Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

My Zombie PC


  • Please log in to reply

#1
Binxxbear

Binxxbear

    New Member

  • Member
  • Pip
  • 2 posts
hello i'm new here, and hope i'm posting this correctly.... my PC is being controlled by a remote Trojan or Botnet. The the infection is on all of my pc's, mac laptops, iphone, and i believe even my blue-ray (i know that sounds crazy, but i'm sure of it. I will post the OTL LOG, but i have many other logs from different software as well. I've been dealing with it over a year. I have wiped and reloaded my hdd over and over. It is even there with no hd and running a live disk, after a bios flash (of fifty by now)ANY help at all would be MUCH appreciated! Thank you
OTL.............

OTL logfile created on: 8/9/2012 9:35:59 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Documents and Settings\Sandy\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.42 Gb Available Physical Memory | 71.17% Memory free
3.85 Gb Paging File | 3.39 Gb Available in Paging File | 88.18% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 372.60 Gb Total Space | 361.95 Gb Free Space | 97.14% Space Free | Partition Type: NTFS

Computer Name: BUDDY-XPS | User Name: Sandy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/09 21:34:43 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sandy\My Documents\Downloads\OTL.exe
PRC - [2012/08/06 23:43:41 | 001,229,848 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Sandy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2010/10/01 22:06:36 | 000,348,760 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe
PRC - [2009/12/21 17:34:38 | 000,743,992 | ---- | M] (Infowatch) -- C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/06 23:43:40 | 000,442,392 | ---- | M] () -- C:\Documents and Settings\Sandy\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.75\ppgooglenaclpluginchrome.dll
MOD - [2012/08/06 23:43:39 | 012,235,800 | ---- | M] () -- C:\Documents and Settings\Sandy\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.75\PepperFlash\pepflashplayer.dll
MOD - [2012/08/06 23:43:37 | 003,997,720 | ---- | M] () -- C:\Documents and Settings\Sandy\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.75\pdf.dll
MOD - [2012/08/06 23:42:09 | 000,144,424 | ---- | M] () -- C:\Documents and Settings\Sandy\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.75\avutil-51.dll
MOD - [2012/08/06 23:42:08 | 000,266,792 | ---- | M] () -- C:\Documents and Settings\Sandy\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.75\avformat-54.dll
MOD - [2012/08/06 23:42:07 | 002,480,680 | ---- | M] () -- C:\Documents and Settings\Sandy\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.75\avcodec-54.dll
MOD - [2010/10/01 22:05:46 | 008,972,888 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\QtGui4.dll
MOD - [2010/10/01 22:05:42 | 002,456,152 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\QtCore4.dll
MOD - [2010/10/01 22:05:28 | 002,111,064 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\avzkrnl.dll
MOD - [2010/10/01 21:07:46 | 000,733,184 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\localization_manager.dll
MOD - [2009/10/30 20:32:30 | 000,410,496 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\dblite.dll
MOD - [2008/04/14 05:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 05:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/10/01 22:06:36 | 000,348,760 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe -- (AVP)
SRV - [2009/12/21 17:34:38 | 000,743,992 | ---- | M] (Infowatch) [Auto | Running] -- C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe -- (CSObjectsSrv)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{62FF6E39-859B-4E98-B47D-404AAEA3490E}\MpKsl16a98790.sys -- (MpKsl16a98790)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Sandy\LOCALS~1\Temp\cpuz135\cpuz135_x32.sys -- (cpuz135)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/08/09 16:50:03 | 000,315,408 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2012/04/10 11:51:16 | 000,021,744 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\Dell Support Center\pcdsrvc.pkms -- (PCDSRVC{E9D79540-57D5953E-06020101}_0)
DRV - [2009/12/14 12:44:24 | 000,088,632 | ---- | M] (Infowatch) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\CSCrySec.sys -- (CSCrySec)
DRV - [2009/12/14 12:44:24 | 000,039,352 | ---- | M] (Infowatch) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\CSVirtualDiskDrv.sys -- (CSVirtualDiskDrv)
DRV - [2009/10/14 21:18:34 | 000,036,880 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\klbg.sys -- (KLBG)
DRV - [2009/10/02 19:39:44 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/09/14 14:42:46 | 000,032,272 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2009/09/01 15:29:50 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1)
DRV - [2006/02/09 20:57:46 | 001,502,208 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/04/29 18:55:42 | 000,186,112 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1123561945-1708537768-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKU\S-1-5-21-1123561945-1708537768-725345543-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1123561945-1708537768-725345543-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1123561945-1708537768-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1123561945-1708537768-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main,start page = about:blank
IE - HKU\S-1-5-21-1123561945-1708537768-725345543-500\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1123561945-1708537768-725345543-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1123561945-1708537768-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/DownloadManager,version=1.1: C:\WINDOWS\ [2012/08/09 19:18:53 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Sandy\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Sandy\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky PURE\THBExt [2012/08/09 16:50:49 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Sandy\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.75\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Sandy\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.75\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Sandy\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Sandy\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.75\pdf.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Sandy\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll

O1 HOSTS File: ([2004/08/12 06:19:39 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\IAAnotif.exe (Intel Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1123561945-1708537768-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1123561945-1708537768-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky PURE\ie_banner_deny.htm ()
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab)
O15 - HKU\S-1-5-21-1123561945-1708537768-725345543-1003\..Trusted Domains: microsoft.com ([www.update] https in Trusted sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate...b?1121414041546 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1121414061187 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} http://download.micr...loadManager.cab (Microsoft Download Manager ActiveX control)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E4F010B6-DB02-432D-B0B7-F5FB0F6E3F3E}: DhcpNameServer = 192.168.1.1
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky PURE\kloehk.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky PURE\mzvkbd3.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\WINDOWS\system32\klogon.dll) - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O24 - Desktop WallPaper: C:\Documents and Settings\Sandy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Sandy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2005/07/15 00:39:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/09 21:24:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2012/08/09 21:22:47 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/08/09 20:22:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandy\Start Menu\Programs\WinDirStat
[2012/08/09 20:22:09 | 000,000,000 | ---D | C] -- C:\Program Files\WinDirStat
[2012/08/09 20:16:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandy\Start Menu\Programs\smartmontools
[2012/08/09 20:16:52 | 000,000,000 | ---D | C] -- C:\Program Files\smartmontools
[2012/08/09 19:24:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandy\Desktop\peid-0.95
[2012/08/09 19:21:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandy\Local Settings\Application Data\PCHealth
[2012/08/09 19:18:48 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Sandy\Recent
[2012/08/09 18:18:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2012/08/09 18:18:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2012/08/09 16:58:49 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2012/08/09 16:55:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandy\Local Settings\Application Data\Temp
[2012/08/09 16:51:21 | 000,039,352 | ---- | C] (Infowatch) -- C:\WINDOWS\System32\drivers\CSVirtualDiskDrv.sys
[2012/08/09 16:51:19 | 000,088,632 | ---- | C] (Infowatch) -- C:\WINDOWS\System32\drivers\CSCrySec.sys
[2012/08/09 16:51:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2012/08/09 16:50:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InfoWatch
[2012/08/09 16:50:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Kaspersky PURE
[2012/08/09 16:50:15 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2012/08/09 16:50:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[2012/08/09 16:50:03 | 000,315,408 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2012/08/09 16:45:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2012/08/09 01:28:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2012/08/08 23:50:59 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/08/08 23:50:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2012/08/08 23:50:08 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012/08/08 23:49:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandy\My Documents\Downloads
[2012/08/08 23:41:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2012/08/08 23:40:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2012/08/08 23:40:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandy\Application Data\Dell
[2012/08/08 23:40:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandy\Start Menu\Programs\Dell Support Center
[2012/08/08 23:39:46 | 000,000,000 | ---D | C] -- C:\Program Files\Dell Support Center
[2012/08/08 23:29:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2012/08/08 23:29:20 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2012/08/08 23:29:13 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2012/08/08 23:28:52 | 000,000,000 | ---D | C] -- C:\ff9ffef794a32d5e38abac2d44057889
[2012/08/08 23:27:22 | 000,000,000 | ---D | C] -- C:\1b2b5a2f51a5c65a0c6ca391
[2012/08/08 23:24:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandy\Application Data\PCDr
[2012/08/08 23:12:44 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/08/08 22:28:11 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Sandy\My Documents\My Videos
[2012/08/08 22:28:11 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Sandy\Start Menu\Programs\Administrative Tools
[2012/08/08 22:27:46 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Sandy\Desktop\dds.com
[2012/08/08 22:16:29 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2012/08/08 22:16:11 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2012/08/08 22:16:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2012/08/08 22:11:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2012/08/08 22:11:24 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/08/08 22:11:03 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Sandy\IECompatCache
[2012/08/08 22:10:51 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Sandy\PrivacIE
[2012/08/08 22:08:51 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Sandy\IETldCache
[2012/08/08 22:05:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2012/08/08 22:04:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2012/08/08 22:04:42 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2012/08/08 22:04:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2012/08/08 22:03:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2012/08/08 21:50:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2012/08/08 21:49:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2012/08/08 21:48:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2012/08/08 21:47:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandy\Desktop\Unused Desktop Shortcuts
[2012/08/08 21:46:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2012/08/08 21:43:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
[2012/08/08 21:43:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2012/08/08 21:43:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2012/08/08 21:43:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2012/08/08 21:43:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2012/08/08 21:42:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2012/08/08 21:41:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2012/08/08 21:40:27 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2012/08/08 21:35:33 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2012/08/08 21:34:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Download Manager
[2012/08/08 21:34:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Download Manager
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/09 21:31:19 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/09 21:31:13 | 000,002,048 | ---- | M] () -- C:\WINDOWS\bootstat.dat
[2012/08/09 21:18:41 | 000,095,072 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/08/09 21:09:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-1708537768-725345543-1003UA.job
[2012/08/09 21:06:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/09 20:22:13 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\Sandy\Desktop\WinDirStat.lnk
[2012/08/09 19:38:02 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Sandy\Desktop\47m08h96.bat
[2012/08/09 19:34:09 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Sandy\Desktop\Defogger.exe
[2012/08/09 19:24:34 | 000,219,136 | ---- | M] () -- C:\Documents and Settings\Sandy\Desktop\PEiD.exe
[2012/08/09 19:18:53 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/08/09 17:09:42 | 000,116,189 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat
[2012/08/09 17:09:42 | 000,098,168 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat
[2012/08/09 16:57:08 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\SystemToolsDailyTest.job
[2012/08/09 16:50:03 | 000,315,408 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2012/08/09 16:38:25 | 000,472,232 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/08/09 16:38:25 | 000,075,326 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/08/09 16:15:10 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Sandy\defogger_reenable
[2012/08/09 16:13:46 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/08/08 23:51:01 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/08/08 23:42:40 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/08/08 23:40:30 | 000,000,564 | ---- | M] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job
[2012/08/08 22:32:39 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Sandy\Desktop\47m08h96.exe
[2012/08/08 22:30:26 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/08/08 22:28:00 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Sandy\Desktop\dds.com
[2012/08/08 22:08:53 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Sandy\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/08/08 21:47:33 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2012/08/08 21:41:40 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2012/08/08 21:36:16 | 000,002,353 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Download Manager.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/09 21:18:41 | 000,095,072 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/08/09 20:22:13 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\Sandy\Desktop\WinDirStat.lnk
[2012/08/09 19:38:02 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Sandy\Desktop\47m08h96.bat
[2012/08/09 16:51:46 | 000,116,189 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2012/08/09 16:51:46 | 000,098,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2012/08/09 16:32:34 | 001,114,674 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativcaxx.cpa
[2012/08/09 16:32:34 | 000,114,630 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2012/08/09 16:32:34 | 000,058,560 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativckxx.vp
[2012/08/09 16:32:34 | 000,027,232 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativvpxx.vp
[2012/08/09 16:32:34 | 000,000,929 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativcaxx.vp
[2012/08/09 16:15:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Sandy\defogger_reenable
[2012/08/08 23:51:01 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/08/08 23:50:55 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/08 23:50:55 | 000,000,880 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/08 23:42:24 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/08/08 23:40:30 | 000,000,564 | ---- | C] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job
[2012/08/08 23:40:30 | 000,000,432 | ---- | C] () -- C:\WINDOWS\tasks\SystemToolsDailyTest.job
[2012/08/08 22:32:36 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Sandy\Desktop\47m08h96.exe
[2012/08/08 22:30:26 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/08/08 22:26:13 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Sandy\Desktop\Defogger.exe
[2012/08/08 22:20:29 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2012/08/08 21:55:09 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/08/08 21:55:09 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/08/08 21:43:38 | 000,613,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2012/08/08 21:43:38 | 000,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2012/08/08 21:43:38 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2012/08/08 21:43:38 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2012/08/08 21:43:38 | 000,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv
[2012/08/08 21:43:38 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2012/08/08 21:43:38 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2012/08/08 21:43:38 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2012/08/08 21:43:38 | 000,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2012/08/08 21:43:38 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2012/08/08 21:43:38 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2012/08/08 21:43:38 | 000,067,374 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm
[2012/08/08 21:43:38 | 000,029,070 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmp.inf
[2012/08/08 21:43:38 | 000,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2012/08/08 21:43:38 | 000,023,195 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm
[2012/08/08 21:43:38 | 000,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2012/08/08 21:43:38 | 000,017,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
[2012/08/08 21:43:38 | 000,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta
[2012/08/08 21:43:38 | 000,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2012/08/08 21:43:38 | 000,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2012/08/08 21:43:38 | 000,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2012/08/08 21:43:38 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2012/08/08 21:43:38 | 000,006,769 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2012/08/08 21:43:38 | 000,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2012/08/08 21:43:38 | 000,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2012/08/08 21:43:38 | 000,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2012/08/08 21:43:38 | 000,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2012/08/08 21:43:38 | 000,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2012/08/08 21:43:38 | 000,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2012/08/08 21:43:38 | 000,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2012/08/08 21:43:38 | 000,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2012/08/08 21:43:38 | 000,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2012/08/08 21:43:38 | 000,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2012/08/08 21:43:38 | 000,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2012/08/08 21:43:38 | 000,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2012/08/08 21:43:38 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2012/08/08 21:43:38 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2012/08/08 21:43:38 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2012/08/08 21:43:38 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2012/08/08 21:43:38 | 000,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
[2012/08/08 21:43:38 | 000,000,908 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf
[2012/08/08 21:43:38 | 000,000,855 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
[2012/08/08 21:43:38 | 000,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js
[2012/08/08 21:43:37 | 000,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv
[2012/08/08 21:43:37 | 000,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv
[2012/08/08 21:43:37 | 000,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv
[2012/08/08 21:43:37 | 000,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv
[2012/08/08 21:43:37 | 000,184,959 | ---- | C] () -- C:\WINDOWS\System32\dllcache\compact.wmz
[2012/08/08 21:43:37 | 000,077,307 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2012/08/08 21:43:37 | 000,066,725 | ---- | C] () -- C:\WINDOWS\System32\dllcache\revert.wmz
[2012/08/08 21:43:37 | 000,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip
[2012/08/08 21:43:37 | 000,018,286 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
[2012/08/08 21:43:37 | 000,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2012/08/08 21:43:37 | 000,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm
[2012/08/08 21:43:37 | 000,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js
[2012/08/08 21:43:37 | 000,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2012/08/08 21:43:37 | 000,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2012/08/08 21:43:37 | 000,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2012/08/08 21:43:37 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst6.wpl
[2012/08/08 21:43:37 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst5.wpl
[2012/08/08 21:43:37 | 000,001,474 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst3.wpl
[2012/08/08 21:43:37 | 000,001,451 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst12.wpl
[2012/08/08 21:43:37 | 000,001,448 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst4.wpl
[2012/08/08 21:43:37 | 000,001,250 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst1.wpl
[2012/08/08 21:43:37 | 000,001,049 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst2.wpl
[2012/08/08 21:43:37 | 000,001,046 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst7.wpl
[2012/08/08 21:43:37 | 000,001,036 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst8.wpl
[2012/08/08 21:43:37 | 000,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2012/08/08 21:43:37 | 000,000,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst11.wpl
[2012/08/08 21:43:37 | 000,000,787 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst10.wpl
[2012/08/08 21:43:37 | 000,000,784 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst9.wpl
[2012/08/08 21:43:37 | 000,000,783 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst13.wpl
[2012/08/08 21:43:37 | 000,000,775 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst14.wpl
[2012/08/08 21:43:37 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2012/08/08 21:43:37 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2012/08/08 21:43:37 | 000,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2012/08/08 21:43:37 | 000,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2012/08/08 21:43:37 | 000,000,733 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst15.wpl
[2012/08/08 21:43:37 | 000,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2012/08/08 21:43:37 | 000,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2012/08/08 21:41:46 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2012/08/08 21:41:46 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2012/08/08 21:41:46 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2012/08/08 21:34:14 | 000,002,353 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Download Manager.lnk

========== LOP Check ==========

[2012/08/08 23:37:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PCDr
[2012/08/08 23:40:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2012/08/08 23:32:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy\Application Data\PCDr
[2012/08/08 23:40:30 | 000,000,564 | ---- | M] () -- C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job
[2012/08/09 16:57:08 | 000,000,432 | ---- | M] () -- C:\WINDOWS\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\kernel32.dll:SummaryInformation

< End of report >
  • 0

Advertisements


#2
Gammo

Gammo

    Trusted Helper

  • Malware Removal
  • 2,299 posts
Hello and welcome to Geekstogo!

We apologize for the delay in responding to your request for help.
If you have since resolved the original problem you were having, we would appreciate you letting us know.



Why do you think your PC is infected? What signs are there? What problems are experiencing that you think are caused by the malware?
  • 0

#3
Binxxbear

Binxxbear

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Hi Gammo! I know I posted my help request a month ago, but I stopped my internet service in an effort to repair my pc. No luck. Let me know if I lost my turn :( , I am so sorry the timing couldn't have been worse.. To answer your question, I think ALL of my pc's and macs are infected for a few reasons:
• There is always a large amount of network activity ( services in task manager and different security tools have shown large amounts of activity ). Somehow I still had network activity when I stopped my Internet service.
• There are HUNDREDS of drivers for LAN, WAN, Bluetooth, API (lots of these and a API control panel I cannot open ), remote and server drivers and software. These drivers take up 15 GB of my HDD. They are in a hidden partition, and my pc acts as if the 15 gb just does not exist.
I have reformatted my drive and used every OS from Win 98 - Win 8 dev. preview to Mac 9 & OSX. Plus a few flavors of Linux (Ubuntu, Fedora, Trinux, and Backtrack which was my fav!) Every time i format these drivers and rat software are redownloaded. I've used Deriks Boot and Nuke, Kill Disk, WipeDrive, and the ratware is still there. It is even updated frequently. I have a year of various reports I printed out when I was able to. Most scans say my pc is clean but that's not possible. Its been a year so maybe I'm just insane now :). If you are still willing to look over my reports I will be forever greatful. I sent in files to Kaspersky since we have their Security software, and was told to run a certain report. I ran it, sent it, and got a computer generated letter stating that the were unfamiliar with the signature of this malware and to run the same report in safe mode with a few adjustments to run a more invasive scan. I sent them them that report an hour after their email. Their next email said my case was closed / resolved and asked me to take a survey on their support. Well since my Internet was shut down the day after I couldn't argue. I have gotten about six emails to rate my experience, but no mention on the reports or why they considered my case resolved.
If I run the disk to put Kaspersky back on the software is modified. Everything run is modified. The CD/DVD Drives as well as the USB, FireWire and printer ports seem to be running off a network database or perhaps my hidden partition. If i put in the recovery disk that came with my dell it will list all the malware files in dir. Its a read only factory disk so it cant be reading my disk. Plus if i take it to my other PCs they will all list different files on that same disk. And 2 of my Dells are exactly the same (model, year, everything) and they differ. When i try to format in cmd it says i cannot format a Network drive. i dont know What the.... OMG i rambled on, so i probably scared you away ;) . Thanks for letting me vent so no hard feelings if your too busy. Thank you Gammo, have a great night!!
  • 0

#4
Gammo

Gammo

    Trusted Helper

  • Malware Removal
  • 2,299 posts
I don't think your problems are malware related to be honest. It's unlikely that you get infected with malware that infects your whole home network. And even if you do get such an infection, Mac OSX computers wouldn't be affected by it. Also a format should fix the problem. The symptoms you're descibing doesn't sound like typical malware symptoms to me either. :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP