I recently became infected with a tdl4 rootkit.
I managed to get rid of it using tdsskiller.
After doing this and restarting, running again confirmed it was gone. However, in my device manager, prior to removing the rootkit showed a disk drive 'Config Disk 0 ATA Device' which I believe is part of it.
Even after using the tdsskiller tool and restarting, the disk drive appears again.
I have included logs from hijackthis and GMER
Any help would be greatly appreciated.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 01:36:28, on 16/01/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Kenny\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 6749 bytes
DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by Kenny at 1:41:35.24 on 16/01/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.4095.2906 [GMT 0:00]
AV: Microsoft Security Essentials *Enabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: Microsoft Security Essentials *Enabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Saitek\CyborgKeyboard\SaiVolume.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\mmc.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Kenny\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
mRun-x64: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
mRun-x64: [SaiVolume] C:\Program Files\Saitek\CyborgKeyboard\SaiVolume.exe
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
STS-X64: ObjectDockShlExt Class: {1984D045-52CF-49cd-DB77-08F378FEA4DB} - C:\Program Files (x86)\Stardock\ObjectDockPlus2\ODMenu64.dll
================= FIREFOX ===================
FF - ProfilePath - C:\Users\Kenny\AppData\Roaming\Mozilla\Firefox\Profiles\en5c9ex7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.searchlotto.co.uk/index.php
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Kenny\AppData\Roaming\Mozilla\Firefox\Profiles\en5c9ex7.default\ex tensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: StumbleUpon: {AE93811A-5C9A-4d34-8462-F7B864FC4696} - %profile%\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
FF - Ext: Linkification: {35106bca-6c78-48c7-ac28-56df30b51d2a} - %profile%\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF - Ext: Classic Remix for Windows 7: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Chromifox Basic: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Adblock Plus Pop-up Addon: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: SkipScreen: SkipScreen@SkipScreen - %profile%\extensions\SkipScreen@SkipScreen
FF - Ext: ColorfulTabs: {0545b830-f0aa-4d7e-8820-50a4629a56fe} - %profile%\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
FF - Ext: SmoothWheel (mozdev.org): {5F590AA2-1221-4113-A6F4-A4BB62414FAC} - %profile%\extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}
FF - Ext: SmoothWheel (AMO): {5F590AA2-1221-4113-A6F4-A4BB62414FAC} - %profile%\extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}
FF - Ext: FastestFox: [email protected] - %profile%\extensions\[email protected]
============= SERVICES / DRIVERS ===============
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2010-3-25 173984]
R1 SASDIFSV;SASDIFSV;C:\Users\Kenny\AppData\Local\Temp\SAS_SelfExtract\sasdifs v64.sys [2010-2-17 14920]
R1 SASKUTIL;SASKUTIL;C:\Users\Kenny\AppData\Local\Temp\SAS_SelfExtract\saskuti l64.sys [2010-2-17 12360]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-8-4 203264]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-8-16 13336]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2010-8-4 7451648]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-8-4 268288]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2010-7-15 116240]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2010-3-25 40832]
R3 netr28ux;D-Link dnetr28u USB Extensible Wireless LAN Card Driver;C:\Windows\System32\drivers\Dnetr28ux.sys [2009-8-6 987648]
R3 Ph3xIB64;Philips 713x Inbox PCI TV Card;C:\Windows\System32\drivers\Ph3xIB64.sys [2009-6-10 1627520]
R3 SaiK0728;SaiK0728;C:\Windows\System32\drivers\SaiK0728.sys [2008-2-18 129024]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-29 136176]
S3 atillk64;atillk64;E:\Software\www.x-drivers.ru_atiovervolt\atillk64.sys [2010-8-13 14608]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-9-28 51712]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-8-16 1255736]
=============== Created Last 30 ================
2011-01-16 01:20:17 438808 ----a-w- C:\Windows\System32\drivers\iaStor.sys
2011-01-16 00:48:11 8199504 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{72B04EA8-72DF-4FD6-B66B-458BD70AD854}\mpengine.dll
2011-01-14 16:34:47 -------- d-----w- C:\Users\Kenny\AppData\Local\ODUI
2011-01-14 16:34:45 -------- d-----w- C:\Users\Kenny\AppData\Local\Stardock
2011-01-14 16:33:37 -------- d-----w- C:\Users\Kenny\AppData\Roaming\Stardock
2011-01-14 16:33:31 -------- dc-h--w- C:\PROGRA~3\{0F4A7EFE-5950-4389-BF36-1E625D72456B}
2011-01-14 16:33:31 -------- d-----w- C:\Program Files (x86)\Common Files\Stardock
2011-01-14 16:33:31 -------- d-----w- C:\PROGRA~3\Stardock
2011-01-14 16:33:30 -------- d-----w- C:\Program Files (x86)\Stardock
2011-01-14 16:33:25 -------- d-----w- C:\Users\Kenny\AppData\Local\PackageAware
2011-01-14 09:33:35 -------- d-----w- C:\Users\Kenny\AppData\Local\{221C9115-0D04-4BB8-BB8C-536A7C19FE91}
2011-01-13 20:02:24 -------- d-----w- C:\Users\Kenny\AppData\Local\Apps
2011-01-13 11:01:22 -------- d-----w- C:\Users\Kenny\AppData\Local\{3EE65E67-F293-4423-918F-277DBB446934}
2011-01-12 13:57:28 902656 ----a-w- C:\Windows\System32\d2d1.dll
2011-01-12 13:56:07 -------- d-----w- C:\Users\Kenny\AppData\Local\{5BFD3CA1-19BE-4484-83B6-AB2C85865E9C}
2011-01-11 16:55:42 -------- d-----w- C:\Users\Kenny\AppData\Local\{9496EBC2-FEBE-462E-A37B-0E2F444623BB}
2011-01-10 15:43:36 -------- d-----w- C:\Users\Kenny\AppData\Local\Paint.NET
2011-01-10 15:43:36 -------- d-----w- C:\Program Files\Paint.NET
2011-01-10 14:12:56 -------- d-----w- C:\Users\Kenny\AppData\Local\{86CCF61A-AE0B-455E-BE5A-A5B217E00EF8}
2011-01-09 20:14:24 -------- d-----w- C:\Users\Kenny\AppData\Roaming\ColorCop
2011-01-09 19:02:39 -------- d-----w- C:\Users\Kenny\AppData\Local\{59B9636E-7B27-4C49-A142-BDEC75F43A00}
2011-01-09 07:02:17 -------- d-----w- C:\Users\Kenny\AppData\Local\{9493ECE0-99A8-4B20-B1AA-A6FFE8118014}
2011-01-08 16:13:05 -------- d-----w- C:\Users\Kenny\AppData\Local\{84CBB950-05BD-4864-B609-B9D329FECB3C}
2011-01-07 16:44:56 -------- d-----w- C:\Users\Kenny\AppData\Local\{6A7851EC-A9B5-4EE8-85D7-6CCF564C7042}
2011-01-06 14:37:34 -------- d-----w- C:\Users\Kenny\AppData\Local\{67ABEB82-7299-47A5-ABB1-31E5500EDF6D}
2011-01-05 15:26:36 -------- d-----w- C:\Users\Kenny\AppData\Local\{CEA9BDB6-E01B-45E3-B3E3-87D662DD5B74}
2011-01-04 11:37:31 -------- d-----w- C:\Users\Kenny\AppData\Local\{C5FEFBFB-BFBD-437E-B3D0-CD78F8BEB5B1}
2011-01-03 20:17:17 -------- d-----w- C:\Program Files (x86)\MW2CU
2011-01-03 18:08:29 -------- d-----w- C:\Users\Kenny\AppData\Local\{C1F6D2E4-6752-4006-A274-020F4663A998}
2011-01-02 16:32:53 -------- d-----w- C:\Users\Kenny\AppData\Local\AVERT
2011-01-02 16:27:23 -------- d-----w- C:\Users\Kenny\AppData\Local\matt.malensek.net
2011-01-02 16:26:56 -------- d-----w- C:\Program Files (x86)\3RVX
2011-01-02 15:28:34 -------- d-----w- C:\Users\Kenny\AppData\Local\{89E9C2BC-4171-4D95-B6CB-F3ED9C07C5AF}
2011-01-01 15:31:58 -------- d-----w- C:\Users\Kenny\AppData\Local\{D37529D6-B82B-461E-8B24-279150CB844E}
2010-12-31 15:30:46 -------- d-----w- C:\Users\Kenny\AppData\Local\{BEEB761F-5BC7-46AF-BC74-6B06A35FBFF1}
2010-12-30 17:06:55 -------- d-----w- C:\Users\Kenny\AppData\Local\{E3C9AD08-F601-4C3D-A5B1-962D4CCB26FB}
2010-12-30 14:27:01 -------- d-----w- C:\Users\Kenny\AppData\Local\{84CF43C1-86AB-405F-8DDA-F87921729367}
2010-12-29 13:26:36 -------- d-----w- C:\Users\Kenny\AppData\Local\{1067BFBA-0219-46DA-A4EC-5F8F56BCA99E}
2010-12-29 00:17:43 -------- d-----w- C:\Windows\SysWow64\URTTEMP
2010-12-29 00:17:10 669184 ----a-w- C:\Windows\SysWow64\pbsvc.exe
2010-12-28 13:57:06 -------- d-----w- C:\Users\Kenny\AppData\Local\{AE12559D-213D-43AE-8274-DE3E5452DE00}
2010-12-27 21:21:22 521448 ----a-w- C:\Windows\System32\deployJava1.dll
2010-12-27 21:15:16 -------- d-----w- C:\Program Files (x86)\FileHippo.com
2010-12-27 15:35:44 -------- d-----w- C:\Users\Kenny\AppData\Local\{9F712342-F576-4186-82F8-AA72E54140F0}
2010-12-25 19:04:43 -------- d-----w- C:\Users\Kenny\AppData\Local\{F5A268D2-CA9A-476C-8FE5-E08E9FBFA468}
2010-12-25 19:04:32 -------- d-----w- C:\Users\Kenny\AppData\Local\{D52ABDE9-A42D-4B6B-A50C-64180A9A1D2C}
2010-12-24 13:45:57 -------- d-----w- C:\Users\Kenny\AppData\Local\{A9380C1F-E6A2-4269-A9AD-FBA6660A7100}
2010-12-23 19:02:10 -------- d-----w- C:\Users\Kenny\AppData\Local\{75003AB4-0E3D-42E0-B812-1B6ACFA0934C}
2010-12-23 19:01:59 -------- d-----w- C:\Users\Kenny\AppData\Local\{6743EC99-A0F4-4589-B938-10C0A2013C1E}
2010-12-23 17:37:56 -------- d-----w- C:\Users\Kenny\AppData\Local\{DBD9C8A6-2A12-4E04-9C4F-F4E402B31B5C}
2010-12-23 05:18:18 -------- d-----w- C:\Users\Kenny\AppData\Local\{35804C61-1183-43AE-9BCC-E23C889FBE18}
2010-12-22 09:48:29 -------- d-----w- C:\Users\Kenny\AppData\Local\{8E3D0D6F-7AC2-4D91-8FF1-E3DC909F9EF7}
2010-12-22 00:38:27 -------- d-----w- C:\Program Files (x86)\Auslogics
2010-12-21 13:31:03 -------- d-----w- C:\Users\Kenny\AppData\Local\{FAD5C326-36E2-4815-AEB0-AF22CD9D1801}
2010-12-20 11:50:15 -------- d-----w- C:\Users\Kenny\AppData\Local\{30941988-8624-403D-982C-AEA335345AFF}
2010-12-19 22:06:21 -------- d-----w- C:\Program Files (x86)\uTorrent
2010-12-19 16:18:06 -------- d-----w- C:\Users\Kenny\AppData\Local\{9E4A36F2-41C0-4EFF-9645-824A7217F826}
2010-12-18 15:33:58 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2010-12-18 15:33:58 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2010-12-18 15:33:34 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2010-12-18 15:33:13 -------- d-----w- C:\Program Files\ATI Technologies
2010-12-18 15:32:55 -------- d-----w- C:\ATI
2010-12-18 15:31:06 -------- d-----w- C:\Program Files\ATI
2010-12-18 14:59:13 -------- d-----w- C:\Users\Kenny\AppData\Local\{23038188-346A-462D-99C5-9303190B7834}
2010-12-17 22:29:32 -------- d-----w- C:\Users\Kenny\AppData\Roaming\atunes
2010-12-17 21:36:50 -------- d-----w- C:\Windows\SysWow64\xlive
2010-12-17 21:36:49 -------- d-----w- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2010-12-17 16:03:56 -------- d-----w- C:\Users\Kenny\AppData\Local\{88D75A81-5C04-4284-B8E1-2409BED47E51}
==================== Find3M ====================
2010-12-29 00:17:19 103736 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2010-12-29 00:17:12 66872 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2010-11-29 17:38:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2010-11-29 17:38:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2010-11-10 02:54:18 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll
2010-11-10 02:28:46 301936 ----a-w- C:\Windows\WLXPGSS.SCR
2010-11-04 06:35:53 1194496 ----a-w- C:\Windows\System32\wininet.dll
2010-11-04 06:31:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-11-04 05:52:17 978944 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-11-04 05:48:36 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-11-04 05:16:14 482816 ----a-w- C:\Windows\System32\html.iec
2010-11-04 04:41:26 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-11-04 04:35:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-11-04 04:08:54 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-11-02 05:21:51 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2010-11-02 05:18:59 662528 ----a-w- C:\Windows\System32\XpsPrint.dll
2010-11-02 05:18:59 229888 ----a-w- C:\Windows\System32\XpsRasterService.dll
2010-11-02 05:18:58 470016 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2010-11-02 05:18:33 1137664 ----a-w- C:\Windows\System32\FntCache.dll
2010-11-02 05:18:17 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2010-11-02 05:18:05 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2010-11-02 05:17:48 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
2010-11-02 05:17:48 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll
2010-11-02 05:17:47 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2010-11-02 05:17:38 473600 ----a-w- C:\Windows\System32\taskcomp.dll
2010-11-02 05:17:38 1169408 ----a-w- C:\Windows\System32\taskschd.dll
2010-11-02 05:16:53 1114624 ----a-w- C:\Windows\System32\schedsvc.dll
2010-11-02 05:10:47 464384 ----a-w- C:\Windows\System32\taskeng.exe
2010-11-02 05:10:32 285696 ----a-w- C:\Windows\System32\schtasks.exe
2010-11-02 04:59:08 144384 ----a-w- C:\Windows\System32\cdd.dll
2010-11-02 04:41:36 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2010-11-02 04:41:36 283648 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2010-11-02 04:41:36 135168 ----a-w- C:\Windows\SysWow64\XpsRasterService.dll
2010-11-02 04:40:36 496128 ----a-w- C:\Windows\SysWow64\taskschd.dll
2010-11-02 04:40:36 305152 ----a-w- C:\Windows\SysWow64\taskcomp.dll
2010-11-02 04:34:44 192000 ----a-w- C:\Windows\SysWow64\taskeng.exe
2010-11-02 04:34:33 179712 ----a-w- C:\Windows\SysWow64\schtasks.exe
2010-11-02 04:26:00 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll
2010-11-02 04:25:43 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2010-11-02 04:25:43 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2010-11-02 04:25:43 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2010-11-02 04:25:42 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2010-11-02 02:50:58 258048 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2010-10-27 05:06:22 2048 ----a-w- C:\Windows\System32\tzres.dll
2010-10-27 04:32:36 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2010-10-20 05:20:01 46080 ----a-w- C:\Windows\System32\atmlib.dll
2010-10-20 04:54:18 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2010-10-20 03:09:15 3124224 ----a-w- C:\Windows\System32\win32k.sys
2010-10-20 03:05:46 367104 ----a-w- C:\Windows\System32\atmfd.dll
2010-10-20 02:58:41 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
2010-10-19 20:51:33 270720 ------w- C:\Windows\System32\MpSigStub.exe
============= FINISH: 1:41:46.22 ===============
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-01-16 01:46:18
Windows 6.1.7600
Running: w1tt6nx2.exe
---- Files - GMER 1.0.15 ----
File C:\Windows\Temp\TMP00000013C4B77457FD86C255 0 bytes
---- EOF - GMER 1.0.15 ----
Sign In
Create Account
