Jump to content


Photo
- - - - -

Whitesmoke Toolbar/Virus Removal Help


  • This topic is locked This topic is locked
13 replies to this topic

#1 ashleykate7

ashleykate7

    New Member

  • Members
  • Pip
  • 7 posts

Posted 22 February 2011 - 01:27 PM

I have read thread after thread regarding this nasty virus. I have even been involved in removing it from another PC here in my office (sucessfully). Now, on my PC, I have tried Malwarebytes, Spybot, SUPERAntivirus, and out (Paid) McAfee Software to detect and remove this virus. I have been unsucessful. On Friday, I noticed that my PC was running slowly, but at that point I was not having any other trouble. I decided to run Malwarebytes to see if there were any problems and it found 683 threats. They were removed, and I followed up with running Spybot. It also found around 600 threats. Going back to the internet to test the computer, I started to receive pop up windows with ads and other windows so I shut down the PC down and tried running Malwarebytes and Spybot again. Each time I run any Malware or virus protection program, it finds more and more. At this point, I am not sure what to do. If anyone has advice, I would greatly appreciate the help.

Thank you,
Ashley

#2 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 21,126 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 22 February 2011 - 05:31 PM

:)

Please don't attach the scans / logs from these scans, use "copy/paste".



DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.


Vista and Windows 7 users:
1. These tools MUST be run from the executable. (.exe) every time you run them
2. With Admin Rights (Right click, choose "Run as Administrator")


Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

Note: Close all browsers before running ATF Cleaner: IE, FireFox, etc.

Please download ATF Cleaner by Atribune.
Download - ATF Cleaner»
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.


It's normal after running ATF cleaner that the PC will be slower to boot the first time or two.

Next:
Note: Close all browsers before running ATF Cleaner: IE, FireFox, etc.

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • It doesn't take long to run, once it is finished move onto the next step

Next:
Note: if the Cure option is not there, please select 'Skip'.

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.



please post the contents of that log TDSSKiller log.

Also please describe how your computer behaves at the moment.
Larry Tate
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#3 ashleykate7

ashleykate7

    New Member

  • Members
  • Pip
  • 7 posts

Posted 23 February 2011 - 09:35 AM

It seems to be running better and I have not been re-directed to another website yet.


2011/02/23 09:21:39.0906 3140 TDSS rootkit removing tool 2.4.18.0 Feb 21 2011 11:08:08
2011/02/23 09:21:40.0203 3140 ================================================================================
2011/02/23 09:21:40.0203 3140 SystemInfo:
2011/02/23 09:21:40.0203 3140
2011/02/23 09:21:40.0203 3140 OS Version: 5.1.2600 ServicePack: 3.0
2011/02/23 09:21:40.0203 3140 Product type: Workstation
2011/02/23 09:21:40.0203 3140 ComputerName: SECRETARY
2011/02/23 09:21:40.0203 3140 UserName: INNEROFFICE
2011/02/23 09:21:40.0203 3140 Windows directory: C:\WINDOWS
2011/02/23 09:21:40.0203 3140 System windows directory: C:\WINDOWS
2011/02/23 09:21:40.0203 3140 Processor architecture: Intel x86
2011/02/23 09:21:40.0203 3140 Number of processors: 1
2011/02/23 09:21:40.0203 3140 Page size: 0x1000
2011/02/23 09:21:40.0203 3140 Boot type: Normal boot
2011/02/23 09:21:40.0203 3140 ================================================================================
2011/02/23 09:21:41.0171 3140 Initialize success
2011/02/23 09:21:43.0500 1880 ================================================================================
2011/02/23 09:21:43.0500 1880 Scan started
2011/02/23 09:21:43.0500 1880 Mode: Manual;
2011/02/23 09:21:43.0500 1880 ================================================================================
2011/02/23 09:21:46.0234 1880 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/02/23 09:21:46.0531 1880 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/02/23 09:21:46.0593 1880 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/02/23 09:21:46.0625 1880 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/02/23 09:21:46.0796 1880 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/02/23 09:21:46.0890 1880 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/02/23 09:21:47.0015 1880 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/02/23 09:21:47.0109 1880 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/02/23 09:21:47.0203 1880 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/02/23 09:21:47.0328 1880 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/02/23 09:21:47.0468 1880 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/02/23 09:21:47.0687 1880 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/02/23 09:21:47.0875 1880 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/02/23 09:21:47.0984 1880 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/02/23 09:21:48.0046 1880 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/02/23 09:21:48.0250 1880 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/02/23 09:21:48.0390 1880 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/02/23 09:21:48.0515 1880 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/02/23 09:21:48.0687 1880 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/02/23 09:21:48.0796 1880 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/02/23 09:21:48.0859 1880 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/02/23 09:21:48.0906 1880 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/02/23 09:21:48.0968 1880 b57w2k (241474d01380e9ed41d4c07f4f5fd401) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2011/02/23 09:21:49.0187 1880 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/02/23 09:21:49.0218 1880 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/02/23 09:21:49.0250 1880 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/02/23 09:21:49.0312 1880 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/02/23 09:21:49.0500 1880 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/02/23 09:21:49.0546 1880 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/02/23 09:21:49.0593 1880 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/02/23 09:21:49.0703 1880 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/02/23 09:21:49.0765 1880 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/02/23 09:21:49.0828 1880 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/02/23 09:21:49.0921 1880 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/02/23 09:21:50.0093 1880 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/02/23 09:21:50.0171 1880 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/02/23 09:21:50.0281 1880 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/02/23 09:21:50.0312 1880 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/02/23 09:21:50.0390 1880 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/02/23 09:21:50.0437 1880 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/02/23 09:21:50.0500 1880 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/02/23 09:21:50.0546 1880 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/02/23 09:21:50.0734 1880 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/02/23 09:21:50.0796 1880 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/02/23 09:21:50.0859 1880 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/02/23 09:21:50.0953 1880 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/02/23 09:21:51.0015 1880 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/02/23 09:21:51.0062 1880 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/02/23 09:21:51.0078 1880 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/02/23 09:21:51.0171 1880 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/02/23 09:21:51.0312 1880 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/02/23 09:21:51.0453 1880 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/02/23 09:21:51.0625 1880 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/02/23 09:21:51.0875 1880 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/02/23 09:21:52.0031 1880 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/02/23 09:21:52.0250 1880 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/02/23 09:21:52.0343 1880 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/02/23 09:21:52.0406 1880 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/02/23 09:21:52.0453 1880 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/02/23 09:21:52.0531 1880 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/02/23 09:21:52.0875 1880 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/02/23 09:21:52.0968 1880 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/02/23 09:21:53.0109 1880 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/02/23 09:21:53.0187 1880 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/02/23 09:21:53.0250 1880 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/02/23 09:21:53.0312 1880 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/02/23 09:21:53.0406 1880 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/02/23 09:21:53.0484 1880 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/02/23 09:21:53.0515 1880 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/02/23 09:21:53.0578 1880 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/02/23 09:21:53.0656 1880 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/02/23 09:21:53.0687 1880 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/02/23 09:21:53.0718 1880 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/02/23 09:21:53.0765 1880 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/02/23 09:21:53.0796 1880 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/02/23 09:21:53.0937 1880 MfeAVFK (32bcd2aec12cee766b2488731a78127c) C:\WINDOWS\system32\drivers\MfeAVFK.sys
2011/02/23 09:21:54.0093 1880 MfeBOPK (963abf1a4d3a19206f7b059e5a1a190b) C:\WINDOWS\system32\drivers\MfeBOPK.sys
2011/02/23 09:21:54.0281 1880 mfehidk (586a07b1fa933c340d990419d6894d7a) C:\WINDOWS\system32\drivers\mfehidk.sys
2011/02/23 09:21:54.0453 1880 MfeRKDK (820d6aa3f7f0cfa8a1fa8f63d3f1df04) C:\WINDOWS\system32\drivers\MfeRKDK.sys
2011/02/23 09:21:54.0687 1880 mfetdik (3812e49fa67a3f604895f0d0c2e1ef90) C:\WINDOWS\system32\drivers\mfetdik.sys
2011/02/23 09:21:54.0859 1880 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/02/23 09:21:54.0953 1880 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/02/23 09:21:55.0000 1880 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/02/23 09:21:55.0062 1880 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/02/23 09:21:55.0109 1880 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/02/23 09:21:55.0156 1880 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/02/23 09:21:55.0281 1880 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/02/23 09:21:55.0328 1880 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/02/23 09:21:55.0421 1880 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/02/23 09:21:55.0484 1880 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/02/23 09:21:55.0531 1880 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/02/23 09:21:55.0609 1880 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/02/23 09:21:55.0734 1880 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/02/23 09:21:55.0765 1880 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/02/23 09:21:55.0796 1880 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/02/23 09:21:55.0859 1880 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/02/23 09:21:55.0937 1880 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/02/23 09:21:55.0968 1880 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/02/23 09:21:56.0015 1880 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/02/23 09:21:56.0156 1880 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/02/23 09:21:56.0234 1880 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/02/23 09:21:56.0312 1880 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/02/23 09:21:56.0406 1880 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/02/23 09:21:56.0453 1880 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/02/23 09:21:56.0578 1880 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/02/23 09:21:56.0703 1880 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/02/23 09:21:56.0734 1880 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/02/23 09:21:56.0796 1880 PalmUSBD (dc450992eba6f914080c1f7fbeeed72c) C:\WINDOWS\system32\drivers\PalmUSBD.sys
2011/02/23 09:21:56.0984 1880 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/02/23 09:21:57.0046 1880 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/02/23 09:21:57.0109 1880 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/02/23 09:21:57.0156 1880 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/02/23 09:21:57.0218 1880 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/02/23 09:21:57.0250 1880 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/02/23 09:21:57.0406 1880 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/02/23 09:21:57.0593 1880 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/02/23 09:21:57.0734 1880 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/02/23 09:21:57.0765 1880 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/02/23 09:21:57.0796 1880 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/02/23 09:21:57.0859 1880 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/02/23 09:21:57.0906 1880 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/02/23 09:21:57.0937 1880 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/02/23 09:21:57.0968 1880 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/02/23 09:21:58.0015 1880 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/02/23 09:21:58.0046 1880 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/02/23 09:21:58.0125 1880 QtsDongle (5c42769a326d3567727c430c31de5d24) C:\WINDOWS\system32\qtsusk.sys
2011/02/23 09:21:58.0515 1880 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/02/23 09:21:58.0593 1880 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/02/23 09:21:58.0671 1880 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/02/23 09:21:58.0718 1880 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/02/23 09:21:58.0796 1880 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/02/23 09:21:58.0828 1880 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/02/23 09:21:58.0859 1880 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/02/23 09:21:58.0968 1880 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/02/23 09:21:59.0015 1880 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/02/23 09:21:59.0250 1880 sdcplh (b7ea2f12416693d2d9bffaaa5eff7037) C:\WINDOWS\system32\drivers\sdcplh.sys
2011/02/23 09:21:59.0406 1880 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/02/23 09:21:59.0484 1880 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
2011/02/23 09:21:59.0718 1880 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/02/23 09:21:59.0750 1880 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/02/23 09:21:59.0796 1880 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/02/23 09:21:59.0859 1880 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/02/23 09:21:59.0906 1880 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
2011/02/23 09:21:59.0984 1880 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/02/23 09:22:00.0093 1880 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/02/23 09:22:00.0140 1880 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/02/23 09:22:00.0218 1880 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/02/23 09:22:00.0328 1880 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/02/23 09:22:00.0359 1880 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/02/23 09:22:00.0421 1880 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/02/23 09:22:00.0562 1880 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/02/23 09:22:00.0734 1880 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/02/23 09:22:00.0781 1880 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/02/23 09:22:00.0953 1880 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/02/23 09:22:01.0031 1880 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/02/23 09:22:01.0109 1880 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/02/23 09:22:01.0187 1880 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/02/23 09:22:01.0250 1880 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/02/23 09:22:01.0343 1880 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/02/23 09:22:01.0437 1880 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/02/23 09:22:01.0515 1880 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/02/23 09:22:01.0703 1880 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/02/23 09:22:01.0812 1880 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/02/23 09:22:01.0875 1880 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/02/23 09:22:01.0953 1880 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/02/23 09:22:02.0000 1880 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/02/23 09:22:02.0031 1880 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/02/23 09:22:02.0078 1880 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/02/23 09:22:02.0109 1880 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/02/23 09:22:02.0140 1880 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/02/23 09:22:02.0187 1880 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
2011/02/23 09:22:02.0203 1880 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/02/23 09:22:02.0296 1880 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/02/23 09:22:02.0343 1880 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/02/23 09:22:02.0390 1880 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/02/23 09:22:02.0437 1880 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/02/23 09:22:02.0484 1880 wceusbsh (4a954a20a4c73d6db13c0fe25f3f1b0c) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
2011/02/23 09:22:02.0734 1880 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/02/23 09:22:02.0859 1880 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/02/23 09:22:02.0937 1880 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/02/23 09:22:02.0968 1880 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/02/23 09:22:03.0046 1880 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/02/23 09:22:03.0046 1880 ================================================================================
2011/02/23 09:22:03.0046 1880 Scan finished
2011/02/23 09:22:03.0046 1880 ================================================================================
2011/02/23 09:22:03.0078 0564 Detected object count: 1
2011/02/23 09:22:16.0187 0564 \HardDisk0 - will be cured after reboot
2011/02/23 09:22:16.0187 0564 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/02/23 09:22:39.0968 0768 Deinitialize success

#4 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 21,126 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 23 February 2011 - 09:48 AM

We're not finished yet.

Please run TDSSKiller again so we can be sure the RootKit is gone.
Larry Tate
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#5 ashleykate7

ashleykate7

    New Member

  • Members
  • Pip
  • 7 posts

Posted 23 February 2011 - 10:06 AM

Here is the second log...

2011/02/23 10:00:39.0296 2936 TDSS rootkit removing tool 2.4.18.0 Feb 21 2011 11:08:08
2011/02/23 10:00:39.0531 2936 ================================================================================
2011/02/23 10:00:39.0531 2936 SystemInfo:
2011/02/23 10:00:39.0531 2936
2011/02/23 10:00:39.0531 2936 OS Version: 5.1.2600 ServicePack: 3.0
2011/02/23 10:00:39.0546 2936 Product type: Workstation
2011/02/23 10:00:39.0546 2936 ComputerName: SECRETARY
2011/02/23 10:00:39.0546 2936 UserName: INNEROFFICE
2011/02/23 10:00:39.0546 2936 Windows directory: C:\WINDOWS
2011/02/23 10:00:39.0546 2936 System windows directory: C:\WINDOWS
2011/02/23 10:00:39.0546 2936 Processor architecture: Intel x86
2011/02/23 10:00:39.0546 2936 Number of processors: 1
2011/02/23 10:00:39.0546 2936 Page size: 0x1000
2011/02/23 10:00:39.0546 2936 Boot type: Normal boot
2011/02/23 10:00:39.0546 2936 ================================================================================
2011/02/23 10:00:40.0281 2936 Initialize success
2011/02/23 10:00:43.0281 3052 ================================================================================
2011/02/23 10:00:43.0281 3052 Scan started
2011/02/23 10:00:43.0281 3052 Mode: Manual;
2011/02/23 10:00:43.0281 3052 ================================================================================
2011/02/23 10:00:45.0718 3052 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/02/23 10:00:45.0906 3052 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/02/23 10:00:45.0953 3052 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/02/23 10:00:46.0046 3052 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/02/23 10:00:46.0187 3052 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/02/23 10:00:46.0281 3052 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/02/23 10:00:46.0328 3052 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/02/23 10:00:46.0359 3052 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/02/23 10:00:46.0390 3052 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/02/23 10:00:46.0531 3052 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/02/23 10:00:46.0656 3052 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/02/23 10:00:46.0781 3052 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/02/23 10:00:46.0890 3052 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/02/23 10:00:46.0953 3052 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/02/23 10:00:47.0015 3052 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/02/23 10:00:47.0171 3052 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/02/23 10:00:47.0296 3052 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/02/23 10:00:47.0406 3052 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/02/23 10:00:47.0562 3052 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/02/23 10:00:47.0640 3052 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/02/23 10:00:47.0703 3052 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/02/23 10:00:47.0765 3052 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/02/23 10:00:47.0812 3052 b57w2k (241474d01380e9ed41d4c07f4f5fd401) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2011/02/23 10:00:47.0937 3052 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/02/23 10:00:47.0984 3052 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/02/23 10:00:48.0015 3052 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/02/23 10:00:48.0078 3052 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/02/23 10:00:48.0218 3052 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/02/23 10:00:48.0296 3052 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/02/23 10:00:48.0343 3052 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/02/23 10:00:48.0437 3052 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/02/23 10:00:48.0531 3052 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/02/23 10:00:48.0593 3052 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/02/23 10:00:48.0671 3052 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/02/23 10:00:48.0843 3052 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/02/23 10:00:49.0015 3052 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/02/23 10:00:49.0078 3052 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/02/23 10:00:49.0109 3052 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/02/23 10:00:49.0203 3052 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/02/23 10:00:49.0281 3052 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/02/23 10:00:49.0328 3052 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/02/23 10:00:49.0375 3052 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/02/23 10:00:49.0609 3052 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/02/23 10:00:49.0687 3052 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/02/23 10:00:49.0734 3052 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/02/23 10:00:49.0796 3052 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/02/23 10:00:49.0859 3052 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/02/23 10:00:49.0921 3052 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/02/23 10:00:50.0000 3052 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/02/23 10:00:50.0078 3052 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/02/23 10:00:50.0125 3052 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/02/23 10:00:50.0250 3052 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/02/23 10:00:50.0421 3052 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/02/23 10:00:50.0531 3052 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/02/23 10:00:50.0656 3052 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/02/23 10:00:50.0796 3052 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/02/23 10:00:50.0843 3052 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/02/23 10:00:50.0890 3052 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/02/23 10:00:50.0937 3052 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/02/23 10:00:51.0015 3052 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/02/23 10:00:51.0359 3052 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/02/23 10:00:51.0500 3052 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/02/23 10:00:51.0640 3052 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/02/23 10:00:51.0734 3052 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/02/23 10:00:51.0750 3052 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/02/23 10:00:51.0812 3052 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/02/23 10:00:51.0875 3052 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/02/23 10:00:51.0921 3052 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/02/23 10:00:51.0968 3052 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/02/23 10:00:52.0015 3052 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/02/23 10:00:52.0093 3052 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/02/23 10:00:52.0140 3052 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/02/23 10:00:52.0156 3052 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/02/23 10:00:52.0187 3052 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/02/23 10:00:52.0234 3052 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/02/23 10:00:52.0390 3052 MfeAVFK (32bcd2aec12cee766b2488731a78127c) C:\WINDOWS\system32\drivers\MfeAVFK.sys
2011/02/23 10:00:52.0546 3052 MfeBOPK (963abf1a4d3a19206f7b059e5a1a190b) C:\WINDOWS\system32\drivers\MfeBOPK.sys
2011/02/23 10:00:52.0703 3052 mfehidk (586a07b1fa933c340d990419d6894d7a) C:\WINDOWS\system32\drivers\mfehidk.sys
2011/02/23 10:00:52.0843 3052 MfeRKDK (820d6aa3f7f0cfa8a1fa8f63d3f1df04) C:\WINDOWS\system32\drivers\MfeRKDK.sys
2011/02/23 10:00:53.0062 3052 mfetdik (3812e49fa67a3f604895f0d0c2e1ef90) C:\WINDOWS\system32\drivers\mfetdik.sys
2011/02/23 10:00:53.0156 3052 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/02/23 10:00:53.0250 3052 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/02/23 10:00:53.0296 3052 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/02/23 10:00:53.0359 3052 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/02/23 10:00:53.0406 3052 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/02/23 10:00:53.0468 3052 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/02/23 10:00:53.0578 3052 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/02/23 10:00:53.0640 3052 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/02/23 10:00:53.0718 3052 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/02/23 10:00:53.0781 3052 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/02/23 10:00:53.0812 3052 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/02/23 10:00:53.0890 3052 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/02/23 10:00:53.0968 3052 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/02/23 10:00:53.0984 3052 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/02/23 10:00:54.0031 3052 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/02/23 10:00:54.0078 3052 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/02/23 10:00:54.0156 3052 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/02/23 10:00:54.0203 3052 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/02/23 10:00:54.0234 3052 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/02/23 10:00:54.0359 3052 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/02/23 10:00:54.0437 3052 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/02/23 10:00:54.0546 3052 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/02/23 10:00:54.0640 3052 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/02/23 10:00:54.0687 3052 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/02/23 10:00:54.0796 3052 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/02/23 10:00:54.0937 3052 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/02/23 10:00:54.0968 3052 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/02/23 10:00:55.0031 3052 PalmUSBD (dc450992eba6f914080c1f7fbeeed72c) C:\WINDOWS\system32\drivers\PalmUSBD.sys
2011/02/23 10:00:55.0187 3052 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/02/23 10:00:55.0234 3052 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/02/23 10:00:55.0281 3052 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/02/23 10:00:55.0343 3052 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/02/23 10:00:55.0390 3052 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/02/23 10:00:55.0437 3052 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/02/23 10:00:55.0578 3052 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/02/23 10:00:55.0734 3052 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/02/23 10:00:55.0875 3052 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/02/23 10:00:55.0937 3052 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/02/23 10:00:55.0968 3052 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/02/23 10:00:56.0015 3052 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/02/23 10:00:56.0109 3052 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/02/23 10:00:56.0156 3052 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/02/23 10:00:56.0187 3052 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/02/23 10:00:56.0218 3052 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/02/23 10:00:56.0296 3052 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/02/23 10:00:56.0390 3052 QtsDongle (5c42769a326d3567727c430c31de5d24) C:\WINDOWS\system32\qtsusk.sys
2011/02/23 10:00:56.0656 3052 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/02/23 10:00:56.0703 3052 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/02/23 10:00:56.0734 3052 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/02/23 10:00:56.0750 3052 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/02/23 10:00:56.0796 3052 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/02/23 10:00:56.0828 3052 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/02/23 10:00:56.0921 3052 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/02/23 10:00:57.0062 3052 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/02/23 10:00:57.0109 3052 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/02/23 10:00:57.0375 3052 sdcplh (b7ea2f12416693d2d9bffaaa5eff7037) C:\WINDOWS\system32\drivers\sdcplh.sys
2011/02/23 10:00:57.0515 3052 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/02/23 10:00:57.0609 3052 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
2011/02/23 10:00:57.0671 3052 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/02/23 10:00:57.0703 3052 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/02/23 10:00:57.0765 3052 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/02/23 10:00:57.0843 3052 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/02/23 10:00:57.0906 3052 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
2011/02/23 10:00:57.0968 3052 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/02/23 10:00:58.0031 3052 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/02/23 10:00:58.0078 3052 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/02/23 10:00:58.0171 3052 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/02/23 10:00:58.0359 3052 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/02/23 10:00:58.0406 3052 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/02/23 10:00:58.0453 3052 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/02/23 10:00:58.0578 3052 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/02/23 10:00:58.0750 3052 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/02/23 10:00:58.0828 3052 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/02/23 10:00:58.0968 3052 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/02/23 10:00:59.0031 3052 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/02/23 10:00:59.0125 3052 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/02/23 10:00:59.0187 3052 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/02/23 10:00:59.0250 3052 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/02/23 10:00:59.0328 3052 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/02/23 10:00:59.0421 3052 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/02/23 10:00:59.0468 3052 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/02/23 10:00:59.0609 3052 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/02/23 10:00:59.0703 3052 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/02/23 10:00:59.0781 3052 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/02/23 10:00:59.0843 3052 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/02/23 10:00:59.0890 3052 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/02/23 10:01:00.0000 3052 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/02/23 10:01:00.0046 3052 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/02/23 10:01:00.0093 3052 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/02/23 10:01:00.0125 3052 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/02/23 10:01:00.0171 3052 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
2011/02/23 10:01:00.0187 3052 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/02/23 10:01:00.0296 3052 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/02/23 10:01:00.0343 3052 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/02/23 10:01:00.0390 3052 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/02/23 10:01:00.0437 3052 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/02/23 10:01:00.0484 3052 wceusbsh (4a954a20a4c73d6db13c0fe25f3f1b0c) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
2011/02/23 10:01:00.0656 3052 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/02/23 10:01:00.0781 3052 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/02/23 10:01:00.0875 3052 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/02/23 10:01:00.0921 3052 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/02/23 10:01:01.0015 3052 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/02/23 10:01:01.0015 3052 ================================================================================
2011/02/23 10:01:01.0015 3052 Scan finished
2011/02/23 10:01:01.0015 3052 ================================================================================
2011/02/23 10:01:01.0046 2916 Detected object count: 1
2011/02/23 10:01:09.0796 2916 \HardDisk0 - will be cured after reboot
2011/02/23 10:01:09.0796 2916 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/02/23 10:01:14.0781 2680 Deinitialize success

#6 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 21,126 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 23 February 2011 - 10:29 AM

Vista and Windows 7 users:
1. These tools MUST be run from the executable. (.exe) every time you run them
2. With Admin Rights (Right click, choose "Run as Administrator")



Download ComboFix from one of these locations:

Link 1
Link 2 If using this link, Right Click and select Save As.


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs

  • Double click on ComboFix.exe & follow the prompts.

    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.

    Note: If you have XP SP3, use the XP SP2 package.
    If Vista or Windows 7, skip the Recovery Console part

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.


Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.
Larry Tate
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#7 ashleykate7

ashleykate7

    New Member

  • Members
  • Pip
  • 7 posts

Posted 23 February 2011 - 11:36 AM

Please bear with me....we had some trouble turning off the sonic wall, but we did get it taken care of. Combo fix is currently running and deleting folders....will be back with you as soon as it finishes. Thanks for your help so far!

Ashley

#8 ashleykate7

ashleykate7

    New Member

  • Members
  • Pip
  • 7 posts

Posted 23 February 2011 - 11:57 AM

Here is the logfile for the last process...

ComboFix 11-02-22.06 - INNEROFFICE 02/23/2011 11:17:28.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.227 [GMT -5:00]
Running from: c:\documents and settings\INNEROFFICE\Desktop\ComboFix.exe
AV: Total Protection for Small Business *Disabled/Updated* {8C354827-2F54-4E28-90DC-AD391E77808C}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\147.tmp
C:\14C.tmp
C:\6F6.tmp
C:\6FA.tmp
C:\709.tmp
C:\72A.tmp
c:\documents and settings\INNEROFFICE\Application Data\whitesmoketoolbar
c:\documents and settings\INNEROFFICE\Application Data\whitesmoketoolbar\dtx.ini
c:\documents and settings\INNEROFFICE\Application Data\whitesmoketoolbar\guid.dat
c:\documents and settings\INNEROFFICE\Application Data\whitesmoketoolbar\preferences.dat
c:\documents and settings\INNEROFFICE\Application Data\whitesmoketoolbar\stat.log
c:\documents and settings\INNEROFFICE\Application Data\whitesmoketoolbar\stats.dat
c:\documents and settings\INNEROFFICE\Application Data\whitesmoketoolbar\uninstallIE.dat
c:\documents and settings\INNEROFFICE\Application Data\whitesmoketoolbar\uninstallStatIE.dat
c:\documents and settings\INNEROFFICE\Application Data\whitesmoketoolbar\weather\98974c8e27f23cafbda8e5d0b926b2b2
c:\documents and settings\INNEROFFICE\Application Data\whitesmoketoolbar\weather\cd2494248b6964056c3e699bb313f70b
c:\documents and settings\INNEROFFICE\Application Data\whitesmoketoolbar\weather\forecasts_cache.xml
c:\documents and settings\INNEROFFICE\Application Data\whitesmoketoolbar\weather\observations_cache.xml
c:\documents and settings\INNEROFFICE\Application Data\whitesmoketoolbar\weatherbutton_prefs.xml
c:\documents and settings\NetworkService\Application Data\whitesmoketoolbar
c:\documents and settings\NetworkService\Application Data\whitesmoketoolbar\dtx.ini
c:\documents and settings\NetworkService\Application Data\whitesmoketoolbar\exeArgs.xml
c:\documents and settings\NetworkService\Application Data\whitesmoketoolbar\guid.dat
c:\documents and settings\NetworkService\Application Data\whitesmoketoolbar\setupCfg.xml
c:\program files\Search Toolbar
c:\program files\Search Toolbar\icon.ico
c:\program files\Search Toolbar\SearchToolbar.dll
c:\program files\Search Toolbar\SearchToolbarUninstall.exe
c:\program files\Search Toolbar\SearchToolbarUpdater.exe
c:\program files\whitesmoketoolbar
c:\program files\whitesmoketoolbar\chrome\content\lib\about.xml
c:\program files\whitesmoketoolbar\chrome\content\lib\dtxpanel.xul
c:\program files\whitesmoketoolbar\chrome\content\lib\dtxpanelwin.xul
c:\program files\whitesmoketoolbar\chrome\content\lib\dtxprefwin.xul
c:\program files\whitesmoketoolbar\chrome\content\lib\dtxwin.xul
c:\program files\whitesmoketoolbar\chrome\content\lib\emailnotifierproviders.xml
c:\program files\whitesmoketoolbar\chrome\content\lib\external.js
c:\program files\whitesmoketoolbar\chrome\content\lib\neterror.xhtml
c:\program files\whitesmoketoolbar\chrome\content\lib\rsspreview.html
c:\program files\whitesmoketoolbar\chrome\content\lib\rsswin.xml
c:\program files\whitesmoketoolbar\chrome\content\lib\rsswin.xsl
c:\program files\whitesmoketoolbar\chrome\content\lib\vmncode.js
c:\program files\whitesmoketoolbar\chrome\content\lib\wmpstreamer.html
c:\program files\whitesmoketoolbar\chrome\content\modules\datastore.jsm
c:\program files\whitesmoketoolbar\chrome\content\neterror.xhtml
c:\program files\whitesmoketoolbar\chrome\content\newtab\images\btn_search.gif
c:\program files\whitesmoketoolbar\chrome\content\newtab\images\bullet.gif
c:\program files\whitesmoketoolbar\chrome\content\newtab\images\field_bg.gif
c:\program files\whitesmoketoolbar\chrome\content\newtab\images\powered_by_yahoo.gif
c:\program files\whitesmoketoolbar\chrome\content\newtab\newtab.html
c:\program files\whitesmoketoolbar\chrome\content\preferences.xml
c:\program files\whitesmoketoolbar\chrome\content\toolbar.htm
c:\program files\whitesmoketoolbar\chrome\content\toolbar.xul
c:\program files\whitesmoketoolbar\chrome\content\vmncode.js
c:\program files\whitesmoketoolbar\chrome\content\vmnrsswin.xml
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\css\dialog.css
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\images\bg.gif
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\images\btn-wide-close-over.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\images\btn-wide-close.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\images\default.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\images\transparent.gif
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\images\win-btm-left.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\images\win-btm-mdl.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\images\win-btm-right-resize.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\images\win-btm-right.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\main.html
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\scripts\defscript.js
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\tb_icon.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\widget.jsw
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\widget.xml
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\widget_version.txt
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\css\twitter.css
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\btn-login-over.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\btn-login.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\btn-submit.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\loginbg.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\refresh-over.gif
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\refresh.gif
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\scrollbottom-disable.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\scrollbottom-down.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\scrollbottom-over.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\scrollbottom.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\scrolltop-disable.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\scrolltop-down.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\scrolltop-over.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\scrolltop.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\tab-off-l.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\tab-off-r.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\tab-on-l.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\tab-on-r.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\throbber.gif
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\Thumbs.db
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\twitter-logo48.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\twitter_top.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\js\jquery.js
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\js\scripts.js
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\css\dialog.css
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\bg.gif
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\btn-wide-close-over.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\btn-wide-close.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\default.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\transparent.gif
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\win-btm-left.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\win-btm-mdl.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\win-btm-right-resize.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\win-btm-right.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\main.html
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\scripts\defscript.js
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\tb_icon.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\Thumbs.db
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\widget.jsw
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\widget.xml
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\widget_version.txt
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\css\dialog.css
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\bg.gif
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\btn-search.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\btn-wide-close-over.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\btn-wide-close.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\default.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\Thumbs.db
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\transparent.gif
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\win-btm-left.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\win-btm-mdl.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\win-btm-right-resize.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\win-btm-right.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\main.html
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\scripts\defscript.js
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\tb_icon.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\widget.jsw
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\widget.xml
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\widget_version.txt
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\css\dialog.css
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\arrow-grey.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\arrows_grey-left.gif
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\arrows_grey-right.gif
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\btn-search-over.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\btn-search.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\powered-by-youtube.gif
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\scrollb-disable.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\scrollb-down.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\scrollb.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\scrollt-disable.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\scrollt-down.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\scrollt.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-off-l.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-off-r.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-on-l.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-on-r.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-over-l.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-over-r.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-red-left.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-red-mdl.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-red-right.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-white-left.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-white-mdl.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-white-right.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\throbber.gif
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\Thumbs.db
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\vid-bg.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\youtube.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\index.html
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\js\jquery-1.3.2.min.js
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\js\jquery.autocomplete.min.js
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\css\dialog.css
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\bg.gif
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\btn-search.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\btn-wide-close-over.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\btn-wide-close.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\default.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\Thumbs.db
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\transparent.gif
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\win-btm-left.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\win-btm-mdl.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\win-btm-right-resize.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\win-btm-right.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\main.html
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\scripts\defscript.js
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\tb_icon.png
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\widget.jsw
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\widget.xml
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\widget_version.txt
c:\program files\whitesmoketoolbar\chrome\data\dynamicElements\vmntoolbar.xsl
c:\program files\whitesmoketoolbar\chrome\data\rss\rss.xml
c:\program files\whitesmoketoolbar\chrome\data\search\engines.xml
c:\program files\whitesmoketoolbar\chrome\data\search\search.xsl
c:\program files\whitesmoketoolbar\chrome\data\weather\icons.xml
c:\program files\whitesmoketoolbar\chrome\skin\634017460871087500_png
c:\program files\whitesmoketoolbar\chrome\skin\about.gif
c:\program files\whitesmoketoolbar\chrome\skin\babylon_logo.png
c:\program files\whitesmoketoolbar\chrome\skin\bing_16x16.png
c:\program files\whitesmoketoolbar\chrome\skin\bing_searchicon_20x22_spaced_hover_png
c:\program files\whitesmoketoolbar\chrome\skin\bing_searchicon_20x22_spaced_png
c:\program files\whitesmoketoolbar\chrome\skin\blank_png
c:\program files\whitesmoketoolbar\chrome\skin\bluelite.gif
c:\program files\whitesmoketoolbar\chrome\skin\bluesky.gif
c:\program files\whitesmoketoolbar\chrome\skin\btn-search-over.png
c:\program files\whitesmoketoolbar\chrome\skin\btn-search.png
c:\program files\whitesmoketoolbar\chrome\skin\btn-settings-over.png
c:\program files\whitesmoketoolbar\chrome\skin\btn-settings.png
c:\program files\whitesmoketoolbar\chrome\skin\btn-widgets-over.png
c:\program files\whitesmoketoolbar\chrome\skin\btn-widgets.png
c:\program files\whitesmoketoolbar\chrome\skin\btn_settings.png
c:\program files\whitesmoketoolbar\chrome\skin\ca.png
c:\program files\whitesmoketoolbar\chrome\skin\checkMyText_png
c:\program files\whitesmoketoolbar\chrome\skin\checkMyText_png_png
c:\program files\whitesmoketoolbar\chrome\skin\dictionary.png
c:\program files\whitesmoketoolbar\chrome\skin\Dictionary_png
c:\program files\whitesmoketoolbar\chrome\skin\Dictionary_png_png
c:\program files\whitesmoketoolbar\chrome\skin\divider.png
c:\program files\whitesmoketoolbar\chrome\skin\downloadcom.png
c:\program files\whitesmoketoolbar\chrome\skin\dtxlogo.png
c:\program files\whitesmoketoolbar\chrome\skin\DTXWizard\skin\icon_library\Basics\folder.png
c:\program files\whitesmoketoolbar\chrome\skin\email.png
c:\program files\whitesmoketoolbar\chrome\skin\email_on.png
c:\program files\whitesmoketoolbar\chrome\skin\eteacher_png
c:\program files\whitesmoketoolbar\chrome\skin\facebook.png
c:\program files\whitesmoketoolbar\chrome\skin\feed_icon_png
c:\program files\whitesmoketoolbar\chrome\skin\feed_icon2_png
c:\program files\whitesmoketoolbar\chrome\skin\france_png
c:\program files\whitesmoketoolbar\chrome\skin\games.png
c:\program files\whitesmoketoolbar\chrome\skin\games_png
c:\program files\whitesmoketoolbar\chrome\skin\gamesIcon_png
c:\program files\whitesmoketoolbar\chrome\skin\graphred0.png
c:\program files\whitesmoketoolbar\chrome\skin\graphred0_5.png
c:\program files\whitesmoketoolbar\chrome\skin\graphred1.png
c:\program files\whitesmoketoolbar\chrome\skin\graphred1_5.png
c:\program files\whitesmoketoolbar\chrome\skin\graphred2.png
c:\program files\whitesmoketoolbar\chrome\skin\graphred2_5.png
c:\program files\whitesmoketoolbar\chrome\skin\graphred3.png
c:\program files\whitesmoketoolbar\chrome\skin\graphred3_5.png
c:\program files\whitesmoketoolbar\chrome\skin\graphred4.png
c:\program files\whitesmoketoolbar\chrome\skin\graphred4_5.png
c:\program files\whitesmoketoolbar\chrome\skin\graphred5.png
c:\program files\whitesmoketoolbar\chrome\skin\graphredna.png
c:\program files\whitesmoketoolbar\chrome\skin\grey.gif
c:\program files\whitesmoketoolbar\chrome\skin\ico-shield.png
c:\program files\whitesmoketoolbar\chrome\skin\images.png
c:\program files\whitesmoketoolbar\chrome\skin\italy_png
c:\program files\whitesmoketoolbar\chrome\skin\lib\add.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\aol.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\arrow-dn.gif
c:\program files\whitesmoketoolbar\chrome\skin\lib\arrow-right-disabled.gif
c:\program files\whitesmoketoolbar\chrome\skin\lib\arrow-right.gif
c:\program files\whitesmoketoolbar\chrome\skin\lib\arrow-up.gif
c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btn-divider.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btn-end.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btn-mdl.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btn-mdl_ff.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btn-start.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btnover-divider.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btnover-end.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btnover-mdl.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btnover-mdl_ff.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btnover-start.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\blank.gif
c:\program files\whitesmoketoolbar\chrome\skin\lib\btn-widgets-over.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\btn-widgets.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\btn_slider.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\btnback-down-vista.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\btnback-vista.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\btnleft-down-vista.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\btnleft-vista.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\btnright-down-vista.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\btnright-vista.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\button-splitter-down-vista.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\button-splitter-vista.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\checkmark.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\chevron.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\collapse.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\comcast.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\dtx.css
c:\program files\whitesmoketoolbar\chrome\skin\lib\edit-back-hot.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\edit-back.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\expand.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\found.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\gmail.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\highlight.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\highlight_blue.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\highlight_cyan.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\highlight_lime.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\highlight_magenta.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\highlight_yellow.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\hotmail.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\ico-check.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\imap.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\lastsearch-thumb-back.gif
c:\program files\whitesmoketoolbar\chrome\skin\lib\loadingMid.gif
c:\program files\whitesmoketoolbar\chrome\skin\lib\lock.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\logo-separator.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\mailcom.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\menu_bg-basic.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\menu_separator_bar.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\menu_separator_white.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\menuitem-splitter.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\menuitemback-down-vista.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\menuitemback-vista.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\menuitemleft-down-vista.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\menuitemleft-vista.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\menuitemright-down-vista.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\menuitemright-vista.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\modify.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\move.gif
c:\program files\whitesmoketoolbar\chrome\skin\lib\movetarget.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\css\panels.css
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\css\popupAbout.css
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\css\popupGames.css
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\css\popupRSS.css
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\css\popupWidgets.css
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\css\dialog.css
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\bg.gif
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\btn-search.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\btn-wide-close-over.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\btn-wide-close.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\default.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\tab-off-l.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\tab-off-r.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\tab-on-l.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\tab-on-r.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\transparent.gif
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\ttlbar-left.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\ttlbar-mdl.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\ttlbar-right.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\win-btm-left.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\win-btm-mdl.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\win-btm-right-resize.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\win-btm-right.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\win-left.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\win-right.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\main.html
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\scripts\defscript.js
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\footer.htm
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\gamecategory.xsl
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\gameData.js
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\gameList.xsl
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\games.xsl
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\gametype.xsl
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\arrow-dn.gif
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\arrow-sml-drop.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\arrow-sml.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\arrow-up.gif
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\arrowr-bluew5.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\bg-aboutbox.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\bg-btnover.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\bg-pnl520x390.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-back.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-close-grey.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-close-greyover.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-drag.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-moredetails.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-next-over.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-next.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-previous-over.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-previous.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\bullet-orange.gif
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\gamethumb-on.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\gamethumb2-over.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\ico-calendar.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\ico-download.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\ico-joystick24.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\ico-news24.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\ico-play.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\ico-tags.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\icon-Add.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\icon-download.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\icon-Info.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\icon-play.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\icon-shop.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\menul-bgon.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\menul-bgover.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\panel-botm-noscroll.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scroll-bg-206.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scroll-bg.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scroll-topwin.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollb-disable.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollb-down.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollb-over.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollb.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollt-disable.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollt-down.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollt-over.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollt.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\searchbox-pnlbtm.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\star_x_grey.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\star_x_orange.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\TRUSTe_about.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\view-detailed-on.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\view-detailed-over.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\view-thumb-on.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\view-thumb-over.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\widgets-square-16px.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\widgets-square-24px.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\widgets.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\initHTML.html
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\popupGames.html
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\popupHTML.html
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\popupRSS.html
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\popupWidgets.html
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\scroll.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\pop.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\css\manager.css
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\css\slider.css
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\bg-pnl.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\btn-close-grey.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\btn-close-greyover.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\collapsed_button.gif
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\expanded_button.gif
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\ico-playstation-down.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\ico-playstation-over.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\ico-playstation.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\ico-radio.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\music-note.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-btn-pause-on.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-btn-pause.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-btn-play-on.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-btn-play.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-eq-bg.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-eq-buffer.gif
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-eq-busy.gif
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-eq-off.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-eq-on.gif
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-eq-warning.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-options-design-on.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-options-design.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-options-on.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-options.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-volume-0.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-volume-1.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-volume-2.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-volume-3.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-volume-mute.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\scrollbar-handle.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\scrollbar-track.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\slider.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\slideron.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\track.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\managerpanel.html
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\volumeslider.html
c:\program files\whitesmoketoolbar\chrome\skin\lib\reload.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\remove.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\rename.gif
c:\program files\whitesmoketoolbar\chrome\skin\lib\resize-box.gif
c:\program files\whitesmoketoolbar\chrome\skin\lib\rss.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\rsschannelback.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\RSSLogo.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\rsstabdivider.gif
c:\program files\whitesmoketoolbar\chrome\skin\lib\scroll-left.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\scroll-right.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\search-go.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\search.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\text-ellipsis.xml
c:\program files\whitesmoketoolbar\chrome\skin\lib\throbber.gif
c:\program files\whitesmoketoolbar\chrome\skin\lib\toolbarsplitter.gif
c:\program files\whitesmoketoolbar\chrome\skin\lib\transparent_1px.gif
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_02.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_03.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_04.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_06.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_07.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_08.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_09.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_10.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_11.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_12.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_13.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_14.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_15.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_16.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_18.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_19.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_20.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_21.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\btn-close-grey.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\btn-close-greyover.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\close-hot.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\close-normal.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\loadingMid.gif
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\proxy.html
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\template.html
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\template.xml
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\templateFF.html
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\throbber.gif
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\icons\cond999.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\icons\icons.xml
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\icons\na-s.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\icons\na-t.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\icons\na.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\icons\weather.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\add.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\box-check.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm-over.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\ico-check.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\options-weather.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\over-blue.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\over-orange.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\popupWeather.css
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\popupWeather.html
c:\program files\whitesmoketoolbar\chrome\skin\lib\yahoo.png
c:\program files\whitesmoketoolbar\chrome\skin\lichen.gif
c:\program files\whitesmoketoolbar\chrome\skin\logo-about.png
c:\program files\whitesmoketoolbar\chrome\skin\logo-over.png
c:\program files\whitesmoketoolbar\chrome\skin\logo-separator.png
c:\program files\whitesmoketoolbar\chrome\skin\logo.png
c:\program files\whitesmoketoolbar\chrome\skin\mail.png
c:\program files\whitesmoketoolbar\chrome\skin\menuseparatorback.gif
c:\program files\whitesmoketoolbar\chrome\skin\modify-save.png
c:\program files\whitesmoketoolbar\chrome\skin\modify.png
c:\program files\whitesmoketoolbar\chrome\skin\modifyhot.png
c:\program files\whitesmoketoolbar\chrome\skin\music.png
c:\program files\whitesmoketoolbar\chrome\skin\namespacetoolbar.css
c:\program files\whitesmoketoolbar\chrome\skin\networkIcons_png
c:\program files\whitesmoketoolbar\chrome\skin\news.png
c:\program files\whitesmoketoolbar\chrome\skin\options\options-main.png
c:\program files\whitesmoketoolbar\chrome\skin\options\options-search.png
c:\program files\whitesmoketoolbar\chrome\skin\options\options-weather.png
c:\program files\whitesmoketoolbar\chrome\skin\options\options-widgets.png
c:\program files\whitesmoketoolbar\chrome\skin\orange.gif
c:\program files\whitesmoketoolbar\chrome\skin\pixsy.png
c:\program files\whitesmoketoolbar\chrome\skin\protect-id.png
c:\program files\whitesmoketoolbar\chrome\skin\relatedlinks.png
c:\program files\whitesmoketoolbar\chrome\skin\rss-collapse.png
c:\program files\whitesmoketoolbar\chrome\skin\rss-delete.png
c:\program files\whitesmoketoolbar\chrome\skin\rss-expand.png
c:\program files\whitesmoketoolbar\chrome\skin\rss-feed.png
c:\program files\whitesmoketoolbar\chrome\skin\rss-folder-remove.png
c:\program files\whitesmoketoolbar\chrome\skin\rss-folder-rename.png
c:\program files\whitesmoketoolbar\chrome\skin\rss-folder.png
c:\program files\whitesmoketoolbar\chrome\skin\rss-found.png
c:\program files\whitesmoketoolbar\chrome\skin\rss-reload.png
c:\program files\whitesmoketoolbar\chrome\skin\rss-subscribe.png
c:\program files\whitesmoketoolbar\chrome\skin\rss.png
c:\program files\whitesmoketoolbar\chrome\skin\rss_feed_icon_png
c:\program files\whitesmoketoolbar\chrome\skin\rssback.gif
c:\program files\whitesmoketoolbar\chrome\skin\rsstopback.gif
c:\program files\whitesmoketoolbar\chrome\skin\search-over.png
c:\program files\whitesmoketoolbar\chrome\skin\search.png
c:\program files\whitesmoketoolbar\chrome\skin\searchbar\searchbar-background-left.png
c:\program files\whitesmoketoolbar\chrome\skin\searchbar\searchbar-background-middle.png
c:\program files\whitesmoketoolbar\chrome\skin\searchbar\searchbar-background-right.png
c:\program files\whitesmoketoolbar\chrome\skin\settings.png
c:\program files\whitesmoketoolbar\chrome\skin\shopping.png
c:\program files\whitesmoketoolbar\chrome\skin\siteinfo.png
c:\program files\whitesmoketoolbar\chrome\skin\skin-bluelite.png
c:\program files\whitesmoketoolbar\chrome\skin\skin-bluesky.png
c:\program files\whitesmoketoolbar\chrome\skin\skin-grey.png
c:\program files\whitesmoketoolbar\chrome\skin\skin-lichen.png
c:\program files\whitesmoketoolbar\chrome\skin\skin-orange.png
c:\program files\whitesmoketoolbar\chrome\skin\skin-yellow.png
c:\program files\whitesmoketoolbar\chrome\skin\skin.xml
c:\program files\whitesmoketoolbar\chrome\skin\spain_png
c:\program files\whitesmoketoolbar\chrome\skin\technorati.png
c:\program files\whitesmoketoolbar\chrome\skin\throbber.gif
c:\program files\whitesmoketoolbar\chrome\skin\toolbarsplitter.png
c:\program files\whitesmoketoolbar\chrome\skin\translate.png
c:\program files\whitesmoketoolbar\chrome\skin\Translate_png
c:\program files\whitesmoketoolbar\chrome\skin\Translate_png_png
c:\program files\whitesmoketoolbar\chrome\skin\TRUSTe_about.png
c:\program files\whitesmoketoolbar\chrome\skin\TV_icon3_png
c:\program files\whitesmoketoolbar\chrome\skin\tvicon_png
c:\program files\whitesmoketoolbar\chrome\skin\tvIcons_png
c:\program files\whitesmoketoolbar\chrome\skin\usa_png
c:\program files\whitesmoketoolbar\chrome\skin\vmn.css
c:\program files\whitesmoketoolbar\chrome\skin\vmn.png
c:\program files\whitesmoketoolbar\chrome\skin\web.png
c:\program files\whitesmoketoolbar\chrome\skin\whtsmke_logo_png
c:\program files\whitesmoketoolbar\chrome\skin\whtsmke_logo_png_png
c:\program files\whitesmoketoolbar\chrome\skin\whtsmke_logo_png2_png
c:\program files\whitesmoketoolbar\chrome\skin\whtsmke_logo_png3_png
c:\program files\whitesmoketoolbar\chrome\skin\whtsmke_logo_png4_png
c:\program files\whitesmoketoolbar\chrome\skin\whtsmke_logo_png5_png
c:\program files\whitesmoketoolbar\chrome\skin\wikipedia.png
c:\program files\whitesmoketoolbar\chrome\skin\yahoosearch.png
c:\program files\whitesmoketoolbar\chrome\skin\yellow.gif
c:\program files\whitesmoketoolbar\chrome\skin\youtube.png
c:\program files\whitesmoketoolbar\chrome\skin\zoom.png
c:\program files\whitesmoketoolbar\components\windowmediator.js
c:\program files\whitesmoketoolbar\manifest.xml
c:\program files\whitesmoketoolbar\toolbar.xml
c:\program files\whitesmoketoolbar\uninstall.exe
c:\program files\whitesmoketoolbar\whitesmoketoolbar.dll
c:\program files\whitesmoketoolbar\whitesmoketoolbarX.dll
c:\windows\system32\bszip.dll
c:\windows\system32\twunk_32.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4
-------\Service_6to4


((((((((((((((((((((((((( Files Created from 2011-01-23 to 2011-02-23 )))))))))))))))))))))))))))))))
.

2011-02-23 06:59 . 2011-02-23 06:59 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2011-02-22 17:57 . 2011-02-22 17:57 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2011-02-22 15:55 . 2011-02-22 15:55 -------- d-----w- c:\program files\Drop Down Deals
2011-02-22 15:55 . 2011-02-22 15:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Tarma Installer
2011-02-22 15:55 . 2011-02-22 15:55 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-02-22 15:55 . 2011-02-22 15:55 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2011-02-22 15:53 . 2011-02-22 15:53 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-02-21 11:56 . 2011-02-21 11:56 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-02-21 04:36 . 2011-02-21 04:36 1409 ----a-w- c:\windows\QTFont.for
2011-02-21 00:09 . 2011-02-21 11:40 0 ----a-w- c:\windows\Rjugedawevev.bin
2011-02-20 04:38 . 2011-02-20 04:38 -------- d-sh--w- c:\documents and settings\NetworkService\UserData
2011-02-19 13:14 . 2011-02-19 15:55 -------- d-----w- c:\documents and settings\All Users\Application Data\kAcIcOk05200
2011-02-19 13:14 . 2011-02-19 13:14 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-02-18 21:08 . 2011-02-21 17:07 -------- d-----w- c:\program files\Yontoo Layers Client
2011-02-15 19:15 . 2011-02-15 19:15 -------- d-----w- c:\documents and settings\All Users\eBay
2011-02-09 19:40 . 2011-02-09 19:40 49152 ----a-r- c:\windows\system32\inetwh32.dll
2011-02-09 19:40 . 2011-02-09 19:40 1044480 ----a-r- c:\windows\system32\roboex32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 14:44 . 2004-08-11 23:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2004-08-11 23:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2004-08-11 23:00 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2004-08-11 23:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59 . 2004-08-11 23:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59 . 2004-08-11 23:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59 . 2004-08-11 23:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-20 23:09 . 2009-09-04 13:15 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 23:08 . 2009-09-04 13:15 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-20 17:26 . 2004-08-11 23:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2004-08-11 23:00 385024 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15 . 2004-08-11 23:00 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30 . 2004-08-11 23:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:38 . 2004-08-11 23:00 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07 . 2004-08-04 04:59 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-12-03 15:06 . 2010-12-03 15:06 685913 ----a-w- c:\windows\unins000.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2011-02-17 20:49 191488 ------w- c:\program files\Drop Down Deals\YontooIEClient.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb12.exe" [2004-12-14 176128]
"DLPSP"="c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE" [2005-01-13 126976]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-29 413696]

c:\documents and settings\INNEROFFICE\Start Menu\Programs\Startup\
Eagle Listener.lnk - c:\3apps\Catapult\3listen.exe [2006-4-27 573440]
Eagle Scheduler.lnk - c:\3apps\Catapult\Sched.exe [2006-4-27 745472]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=c:\windows\pss\HotSync Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ymetray.lnk
backup=c:\windows\pss\ymetray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^INNEROFFICE^Start Menu^Programs^Startup^Gear Player.lnk]
path=c:\documents and settings\INNEROFFICE\Start Menu\Programs\Startup\Gear Player.lnk
backup=c:\windows\pss\Gear Player.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-09-11 04:43 67488 ----a-w- c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MVS Splash]
2010-10-14 20:25 476480 ----a-w- c:\program files\McAfee\Managed VirusScan\DesktopUI\XTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 21:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\McAfee\\Managed VirusScan\\Agent\\myAgtSvc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"59152:UDP"= 59152:UDP:SonicWALL Anti-Virus Compliance Port 59152
"59153:UDP"= 59153:UDP:SonicWALL Anti-Virus Compliance Port 59153

R2 DLSDB;Dell Printer Status Database;c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe [5/1/2006 1:37 PM 135168]
R2 EngineServer;EngineServer;c:\program files\McAfee\Managed VirusScan\VScan\EngineServer.exe [8/18/2010 10:33 AM 14144]
R2 myAgtSvc;McAfee Virus and Spyware Protection Service;c:\program files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [1/13/2011 10:54 PM 282824]
R2 SWAGENT;SonicWALL Agent Service;c:\program files\McAfee\Managed VirusScan\Agent\swAgent.exe [8/18/2010 10:35 AM 202048]
S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\superas\SASDIFSV.SYS --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\superas\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\superas\SASKUTIL.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\superas\SASKUTIL.sys [?]
S3 QtsDongle;USB Software Key;c:\windows\system32\qtsusk.sys [2/18/2005 3:47 PM 10752]
S3 SASENUM;SASENUM;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\superas\SASENUM.SYS --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\superas\SASENUM.SYS [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
Trusted Zone: acehardware-acenet.com\ww1
Trusted Zone: acehardware-acenet.com\ww2
Trusted Zone: acehardware-aceonline.com
Trusted Zone: acehardware-eaglevision.com
Trusted Zone: acehardware-vendors.com
Trusted Zone: aceservices.com
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: acehardware-acenet.com
Trusted Zone: acehardware-aceonline.com
Trusted Zone: acehardware-eaglevision.com
Trusted Zone: acehardware-vendors.com
Trusted Zone: aceservices.com
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
TCP: {033975BD-A3EA-4715-B867-D0B7553AABC9} = 166.102.165.11,166.102.165.13
DPF: AceIESecuritySettings - hxxp://ww2.acehardware-acenet.com/Controls/AceIESecuritySettings.CAB
DPF: {238EC5B8-0BF5-11D5-826E-00010239321B} - hxxp://imagemax.aceservices.com/aspweb/Applets/OBXViewer.cab
DPF: {24B8CB65-C0D2-11D0-A523-444553540000} - hxxp://ww1.acehardware-acenet.com/ACENET/Controls/AceExpl/AceExpl.cab
DPF: {275E2FE0-7486-11D0-89D6-00A0C90C9B67} - hxxp://ww2.acehardware-acenet.com/ACENET/Controls/MCSi/McsiMenu.cab
DPF: {41F841C0-AE16-11D5-8817-0050DA6EF5E5} - hxxp://ww2.acehardware-acenet.com/ACENET/controls/FarPoint60/fpspr60.cab
DPF: {8BF1A503-001F-11D0-A296-00A0246497B9} - hxxp://ww1.acehardware-acenet.com/ACENET/Controls/ACENET/ACECTL.CAB
DPF: {F73BE1F4-82AA-4405-AB81-FAFB5A122359} - hxxp://stores.homestead.com/storeadmin/utilities/pssbedit.cab
DPF: {FB40C15D-4A00-4B22-BA87-B046910FB09D} - hxxp://76.92.232.9:8080/activex/WebViewer.cab
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp-HotSync - c:\program files\PalmSource\Desktop\HotSync.exe
MSConfigStartUp-YSearchProtection - c:\program files\Yahoo!\Search Protection\SearchProtection.exe
MSConfigStartUp-{0228e555-4f9c-4e35-a3ec-b109a192b4c2} - c:\program files\Google\Gmail Notifier\gnotify.exe
AddRemove-MVS - c:\progra~1\McAfee\MANAGE~1\Agent\myinx



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-23 11:42
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid32]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib]
@DACL=(02 0000)
@="{4509D3CC-B642-4745-B030-645B79522C6D}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1172)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MANAGE~1\VScan\McShield.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PSIService.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
c:\3apps\Catapult\APPIPC.exe
.
**************************************************************************
.
Completion time: 2011-02-23 11:53:22 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-23 16:53

Pre-Run: 45,519,265,792 bytes free
Post-Run: 45,888,000,000 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 9C19368DBF50321C1C131BE356E3F306

#9 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 21,126 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 23 February 2011 - 12:49 PM

Copy/paste the text in the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text.

KillAll::

File::
c:\program files\Drop Down Deals\YontooIEClient.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:
1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...


Posted Image

Drag CFScript.txt into ComboFix.exe


Then post the results log using Copy / Paste


Also please describe how your computer behaves at the moment.
Larry Tate
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#10 ashleykate7

ashleykate7

    New Member

  • Members
  • Pip
  • 7 posts

Posted 23 February 2011 - 02:01 PM

Computer seems to be running normally. No lag and seems to be acting ok. Here is the log info...


ComboFix 11-02-23.01 - INNEROFFICE 02/23/2011 13:37:13.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.260 [GMT -5:00]
Running from: c:\documents and settings\INNEROFFICE\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\INNEROFFICE\Desktop\CFScript.txt
AV: Total Protection for Small Business *Disabled/Updated* {8C354827-2F54-4E28-90DC-AD391E77808C}

FILE ::
"c:\program files\Drop Down Deals\YontooIEClient.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Drop Down Deals\YontooIEClient.dll

.
((((((((((((((((((((((((( Files Created from 2011-01-23 to 2011-02-23 )))))))))))))))))))))))))))))))
.

2011-02-23 06:59 . 2011-02-23 06:59 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2011-02-22 17:57 . 2011-02-22 17:57 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2011-02-22 15:55 . 2011-02-23 18:45 -------- d-----w- c:\program files\Drop Down Deals
2011-02-22 15:55 . 2011-02-22 15:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Tarma Installer
2011-02-22 15:55 . 2011-02-22 15:55 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-02-22 15:55 . 2011-02-22 15:55 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2011-02-22 15:53 . 2011-02-22 15:53 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-02-21 11:56 . 2011-02-21 11:56 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-02-21 04:36 . 2011-02-21 04:36 1409 ----a-w- c:\windows\QTFont.for
2011-02-21 00:09 . 2011-02-21 11:40 0 ----a-w- c:\windows\Rjugedawevev.bin
2011-02-20 04:38 . 2011-02-20 04:38 -------- d-sh--w- c:\documents and settings\NetworkService\UserData
2011-02-19 13:14 . 2011-02-19 15:55 -------- d-----w- c:\documents and settings\All Users\Application Data\kAcIcOk05200
2011-02-19 13:14 . 2011-02-19 13:14 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-02-18 21:08 . 2011-02-21 17:07 -------- d-----w- c:\program files\Yontoo Layers Client
2011-02-15 19:15 . 2011-02-15 19:15 -------- d-----w- c:\documents and settings\All Users\eBay
2011-02-09 19:40 . 2011-02-09 19:40 49152 ----a-r- c:\windows\system32\inetwh32.dll
2011-02-09 19:40 . 2011-02-09 19:40 1044480 ----a-r- c:\windows\system32\roboex32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 14:44 . 2004-08-11 23:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2004-08-11 23:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2004-08-11 23:00 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2004-08-11 23:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59 . 2004-08-11 23:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59 . 2004-08-11 23:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59 . 2004-08-11 23:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-20 23:09 . 2009-09-04 13:15 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 23:08 . 2009-09-04 13:15 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-20 17:26 . 2004-08-11 23:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2004-08-11 23:00 385024 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15 . 2004-08-11 23:00 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30 . 2004-08-11 23:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:38 . 2004-08-11 23:00 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07 . 2004-08-04 04:59 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-12-03 15:06 . 2010-12-03 15:06 685913 ----a-w- c:\windows\unins000.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb12.exe" [2004-12-14 176128]
"DLPSP"="c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE" [2005-01-13 126976]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-29 413696]

c:\documents and settings\INNEROFFICE\Start Menu\Programs\Startup\
Eagle Listener.lnk - c:\3apps\Catapult\3listen.exe [2006-4-27 573440]
Eagle Scheduler.lnk - c:\3apps\Catapult\Sched.exe [2006-4-27 745472]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=c:\windows\pss\HotSync Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ymetray.lnk
backup=c:\windows\pss\ymetray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^INNEROFFICE^Start Menu^Programs^Startup^Gear Player.lnk]
path=c:\documents and settings\INNEROFFICE\Start Menu\Programs\Startup\Gear Player.lnk
backup=c:\windows\pss\Gear Player.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-09-11 04:43 67488 ----a-w- c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MVS Splash]
2010-10-14 20:25 476480 ----a-w- c:\program files\McAfee\Managed VirusScan\DesktopUI\XTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 21:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\McAfee\\Managed VirusScan\\Agent\\myAgtSvc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"59152:UDP"= 59152:UDP:SonicWALL Anti-Virus Compliance Port 59152
"59153:UDP"= 59153:UDP:SonicWALL Anti-Virus Compliance Port 59153

R2 DLSDB;Dell Printer Status Database;c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe [5/1/2006 1:37 PM 135168]
R2 EngineServer;EngineServer;c:\program files\McAfee\Managed VirusScan\VScan\EngineServer.exe [8/18/2010 10:33 AM 14144]
R2 myAgtSvc;McAfee Virus and Spyware Protection Service;c:\program files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [1/13/2011 10:54 PM 282824]
R2 SWAGENT;SonicWALL Agent Service;c:\program files\McAfee\Managed VirusScan\Agent\swAgent.exe [8/18/2010 10:35 AM 202048]
S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\superas\SASDIFSV.SYS --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\superas\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\superas\SASKUTIL.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\superas\SASKUTIL.sys [?]
S3 QtsDongle;USB Software Key;c:\windows\system32\qtsusk.sys [2/18/2005 3:47 PM 10752]
S3 SASENUM;SASENUM;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\superas\SASENUM.SYS --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\superas\SASENUM.SYS [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
Trusted Zone: acehardware-acenet.com\ww1
Trusted Zone: acehardware-acenet.com\ww2
Trusted Zone: acehardware-aceonline.com
Trusted Zone: acehardware-eaglevision.com
Trusted Zone: acehardware-vendors.com
Trusted Zone: aceservices.com
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: acehardware-acenet.com
Trusted Zone: acehardware-aceonline.com
Trusted Zone: acehardware-eaglevision.com
Trusted Zone: acehardware-vendors.com
Trusted Zone: aceservices.com
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
TCP: {033975BD-A3EA-4715-B867-D0B7553AABC9} = 166.102.165.11,166.102.165.13
DPF: AceIESecuritySettings - hxxp://ww2.acehardware-acenet.com/Controls/AceIESecuritySettings.CAB
DPF: {238EC5B8-0BF5-11D5-826E-00010239321B} - hxxp://imagemax.aceservices.com/aspweb/Applets/OBXViewer.cab
DPF: {24B8CB65-C0D2-11D0-A523-444553540000} - hxxp://ww1.acehardware-acenet.com/ACENET/Controls/AceExpl/AceExpl.cab
DPF: {275E2FE0-7486-11D0-89D6-00A0C90C9B67} - hxxp://ww2.acehardware-acenet.com/ACENET/Controls/MCSi/McsiMenu.cab
DPF: {41F841C0-AE16-11D5-8817-0050DA6EF5E5} - hxxp://ww2.acehardware-acenet.com/ACENET/controls/FarPoint60/fpspr60.cab
DPF: {8BF1A503-001F-11D0-A296-00A0246497B9} - hxxp://ww1.acehardware-acenet.com/ACENET/Controls/ACENET/ACECTL.CAB
DPF: {F73BE1F4-82AA-4405-AB81-FAFB5A122359} - hxxp://stores.homestead.com/storeadmin/utilities/pssbedit.cab
DPF: {FB40C15D-4A00-4B22-BA87-B046910FB09D} - hxxp://76.92.232.9:8080/activex/WebViewer.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-23 13:49
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid32]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib]
@DACL=(02 0000)
@="{4509D3CC-B642-4745-B030-645B79522C6D}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3912)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MANAGE~1\VScan\McShield.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PSIService.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
c:\3apps\Catapult\APPIPC.exe
.
**************************************************************************
.
Completion time: 2011-02-23 13:57:51 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-23 18:57
ComboFix2.txt 2011-02-23 16:53

Pre-Run: 45,903,241,216 bytes free
Post-Run: 45,892,612,096 bytes free

- - End Of File - - 9BD55D4549AFF39E372F9294E6DF9E6C

#11 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 21,126 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 23 February 2011 - 02:31 PM

Good job Posted Image

The following will implement some cleanup procedures as well as reset System Restore points:

For XP:
  • Click START run
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

For Vista / Windows 7
  • Click START Search
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

If you used DeFogger
To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.


Here's my usual all clean post

To be on the safe side, I would also change all my passwords.

This infection appears to have been cleaned, but as the malware could be configured to run any program a remote attacker requires, it's impossible to be 100% sure that any machine is clean.


Log looks good :)


  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
    • Change the Download signed ActiveX controls to Prompt
    • Change the Download unsigned ActiveX controls to Disable
    • Change the Initialize and script ActiveX controls not marked as safe to Disable
    • Change the Installation of desktop items to Prompt
    • Change the Launching programs and files in an IFRAME to Prompt
    • Change the Navigate sub-frames across different domains to Prompt
    • When all these settings have been made, click on the OK button.
    • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week
    (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.
    Without a firewall your computer is succeptible to being hacked and taken over.
    I am very serious about this and see it happen almost every day with my clients.
    Simply using a Firewall in its default configuration can lower your risk greatly.

  • WOT , Web of Trust, As 'Googling' is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    Green to go
    Yellow for caution
    Red to stop
    WOT has an addon available for both Firefox and IE.


  • JAVA Click this link and click on the Free JAVA Download

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.
    This will ensure your computer has always the latest security updates available installed on your computer.
    If there are new updates to install, install them immediately, reboot your computer, and revisit the site
    until there are no more critical updates.

Only run one Anti-Virus and Firewall program.


I would suggest you read:
PC Safety and Security--What Do I Need?.
How to Prevent Malware:
Larry Tate
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#12 ashleykate7

ashleykate7

    New Member

  • Members
  • Pip
  • 7 posts

Posted 23 February 2011 - 03:35 PM

Everything is up and running smoothly. Thank you so much for your help. Have a great day!

Ashley

#13 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 21,126 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 23 February 2011 - 05:20 PM

You're more than welcome.
Glad we were able to help

Peace be with you Posted Image
Larry Tate
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#14 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 21,126 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 23 February 2011 - 05:20 PM

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.
Larry Tate
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users