF2EE4
20:27:55:031 4008 IRP_MJ_SET_SECURITY : 89CF2EE4
20:27:55:031 4008 IRP_MJ_POWER : 89CF2EE4
20:27:55:031 4008 IRP_MJ_SYSTEM_CONTROL : 89CF2EE4
20:27:55:031 4008 IRP_MJ_DEVICE_CHANGE : 89CF2EE4
20:27:55:031 4008 IRP_MJ_QUERY_QUOTA : 89CF2EE4
20:27:55:031 4008 IRP_MJ_SET_QUOTA : 89CF2EE4
20:27:55:031 4008 Driver "iaStor" infected by TDSS rootkit!
20:27:55:062 4008 C:\WINDOWS\system32\drivers\iaStor.sys - Verdict: 1
20:27:55:062 4008 File "C:\WINDOWS\system32\drivers\iaStor.sys" infected by TDSS rootkit ... 20:27:55:062 4008 Processing driver file: C:\WINDOWS\system32\drivers\iaStor.sys
20:27:55:062 4008 ProcessDirEnumEx: FindFirstFile(C:\WINDOWS\system32\DriverStore\FileRepository\*) error 3
20:27:55:203 4008 ProcessDirEnumEx: FindFirstFile(C:\WINDOWS\OemDir\*) error 3
20:27:56:171 4008 !fdfb7
20:27:56:203 4008 vfvi6
20:27:56:781 4008 dsvbh1
20:27:56:781 4008 Backup copy2 found, using it..
20:27:56:812 4008 will be cured on next reboot
20:27:56:812 4008 Reboot required for cure complete..
20:27:56:843 4008 Cure on reboot scheduled successfully
20:27:56:843 4008
20:27:56:843 4008 Completed
20:27:56:843 4008
20:27:56:843 4008 Results:
20:27:56:843 4008 Memory objects infected / cured / cured on reboot: 1 / 0 / 0
20:27:56:843 4008 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
20:27:56:843 4008 File objects infected / cured / cured on reboot: 1 / 0 / 1
20:27:56:843 4008
20:27:56:859 4008 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
20:27:56:859 4008 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
20:27:56:859 4008 UnloadDriverW: NtUnloadDriver error 1
20:27:56:859 4008 KLMD(ARK) unloaded successfully
  • 0

#19
RKinner
Posted 16 May 2010 - 06:37 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
If you ran the OTL script then it didn't help or didn't work. Can I see a new OTL Quick Scan?

If you have the log from the OTL you ran before doing the last TDSSKiller that would be useful.

Ron
  • 0

#20
Chemwapuwa
Posted 16 May 2010 - 06:48 PM

Chemwapuwa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
the txt files didnt pop up after i did the run fix in otl where wld the program have put them
  • 0

#21
RKinner
Posted 16 May 2010 - 07:02 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Supposed to be in the same place as the OTL program.

Try it again. Make sure you press the RUN FIX button after pasting in the


:Files
C:\windows\system32\drivers\iastor.sys|c:\iastor.sys /replace
C:\windows\system32\drivers\acpiec.sys|c:\acpiec.sys /replace

:commands
[Reboot]

Ron
  • 0

#22
Chemwapuwa
Posted 16 May 2010 - 07:16 PM

Chemwapuwa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
OTL logfile created on: 5/16/2010 9:08:38 PM - Run 6
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\chemwapuwa\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 80.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 267.84 Gb Free Space | 89.85% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHEMWAPU-3E99BA
Current User Name: chemwapuwa
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/05/15 22:48:17 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\chemwapuwa\Desktop\OTL.exe
PRC - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/02/18 13:23:54 | 000,265,728 | ---- | M] (Livescribe) -- C:\Program Files\Common Files\Livescribe\PenComm\PenCommService.exe
PRC - [2010/02/11 15:36:12 | 000,300,400 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
PRC - [2009/09/28 10:42:50 | 000,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/01 16:00:50 | 000,794,624 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2007/11/01 15:40:04 | 001,183,744 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2007/11/01 15:35:40 | 000,483,328 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2007/09/28 13:24:36 | 000,156,976 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Maxtor\Sync\SyncServices.exe
PRC - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe


========== Modules (SafeList) ==========

MOD - [2010/05/15 22:48:17 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\chemwapuwa\Desktop\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)
SRV - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/02/18 13:23:54 | 000,265,728 | ---- | M] (Livescribe) [Auto | Running] -- C:\Program Files\Common Files\Livescribe\PenComm\PenCommService.exe -- (PenCommService)
SRV - [2010/02/11 15:36:12 | 000,300,400 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe -- (Kodak AiO Network Discovery Service)
SRV - [2009/11/13 16:13:04 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/09/28 10:42:50 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2007/11/01 16:00:50 | 000,794,624 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2007/11/01 15:40:04 | 001,183,744 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2007/11/01 15:35:40 | 000,483,328 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2007/09/28 13:24:36 | 000,156,976 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Maxtor\Sync\SyncServices.exe -- (Maxtor Sync Service)
SRV - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2005/03/14 13:05:02 | 000,069,632 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2010/05/16 20:18:10 | 000,312,344 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2009/11/17 14:46:28 | 000,020,096 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PulseUsb.sys -- (PulseUsb)
DRV - [2009/07/13 16:51:12 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2008/04/13 12:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/15 15:12:06 | 005,854,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007/12/06 11:51:00 | 000,285,952 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2007/10/31 12:23:20 | 002,236,544 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel®
DRV - [2007/08/27 13:10:36 | 000,012,288 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007/05/03 14:37:08 | 000,022,152 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxopswd.sys -- (MXOPSWD)
DRV - [2006/09/27 20:26:00 | 000,893,952 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2006/08/22 14:39:14 | 001,177,864 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.netflix.com/WiHome
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/16 21:04:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/16 21:04:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/04/29 18:56:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKLM\software\mozilla\SeaMonkey 2.0.4\extensions\\Components: C:\Program Files\SeaMonkey\components [2010/04/29 19:00:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\SeaMonkey 2.0.4\extensions\\Plugins: C:\Program Files\SeaMonkey\plugins [2010/04/29 18:59:05 | 000,000,000 | ---D | M]

[2010/05/16 21:04:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\chemwapuwa\Application Data\Mozilla\Extensions
[2010/04/29 19:00:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\chemwapuwa\Application Data\Mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}
[2010/05/16 21:04:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\chemwapuwa\Application Data\Mozilla\Firefox\Profiles\88716p9b.default\extensions
[2010/05/16 21:04:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\chemwapuwa\Application Data\Mozilla\Firefox\Profiles\88716p9b.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/16 21:04:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\chemwapuwa\Application Data\Mozilla\Firefox\Profiles\88716p9b.default\extensions\staged-xpis
[2010/04/29 19:00:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\chemwapuwa\Application Data\Mozilla\SeaMonkey\Profiles\fb2a3ruj.default\extensions
[2010/05/16 21:04:27 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2006/02/28 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} http://intel-drv-cdn...reqlab_srlx.cab (System Requirements Lab Class)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.5.0.cab (DLM Control)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1253146200484 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1255835661312 (MUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} http://support.gatew...rvest/gwCID.CAB (compid Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} http://mobileapps.bl...re/AxLoader.cab (RIM AxLoader)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Web-Based Email Tools http://email01.secur...et/Download.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.175.128.46 65.175.128.47
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\chemwapuwa\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\chemwapuwa\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/19 20:08:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/05/16 21:04:26 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/05/16 20:18:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\chemwapuwa\Desktop\junk_2_
[2010/05/16 17:54:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\chemwapuwa\Desktop\gmer
[2010/05/16 17:43:46 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/05/16 13:49:38 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/05/16 04:33:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\chemwapuwa\Local Settings\Application Data\Yahoo!
[2010/05/16 04:24:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\chemwapuwa\Desktop\RootRepeal
[2010/05/16 02:55:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8
[2010/05/16 00:01:48 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/05/15 22:58:47 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/15 22:58:46 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/15 22:58:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/15 22:51:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\chemwapuwa\Desktop\tdsskiller
[2010/05/15 22:48:13 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\chemwapuwa\Desktop\OTL.exe
[2010/05/15 19:47:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
[2010/05/15 02:00:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/05/15 02:00:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/05/11 15:34:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/05/11 14:54:38 | 002,131,808 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\chemwapuwa\Desktop\avg_free_stb_all_9_114_cnet.exe
[2010/05/10 23:08:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2010/05/10 21:27:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\chemwapuwa\Local Settings\Application Data\Threat Expert
[2010/05/10 21:18:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/05/10 20:37:32 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/05/10 20:32:45 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/05/10 20:32:45 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/05/10 20:32:45 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/05/10 20:32:45 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/05/10 20:32:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/05/10 20:32:06 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/05/10 20:19:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\chemwapuwa\Application Data\Malwarebytes
[2010/05/10 20:19:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/05/10 19:57:41 | 006,153,384 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\chemwapuwa\Desktop\mbam-setup.exe
[2010/05/09 16:08:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/05/09 16:08:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/05/05 20:19:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\chemwapuwa\My Documents\Downloads
[2010/04/29 19:00:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\chemwapuwa\Local Settings\Application Data\Mozilla
[2010/04/29 19:00:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\chemwapuwa\Application Data\Mozilla
[2010/04/29 18:59:04 | 000,000,000 | ---D | C] -- C:\Program Files\SeaMonkey
[2010/04/29 18:56:47 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2010/04/29 17:57:54 | 000,000,000 | ---D | C] -- C:\i3dthemes
[2010/04/29 17:48:44 | 000,000,000 | ---D | C] -- C:\Program Files\Starfield
[2010/04/29 17:27:15 | 000,000,000 | ---D | C] -- C:\Program Files\LTMOD
[2010/04/29 17:25:35 | 000,000,000 | ---D | C] -- C:\FrontPage Tools
[2010/04/29 17:25:20 | 000,720,896 | ---- | C] (Indigo Rose Corporation) -- C:\WINDOWS\iun6002.exe
[2010/04/29 17:25:17 | 000,000,000 | ---D | C] -- C:\Program Files\NetPlugin Tags
[2010/04/29 17:24:32 | 000,313,856 | ---- | C] (Softuarium) -- C:\WINDOWS\System32\xwebpic.ocx
[2010/04/29 17:24:32 | 000,073,728 | ---- | C] (DPA Software) -- C:\WINDOWS\System32\DPARTL.dll
[2010/04/29 17:24:32 | 000,049,152 | ---- | C] (DPA Software) -- C:\WINDOWS\System32\DPAMenu.dll
[2010/04/29 17:24:32 | 000,000,000 | ---D | C] -- C:\Program Files\DPA Software
[2010/04/29 17:05:57 | 000,000,000 | ---D | C] -- C:\FPTemplates
[2010/04/29 17:04:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\chemwapuwa\Desktop\websuits
[2010/04/29 16:58:47 | 000,000,000 | --SD | C] -- C:\Documents and Settings\chemwapuwa\My Documents\My Webs
[2010/04/26 14:21:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\chemwapuwa\Desktop\comp
[2010/04/24 18:47:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ZoomBrowser
[2010/04/24 18:46:18 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
[2010/04/23 11:05:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\chemwapuwa\Desktop\shendee
[2010/04/21 23:49:24 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/04/21 23:49:20 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/04/21 23:49:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/04/21 23:47:14 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/04/21 23:45:21 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/04/18 20:59:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\chemwapuwa\Local Settings\Application Data\HuluDesktop
[2010/04/18 20:59:42 | 000,888,928 | ---- | C] (Hulu) -- C:\Documents and Settings\chemwapuwa\Desktop\HuluDesktopSetup.exe
[2010/04/17 11:08:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\kodak
[2010/04/17 11:06:20 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2010/04/17 10:17:20 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2010/03/28 21:54:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\chemwapuwa\Application Data\Google
[2010/03/28 21:32:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\chemwapuwa\Local Settings\Application Data\Temp
[2010/03/28 21:32:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/03/28 21:28:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\chemwapuwa\Application Data\skypePM
[2010/03/28 21:27:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/03/28 21:27:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\chemwapuwa\Local Settings\Application Data\Google
[2010/03/28 21:27:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\chemwapuwa\Application Data\Skype
[2010/03/28 21:27:14 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010/03/28 21:26:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/03/28 21:26:50 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010/03/28 21:26:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2010/03/28 21:22:04 | 000,000,000 | ---D | C] -- C:\Program Files\Code Laboratories
[2010/03/25 21:23:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\chemwapuwa\Application Data\Alawar
[2010/03/25 21:21:55 | 000,000,000 | ---D | C] -- C:\Program Files\WildGames
[2010/03/25 21:15:33 | 034,512,784 | ---- | C] (WildTangent) -- C:\Documents and Settings\chemwapuwa\My Documents\hyperballoidthenextchallenge-setup.exe
[2010/03/25 18:24:00 | 000,000,000 | ---D | C] -- C:\Program Files\Livescribe
[2010/03/22 13:34:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\chemwapuwa\Local Settings\Application Data\Help
[2010/03/22 13:34:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\chemwapuwa\Application Data\Help
[2010/03/22 13:28:51 | 000,317,952 | ---- | C] (Blue Sky Software Corporation.) -- C:\WINDOWS\Roboex32.dll
[2010/03/22 13:26:42 | 000,000,000 | ---D | C] -- C:\Program Files\ALK Technologies
[2010/03/22 10:43:42 | 000,178,000 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\chemwapuwa\Desktop\TDSSKiller.exe
[2010/03/16 19:08:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Streets & Trips
[2010/03/16 19:08:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Location Finder
[2010/03/16 17:06:34 | 014,506,016 | ---- | C] (WildTangent) -- C:\Documents and Settings\chemwapuwa\My Documents\strikeball2-setup.exe
[2010/02/27 13:08:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\chemwapuwa\Application Data\Canon
[2010/02/27 13:07:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\chemwapuwa\Local Settings\Application Data\CANON_INC
[2010/02/21 15:22:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Canon
[2010/02/20 00:45:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/05/16 21:07:45 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/16 21:07:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/16 21:06:53 | 004,194,304 | ---- | M] () -- C:\Documents and Settings\chemwapuwa\ntuser.dat
[2010/05/16 21:06:53 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\chemwapuwa\ntuser.ini
[2010/05/16 21:04:28 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/05/16 20:17:13 | 000,181,054 | ---- | M] () -- C:\Documents and Settings\chemwapuwa\Desktop\junk_2_.zip
[2010/05/16 19:34:54 | 000,000,432 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{6D05B59C-29A6-4B50-929C-E9CB78A9A916}.job
[2010/05/16 17:54:32 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\chemwapuwa\Desktop\gmer.exe
[2010/05/16 17:40:54 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\chemwapuwa\Desktop\gmer.zip
[2010/05/16 13:58:55 | 000,000,638 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/16 13:58:55 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/05/16 13:58:55 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/16 13:55:12 | 000,027,957 | ---- | M] () -- C:\Documents and Settings\chemwapuwa\Desktop\AIG Stubs 122709 - 021310.zip
[2010/05/16 04:27:31 | 000,000,015 | ---- | M] () -- C:\Documents and Settings\chemwapuwa\Desktop\settings.dat
[2010/05/16 04:24:46 | 000,472,064 | ---- | M] ( ) -- C:\Documents and Settings\chemwapuwa\Desktop\RootRepeal.exe
[2010/05/16 04:11:33 | 000,021,949 | ---- | M] () -- C:\Documents and Settings\chemwapuwa\Desktop\bitdefender.html
[2010/05/15 22:58:50 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/15 22:56:25 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/15 22:51:50 | 000,178,000 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\chemwapuwa\Desktop\TDSSKiller.exe
[2010/05/15 22:48:17 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\chemwapuwa\Desktop\OTL.exe
[2010/05/15 22:47:44 | 006,153,384 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\chemwapuwa\Desktop\mbam-setup.exe
[2010/05/15 22:44:18 | 000,464,491 | ---- | M] () -- C:\Documents and Settings\chemwapuwa\Desktop\RootRepeal.zip
[2010/05/15 22:43:19 | 003,689,423 | R--- | M] () -- C:\Documents and Settings\chemwapuwa\Desktop\george.exe
[2010/05/15 22:29:27 | 000,154,469 | ---- | M] () -- C:\Documents and Settings\chemwapuwa\Desktop\tdsskiller.zip
[2010/05/15 02:12:38 | 000,000,173 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2010/05/11 14:54:50 | 002,131,808 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\chemwapuwa\Desktop\avg_free_stb_all_9_114_cnet.exe
[2010/05/09 16:12:57 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/05/08 16:13:10 | 000,264,478 | ---- | M] () -- C:\Documents and Settings\chemwapuwa\Desktop\bingo may2010.pdf
[2010/05/05 21:50:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/29 19:03:58 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/04/29 18:59:07 | 000,001,564 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SeaMonkey.lnk
[2010/04/29 18:56:49 | 000,001,668 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Thunderbird.lnk
[2010/04/29 17:25:08 | 000,720,896 | ---- | M] (Indigo Rose Corporation) -- C:\WINDOWS\iun6002.exe
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/28 13:27:00 | 000,000,440 | ---- | M] () -- C:\Documents and Settings\chemwapuwa\My Documents\001_02.jpg
[2010/04/28 13:27:00 | 000,000,350 | ---- | M] () -- C:\Documents and Settings\chemwapuwa\My Documents\bullet_03.jpg
[2010/04/27 16:29:08 | 000,205,824 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/04/24 18:47:18 | 000,000,923 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ZoomBrowser EX.lnk
[2010/04/24 18:47:01 | 000,000,762 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Picture Style Editor.lnk
[2010/04/24 18:46:37 | 000,000,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\EOS Utility.lnk
[2010/04/24 18:46:19 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Digital Photo Professional.lnk
[2010/04/23 19:57:12 | 000,346,112 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2010/04/23 12:59:20 | 000,057,312 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/04/21 23:49:45 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/04/21 23:47:23 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/04/18 20:59:54 | 000,002,014 | ---- | M] () -- C:\Documents and Settings\chemwapuwa\Desktop\Hulu Desktop.lnk
[2010/04/18 20:59:47 | 000,888,928 | ---- | M] (Hulu) -- C:\Documents and Settings\chemwapuwa\Desktop\HuluDesktopSetup.exe
[2010/04/17 11:11:53 | 000,275,760 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/17 11:10:00 | 000,000,775 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\KODAK AiO Home Center.lnk
[2010/04/17 11:03:53 | 000,072,480 | ---- | M] () -- C:\Documents and Settings\chemwapuwa\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/16 20:15:20 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/16 12:59:51 | 000,048,253 | ---- | M] () -- C:\Documents and Settings\chemwapuwa\Desktop\jobsearch0301-0312.pdf
[2010/04/12 15:07:55 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\chemwapuwa\My Documents\tax audit.doc
[2010/03/28 21:28:26 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/03/28 21:26:52 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/03/28 21:23:10 | 000,000,899 | ---- | M] () -- C:\Documents and Settings\chemwapuwa\Desktop\CL-Eye Test.lnk
[2010/03/28 21:23:08 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_WinUSB_01009.Wdf
[2010/03/28 21:23:01 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2010/03/28 21:22:06 | 000,074,752 | ---- | M] () -- C:\WINDOWS\System32\CLEyeDevices.dll
[2010/03/28 16:18:18 | 004,292,024 | -H-- | M] () -- C:\Documents and Settings\chemwapuwa\Local Settings\Application Data\IconCache.db
[2010/03/25 21:22:31 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play Strike Ball 2.lnk
[2010/03/25 21:18:52 | 034,512,784 | ---- | M] (WildTangent) -- C:\Documents and Settings\chemwapuwa\My Documents\hyperballoidthenextchallenge-setup.exe
[2010/03/25 21:04:27 | 014,506,016 | ---- | M] (WildTangent) -- C:\Documents and Settings\chemwapuwa\My Documents\strikeball2-setup.exe
[2010/03/25 18:24:03 | 000,000,927 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Livescribe Desktop.lnk
[2010/03/23 12:36:23 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\chemwapuwa\My Documents\trip locas.xls
[2010/03/22 13:28:54 | 000,001,775 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PCMILER 20 Guided Tour.lnk
[2010/03/22 13:28:54 | 000,001,768 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PCMILER 20 User's Guide.lnk
[2010/03/22 13:28:54 | 000,000,899 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PCMILER 20.lnk
[2010/03/22 13:00:32 | 000,510,584 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/22 13:00:32 | 000,435,828 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/22 13:00:32 | 000,068,558 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/20 10:11:21 | 001,886,106 | ---- | M] () -- C:\Documents and Settings\chemwapuwa\Desktop\bingo_calendar_march_2010.pdf
[2010/03/16 20:14:32 | 000,016,384 | ---- | M] () -- C:\Documents and Settings\chemwapuwa\Desktop\pt chrt.xls
[2010/03/16 19:08:20 | 000,030,720 | ---- | M] () -- C:\Documents and Settings\chemwapuwa\My Documents\2007 tax audit.xls
[2010/03/16 16:42:35 | 000,372,785 | ---- | M] () -- C:\Documents and Settings\chemwapuwa\Desktop\Hard_Mazes_Set_6.pdf
[2010/03/16 16:41:42 | 000,048,894 | ---- | M] () -- C:\Documents and Settings\chemwapuwa\Desktop\Easy_Mazes_Set_4.pdf
[2010/03/16 16:41:05 | 000,048,809 | ---- | M] () -- C:\Documents and Settings\chemwapuwa\Desktop\Easy_Mazes_Set_3.pdf
[2010/03/16 16:08:24 | 000,644,395 | ---- | M] () -- C:\Documents and Settings\chemwapuwa\Desktop\Difficult_Mazes_Set_1.pdf
[2010/03/16 11:37:00 | 001,217,552 | ---- | M] () -- C:\Documents and Settings\chemwapuwa\My Documents\p1542--2008.pdf
[2010/03/16 11:35:47 | 001,152,673 | ---- | M] () -- C:\Documents and Settings\chemwapuwa\My Documents\p1542--2007.pdf
[2010/03/15 20:07:57 | 010,232,486 | ---- | M] () -- C:\Documents and Settings\chemwapuwa\Desktop\round maze.bmp
[2010/03/15 19:23:14 | 000,004,859 | ---- | M] () -- C:\Documents and Settings\chemwapuwa\Desktop\maze50.png
[2010/03/15 19:21:40 | 000,039,888 | ---- | M] () -- C:\Documents and Settings\chemwapuwa\Desktop\maze1.jpg
[2010/03/15 14:16:07 | 000,058,222 | ---- | M] () -- C:\Documents and Settings\chemwapuwa\Desktop\Snapshot 2010-03-14 23-30-28.tiff
[2010/03/15 01:46:10 | 000,064,876 | ---- | M] () -- C:\Documents and Settings\chemwapuwa\Desktop\attachments_2010_03_15.zip
[2010/03/14 22:46:00 | 001,367,262 | ---- | M] () -- C:\Documents and Settings\chemwapuwa\Desktop\Snapshot 2010-03-14 23-30-28dx.tiff
[2010/03/10 11:51:02 | 000,039,424 | ---- | M] () -- C:\Documents and Settings\chemwapuwa\My Documents\Tina L.doc
[2010/03/05 18:06:29 | 000,081,511 | ---- | M] () -- C:\Documents and Settings\chemwapuwa\Desktop\AIG Stubs 122709 - 021310.pdf
[2010/03/04 11:51:46 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\chemwapuwa\My Documents\To whom it may concern.doc
[2010/03/02 11:56:41 | 000,109,058 | ---- | M] () -- C:\Documents and Settings\chemwapuwa\My Documents\TaxReturnfrank.pdf
[2010/02/28 20:47:09 | 000,078,336 | ---- | M] () -- C:\Documents and Settings\chemwapuwa\Desktop\hand and foot.doc
[2010/02/21 19:16:06 | 006,758,756 | ---- | M] () -- C:\Documents and Settings\chemwapuwa\My Documents\bessanlisa income info.tif
[2010/02/21 19:15:51 | 001,323,393 | ---- | M] () -- C:\Documents and Settings\chemwapuwa\My Documents\bessanlisa income info.pdf
[2010/02/20 02:38:40 | 003,274,140 | ---- | M] () -- C:\Documents and Settings\chemwapuwa\My Documents\sead ggoyrds.pdf
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/16 21:04:28 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/05/16 20:17:12 | 000,181,054 | ---- | C] () -- C:\Documents and Settings\chemwapuwa\Desktop\junk_2_.zip
[2010/05/16 17:40:52 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\chemwapuwa\Desktop\gmer.zip
[2010/05/16 04:25:13 | 000,000,015 | ---- | C] () -- C:\Documents and Settings\chemwapuwa\Desktop\settings.dat
[2010/05/16 04:20:24 | 000,021,949 | ---- | C] () -- C:\Documents and Settings\chemwapuwa\Desktop\bitdefender.html
[2010/05/15 22:58:50 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/15 22:44:16 | 000,464,491 | ---- | C] () -- C:\Documents and Settings\chemwapuwa\Desktop\RootRepeal.zip
[2010/05/15 22:43:08 | 003,689,423 | R--- | C] () -- C:\Documents and Settings\chemwapuwa\Desktop\george.exe
[2010/05/15 22:29:24 | 000,154,469 | ---- | C] () -- C:\Documents and Settings\chemwapuwa\Desktop\tdsskiller.zip
[2010/05/15 02:12:38 | 000,000,173 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/05/10 20:37:36 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/05/10 20:37:32 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/05/10 20:32:45 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/05/10 20:32:45 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/05/10 20:32:45 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/05/10 20:32:45 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/05/10 20:32:45 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/05/08 16:13:10 | 000,264,478 | ---- | C] () -- C:\Documents and Settings\chemwapuwa\Desktop\bingo may2010.pdf
[2010/05/05 18:17:26 | 004,194,304 | ---- | C] () -- C:\Documents and Settings\chemwapuwa\ntuser.dat
[2010/04/29 19:03:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/04/29 18:59:07 | 000,001,564 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SeaMonkey.lnk
[2010/04/29 18:56:49 | 000,001,668 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Thunderbird.lnk
[2010/04/28 13:28:33 | 000,000,350 | ---- | C] () -- C:\Documents and Settings\chemwapuwa\My Documents\bullet_03.jpg
[2010/04/28 13:28:27 | 000,000,440 | ---- | C] () -- C:\Documents and Settings\chemwapuwa\My Documents\001_02.jpg
[2010/04/24 18:47:18 | 000,000,923 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ZoomBrowser EX.lnk
[2010/04/24 18:47:01 | 000,000,762 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Picture Style Editor.lnk
[2010/04/24 18:46:37 | 000,000,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\EOS Utility.lnk
[2010/04/24 18:46:19 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Digital Photo Professional.lnk
[2010/04/23 12:59:20 | 000,057,312 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/04/21 23:49:45 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/04/21 23:47:23 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/04/18 20:59:54 | 000,002,014 | ---- | C] () -- C:\Documents and Settings\chemwapuwa\Desktop\Hulu Desktop.lnk
[2010/04/17 11:10:00 | 000,000,775 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\KODAK AiO Home Center.lnk
[2010/04/16 12:59:48 | 000,048,253 | ---- | C] () -- C:\Documents and Settings\chemwapuwa\Desktop\jobsearch0301-0312.pdf
[2010/04/08 15:59:40 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\chemwapuwa\My Documents\tax audit.doc
[2010/03/28 21:28:26 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/03/28 21:26:52 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/03/28 21:23:10 | 000,000,899 | ---- | C] () -- C:\Documents and Settings\chemwapuwa\Desktop\CL-Eye Test.lnk
[2010/03/28 21:23:08 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_WinUSB_01009.Wdf
[2010/03/28 21:23:01 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2010/03/28 21:22:04 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\CLEyeDevices.dll
[2010/03/25 21:22:31 | 000,001,791 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play Strike Ball 2.lnk
[2010/03/25 18:24:03 | 000,000,927 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Livescribe Desktop.lnk
[2010/03/23 12:36:23 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\chemwapuwa\My Documents\trip locas.xls
[2010/03/22 13:28:54 | 000,001,775 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PCMILER 20 Guided Tour.lnk
[2010/03/22 13:28:54 | 000,001,768 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PCMILER 20 User's Guide.lnk
[2010/03/22 13:28:54 | 000,000,899 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PCMILER 20.lnk
[2010/03/20 10:11:21 | 001,886,106 | ---- | C] () -- C:\Documents and Settings\chemwapuwa\Desktop\bingo_calendar_march_2010.pdf
[2010/03/16 19:32:05 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\chemwapuwa\Desktop\pt chrt.xls
[2010/03/16 16:42:32 | 000,372,785 | ---- | C] () -- C:\Documents and Settings\chemwapuwa\Desktop\Hard_Mazes_Set_6.pdf
[2010/03/16 16:41:41 | 000,048,894 | ---- | C] () -- C:\Documents and Settings\chemwapuwa\Desktop\Easy_Mazes_Set_4.pdf
[2010/03/16 16:41:05 | 000,048,809 | ---- | C] () -- C:\Documents and Settings\chemwapuwa\Desktop\Easy_Mazes_Set_3.pdf
[2010/03/16 16:08:19 | 000,644,395 | ---- | C] () -- C:\Documents and Settings\chemwapuwa\Desktop\Difficult_Mazes_Set_1.pdf
[2010/03/16 11:37:12 | 000,030,720 | ---- | C] () -- C:\Documents and Settings\chemwapuwa\My Documents\2007 tax audit.xls
[2010/03/16 11:37:00 | 001,217,552 | ---- | C] () -- C:\Documents and Settings\chemwapuwa\My Documents\p1542--2008.pdf
[2010/03/16 11:35:47 | 001,152,673 | ---- | C] () -- C:\Documents and Settings\chemwapuwa\My Documents\p1542--2007.pdf
[2010/03/15 20:07:57 | 010,232,486 | ---- | C] () -- C:\Documents and Settings\chemwapuwa\Desktop\round maze.bmp
[2010/03/15 19:23:54 | 000,004,859 | ---- | C] () -- C:\Documents and Settings\chemwapuwa\Desktop\maze50.png
[2010/03/15 19:22:25 | 000,039,888 | ---- | C] () -- C:\Documents and Settings\chemwapuwa\Desktop\maze1.jpg
[2010/03/15 01:46:31 | 001,367,262 | ---- | C] () -- C:\Documents and Settings\chemwapuwa\Desktop\Snapshot 2010-03-14 23-30-28dx.tiff
[2010/03/15 01:46:31 | 000,058,222 | ---- | C] () -- C:\Documents and Settings\chemwapuwa\Desktop\Snapshot 2010-03-14 23-30-28.tiff
[2010/03/15 01:46:10 | 000,064,876 | ---- | C] () -- C:\Documents and Settings\chemwapuwa\Desktop\attachments_2010_03_15.zip
[2010/03/10 11:51:01 | 000,039,424 | ---- | C] () -- C:\Documents and Settings\chemwapuwa\My Documents\Tina L.doc
[2010/03/05 18:07:35 | 000,027,957 | ---- | C] () -- C:\Documents and Settings\chemwapuwa\Desktop\AIG Stubs 122709 - 021310.zip
[2010/03/05 18:06:29 | 000,081,511 | ---- | C] () -- C:\Documents and Settings\chemwapuwa\Desktop\AIG Stubs 122709 - 021310.pdf
[2010/03/05 17:56:08 | 000,052,068 | ---- | C] () -- C:\Documents and Settings\chemwapuwa\Local Settings\Application Data\c4u.log
[2010/03/04 11:51:46 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\chemwapuwa\My Documents\To whom it may concern.doc
[2010/03/02 11:56:41 | 000,109,058 | ---- | C] () -- C:\Documents and Settings\chemwapuwa\My Documents\TaxReturnfrank.pdf
[2010/02/21 19:16:05 | 006,758,756 | ---- | C] () -- C:\Documents and Settings\chemwapuwa\My Documents\bessanlisa income info.tif
[2010/02/21 19:15:51 | 001,323,393 | ---- | C] () -- C:\Documents and Settings\chemwapuwa\My Documents\bessanlisa income info.pdf
[2010/02/20 02:38:40 | 003,274,140 | ---- | C] () -- C:\Documents and Settings\chemwapuwa\My Documents\sead ggoyrds.pdf
[2009/12/16 20:18:10 | 000,225,280 | ---- | C] () -- C:\WINDOWS\System32\net_rim_plazmic_flint_dialog.dll
[2009/11/24 23:51:41 | 000,343,040 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2009/11/24 23:51:41 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2009/11/16 20:56:28 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2009/10/19 19:58:53 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009/10/18 13:12:23 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2006/05/10 09:58:56 | 000,147,456 | ---- | C] () -- C:\WINDOWS\pcmgrfx.dll
[2006/05/09 10:36:24 | 000,151,552 | ---- | C] () -- C:\WINDOWS\pmwssrv.dll
[2006/05/09 10:36:24 | 000,151,552 | ---- | C] () -- C:\WINDOWS\pcmsrv32.dll
[2003/03/09 22:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2003/01/07 17:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/06 17:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2009/12/09 12:45:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Eastman Kodak Company
[2009/12/09 13:49:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kds_kodak
[2009/12/09 11:22:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Livescribe, Inc
[2009/11/16 18:15:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maxtor
[2009/10/15 19:27:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/05/10 22:04:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/11/24 22:27:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2010/04/21 23:49:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/11/23 22:18:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/03/25 21:23:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\chemwapuwa\Application Data\Alawar
[2010/02/27 13:08:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\chemwapuwa\Application Data\Canon
[2010/03/25 18:11:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\chemwapuwa\Application Data\Downloaded Installations
[2009/11/18 03:29:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\chemwapuwa\Application Data\Image Zone Express
[2009/12/16 20:18:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\chemwapuwa\Application Data\Research In Motion
[2009/11/15 15:56:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\chemwapuwa\Application Data\Skinux
[2010/04/28 12:10:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\chemwapuwa\Application Data\Temp
[2009/11/24 22:25:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\chemwapuwa\Application Data\WildTangent
[2010/05/16 19:34:54 | 000,000,432 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{6D05B59C-29A6-4B50-929C-E9CB78A9A916}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >
  • 0

#23
RKinner
Posted 16 May 2010 - 07:27 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
This looks like a simple quick scan. Copy this:


:Files
C:\windows\system32\drivers\iastor.sys|c:\iastor.sys /replace
C:\windows\system32\drivers\acpiec.sys|c:\acpiec.sys /replace

:commands
[Reboot]

Run OTL, paste the above into the custom scan box and then hit the RUN FIX button.

It should give you a log file.

Ron
  • 0

#24
Chemwapuwa
Posted 16 May 2010 - 07:43 PM

Chemwapuwa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
ok i did the run fix and still it wont give me a log file, i did a search for and otl file and all i found was in a folder in c drive

File C:\windows\system32\drivers\iastor.sys successfully replaced with c:\iastor.sys
File C:\windows\system32\drivers\acpiec.sys successfully replaced with c:\acpiec.sys
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.4.1 log created on 05162010_213121
  • 0

#25
RKinner
Posted 16 May 2010 - 07:50 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Now run TDSSKiller and let's see what it says.
  • 0

Advertisements

#26
Chemwapuwa
Posted 16 May 2010 - 08:00 PM

Chemwapuwa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
21:57:26:609 0164 TDSS rootkit removing tool 2.2.8.1 Mar 22 2010 10:43:04
21:57:26:609 0164 ================================================================================
21:57:26:609 0164 SystemInfo:

21:57:26:609 0164 OS Version: 5.1.2600 ServicePack: 3.0
21:57:26:609 0164 Product type: Workstation
21:57:26:609 0164 ComputerName: CHEMWAPU-3E99BA
21:57:26:609 0164 UserName: chemwapuwa
21:57:26:609 0164 Windows directory: C:\WINDOWS
21:57:26:609 0164 Processor architecture: Intel x86
21:57:26:609 0164 Number of processors: 2
21:57:26:609 0164 Page size: 0x1000
21:57:26:625 0164 Boot type: Normal boot
21:57:26:625 0164 ================================================================================
21:57:26:625 0164 UnloadDriverW: NtUnloadDriver error 2
21:57:26:625 0164 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
21:57:26:640 0164 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
21:57:26:640 0164 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
21:57:26:640 0164 wfopen_ex: Trying to KLMD file open
21:57:26:640 0164 wfopen_ex: File opened ok (Flags 2)
21:57:26:640 0164 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
21:57:26:640 0164 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
21:57:26:640 0164 wfopen_ex: Trying to KLMD file open
21:57:26:640 0164 wfopen_ex: File opened ok (Flags 2)
21:57:26:640 0164 Initialize success
21:57:26:640 0164
21:57:26:640 0164 Scanning Services ...
21:57:27:859 0164 Raw services enum returned 339 services
21:57:27:875 0164
21:57:27:875 0164 Scanning Kernel memory ...
21:57:27:875 0164 Devices to scan: 2
21:57:27:875 0164
21:57:27:875 0164 Driver Name: Disk
21:57:27:875 0164 IRP_MJ_CREATE : BA10EBB0
21:57:27:875 0164 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
21:57:27:875 0164 IRP_MJ_CLOSE : BA10EBB0
21:57:27:875 0164 IRP_MJ_READ : BA108D1F
21:57:27:875 0164 IRP_MJ_WRITE : BA108D1F
21:57:27:875 0164 IRP_MJ_QUERY_INFORMATION : 804F4562
21:57:27:875 0164 IRP_MJ_SET_INFORMATION : 804F4562
21:57:27:875 0164 IRP_MJ_QUERY_EA : 804F4562
21:57:27:875 0164 IRP_MJ_SET_EA : 804F4562
21:57:27:875 0164 IRP_MJ_FLUSH_BUFFERS : BA1092E2
21:57:27:875 0164 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
21:57:27:875 0164 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
21:57:27:875 0164 IRP_MJ_DIRECTORY_CONTROL : 804F4562
21:57:27:875 0164 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
21:57:27:875 0164 IRP_MJ_DEVICE_CONTROL : BA1093BB
21:57:27:875 0164 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA10CF28
21:57:27:875 0164 IRP_MJ_SHUTDOWN : BA1092E2
21:57:27:875 0164 IRP_MJ_LOCK_CONTROL : 804F4562
21:57:27:875 0164 IRP_MJ_CLEANUP : 804F4562
21:57:27:875 0164 IRP_MJ_CREATE_MAILSLOT : 804F4562
21:57:27:875 0164 IRP_MJ_QUERY_SECURITY : 804F4562
21:57:27:875 0164 IRP_MJ_SET_SECURITY : 804F4562
21:57:27:875 0164 IRP_MJ_POWER : BA10AC82
21:57:27:875 0164 IRP_MJ_SYSTEM_CONTROL : BA10F99E
21:57:27:875 0164 IRP_MJ_DEVICE_CHANGE : 804F4562
21:57:27:875 0164 IRP_MJ_QUERY_QUOTA : 804F4562
21:57:27:875 0164 IRP_MJ_SET_QUOTA : 804F4562
21:57:27:921 0164 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
21:57:27:921 0164
21:57:27:921 0164 Driver Name: iaStor
21:57:27:921 0164 IRP_MJ_CREATE : 89CE7EE4
21:57:27:921 0164 IRP_MJ_CREATE_NAMED_PIPE : 89CE7EE4
21:57:27:921 0164 IRP_MJ_CLOSE : 89CE7EE4
21:57:27:921 0164 IRP_MJ_READ : 89CE7EE4
21:57:27:921 0164 IRP_MJ_WRITE : 89CE7EE4
21:57:27:921 0164 IRP_MJ_QUERY_INFORMATION : 89CE7EE4
21:57:27:921 0164 IRP_MJ_SET_INFORMATION : 89CE7EE4
21:57:27:921 0164 IRP_MJ_QUERY_EA : 89CE7EE4
21:57:27:921 0164 IRP_MJ_SET_EA : 89CE7EE4
21:57:27:921 0164 IRP_MJ_FLUSH_BUFFERS : 89CE7EE4
21:57:27:921 0164 IRP_MJ_QUERY_VOLUME_INFORMATION : 89CE7EE4
21:57:27:921 0164 IRP_MJ_SET_VOLUME_INFORMATION : 89CE7EE4
21:57:27:921 0164 IRP_MJ_DIRECTORY_CONTROL : 89CE7EE4
21:57:27:921 0164 IRP_MJ_FILE_SYSTEM_CONTROL : 89CE7EE4
21:57:27:921 0164 IRP_MJ_DEVICE_CONTROL : 89CE7EE4
21:57:27:921 0164 IRP_MJ_INTERNAL_DEVICE_CONTROL : 89CE7EE4
21:57:27:921 0164 IRP_MJ_SHUTDOWN : 89CE7EE4
21:57:27:921 0164 IRP_MJ_LOCK_CONTROL : 89CE7EE4
21:57:27:921 0164 IRP_MJ_CLEANUP : 89CE7EE4
21:57:27:921 0164 IRP_MJ_CREATE_MAILSLOT : 89CE7EE4
21:57:27:921 0164 IRP_MJ_QUERY_SECURITY : 89CE7EE4
21:57:27:921 0164 IRP_MJ_SET_SECURITY : 89CE7EE4
21:57:27:921 0164 IRP_MJ_POWER : 89CE7EE4
21:57:27:921 0164 IRP_MJ_SYSTEM_CONTROL : 89CE7EE4
21:57:27:921 0164 IRP_MJ_DEVICE_CHANGE : 89CE7EE4
21:57:27:921 0164 IRP_MJ_QUERY_QUOTA : 89CE7EE4
21:57:27:921 0164 IRP_MJ_SET_QUOTA : 89CE7EE4
21:57:27:921 0164 Driver "iaStor" infected by TDSS rootkit!
21:57:27:953 0164 C:\WINDOWS\system32\drivers\iaStor.sys - Verdict: 1
21:57:27:953 0164 File "C:\WINDOWS\system32\drivers\iaStor.sys" infected by TDSS rootkit ... 21:57:27:953 0164 Processing driver file: C:\WINDOWS\system32\drivers\iaStor.sys
21:57:27:953 0164 ProcessDirEnumEx: FindFirstFile(C:\WINDOWS\system32\DriverStore\FileRepository\*) error 3
21:57:28:093 0164 ProcessDirEnumEx: FindFirstFile(C:\WINDOWS\OemDir\*) error 3
21:57:29:078 0164 !fdfb7
21:57:29:109 0164 vfvi6
21:57:29:437 0164 dsvbh1
21:57:29:437 0164 Backup copy2 found, using it..
21:57:29:453 0164 will be cured on next reboot
21:57:29:453 0164 Reboot required for cure complete..
21:57:29:484 0164 Cure on reboot scheduled successfully
21:57:29:484 0164
21:57:29:484 0164 Completed
21:57:29:484 0164
21:57:29:484 0164 Results:
21:57:29:484 0164 Memory objects infected / cured / cured on reboot: 1 / 0 / 0
21:57:29:484 0164 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
21:57:29:484 0164 File objects infected / cured / cured on reboot: 1 / 0 / 1
21:57:29:484 0164
21:57:29:484 0164 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
21:57:29:484 0164 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
21:57:29:484 0164 UnloadDriverW: NtUnloadDriver error 1
21:57:29:531 0164 KLMD(ARK) unloaded successfully
  • 0

#27
Chemwapuwa
Posted 16 May 2010 - 08:04 PM

Chemwapuwa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
i am begining think a that a clean sweep is my best bet what do you think.

Edited by Chemwapuwa, 16 May 2010 - 08:10 PM.

  • 0

#28
RKinner
Posted 16 May 2010 - 08:37 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
There is one thing we haven't tried.

Need for you to download:

http://www2.gmer.net/mbr/mbr.exe

and save it to your desktop.

Now copy the text between the lines of stars by highlighting and Ctrl + c

****************************************

"%userprofile%\Desktop\MBR.EXE" -f

***********************************************

Start, Run, cmd, OK or Start, All Programs, Accessories, Command Prompt to open a Command Window.

Right click and select Paste. Then hit Enter. When it finishes close the Command Window.

On your desktop should be a file mbr.txt or mbr.log (I forget which). Please open it by double clicking or right click and Open with Notepad and copy the text and paste it into a reply.

If that doesn't work then I'll ask in the internal forum for help from one of the gurus.

Ron
  • 0

#29
Chemwapuwa
Posted 16 May 2010 - 09:49 PM

Chemwapuwa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
am i suppose to run the mbr.exe i have pasted the txt into the cmd prompt but no log file showed up on my desttop
  • 0

#30
RKinner
Posted 16 May 2010 - 09:54 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
go ahead and run it. See if it gives you a log this time.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP