Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1457
  • Last Modified:

Possible Malware infection removal equluxrq.sys infected

I need some serious help.  Have a customers PC that was highly infected.  We're to the point now that only Malwarebytes is finding 1 infected file.  It is located in C;\Windows\System32\drivers\ the filename is equluxrq.sys.  I selected to have malwarebytes remove it on reboot but the file keeps coming back.  I've also attempted to use the File Assassin tool to manually remove it, but when i do that i get the following error:  A device attached to the system is not functioning.  
  I rebooted the PC in safe mode and when i attempt to run or reinstall either malwarebytes or HiJackthis to remove the file in safe mode I am getting Runtime Error 481 Invalid Picture
I've also tried to manually take ownership and admin rights to this file but have continue to get the device error.
Any help would be greatly appreciated.
0
wcoil
Asked:
wcoil
  • 3
  • 3
  • 2
  • +3
1 Solution
 
Rob HutchinsonDesktop SupportCommented:
Did you try shutting off the system restore already?
0
 
Rob HutchinsonDesktop SupportCommented:
maybe try NOD32( http://www.eset.com ) or Kapreskys? ( http://usa.kaspersky.com )
0
 
heat_z0neCommented:
Another way is use LIVECD of WinPE or bart's PE , then boot with livecd remove file manually,
If u don't have liveCD ,you can use WinXp installation CD .select repair option ( Recovery console),
use command Attib -r -h -s file.name then Del File.name ( file.name  is your file)
still you have problem ,let us know i will give you more option

BOB
0
Cyber Threats to Small Businesses (Part 2)

The evolving cybersecurity landscape presents SMBs with a host of new threats to their clients, their data, and their bottom line. In part 2 of this blog series, learn three quick processes Webroot’s CISO, Gary Hayslip, recommends to help small businesses beat modern threats.

 
optomaCommented:
Slaving that hard drive in another machine and running scanners on it may help or for manual deletion of that rogue sys file.
Just make note of any detections in case legit system files are infected and removed, as they would have to be replaced for machine to boot correctly afterwards.
0
 
rpggamergirlCommented:
You can try other tools like OTL and OTS if you like.

Download OTS to your Desktop and double-click on it to extract the files. It will create a folder named OTS on your desktop.
http://oldtimer.geekstogo.com/OTS.exe

Open the OTS folder and double-click on OTS.exe to start the program. Make sure you close all other programs and don't use the PC while the scan runs.
Now click the Run Scan button on the toolbar. Make sure not to use the PC while the program is running or it will freeze.
When the scan is complete Notepad will open with the report file loaded in it.
Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and post the information back here in an attachment. I will review it when it comes in. The last line is < End of Report >, so make sure that is the last line in the attached report.



Or you can try this beta version of Combofix tool, we need to see the logfile.
NOTE: It is still a beta so use at your own risk

http://download.bleepingcomputer.com/sUBs/Beta/KittyFix.exe
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log and attach it in your next reply by pasting it in the "Code Snippet" or "Attach File" window.
Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

If needed, here's the Combofix tutorial which includes the installation of the Recovery Console:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
0
 
wcoilAuthor Commented:
sorry i didn't mention this before but the pc has win vista.  Where can i get BartPE?  i had it ages ago but cannot find the cd anywhere.  Will also try the OTS fix as well.
0
 
wcoilAuthor Commented:
here is the results of the OTS scan
[code]
OTS logfile created on: 12/18/2009 8:20:46 AM - Run 1
OTS by OldTimer - Version 3.1.11.0     Folder = C:\Windows\system32\config\systemprofile\Desktop
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.49 Gb Total Physical Memory | 1.04 Gb Available Physical Memory | 69.54% Memory free
3.23 Gb Paging File | 2.92 Gb Available in Paging File | 90.58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 103.29 Gb Total Space | 63.79 Gb Free Space | 61.76% Space Free | Partition Type: NTFS
Drive D: | 8.50 Gb Total Space | 3.65 Gb Free Space | 42.92% Space Free | Partition Type: NTFS
Drive E: | 0.31 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: BRYAN-PC
Current User Name: Andrew
Logged in as Administrator.
 
Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
 
[Processes - Safe List]
ots.exe -> C:\WINDOWS\System32\config\systemprofile\Desktop\OTS.exe -> [2009/12/18 08:20:11 | 00,534,528 | ---- | M] (OldTimer Tools)
explorer.exe -> C:\WINDOWS\explorer.exe -> [2009/05/02 08:56:38 | 02,927,104 | ---- | M] (Microsoft Corporation)
wmpnscfg.exe -> C:\Program Files\Windows Media Player\wmpnscfg.exe -> [2008/01/19 02:33:39 | 00,202,240 | ---- | M] (Microsoft Corporation)
 
[Modules - Safe List]
ots.exe -> C:\WINDOWS\System32\config\systemprofile\Desktop\OTS.exe -> [2009/12/18 08:20:11 | 00,534,528 | ---- | M] (OldTimer Tools)
comctl32.dll -> C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll -> [2008/01/19 02:26:34 | 01,684,480 | ---- | M] (Microsoft Corporation)
 
[Win32 Services - Safe List]
(Akamai) Akamai NetSession Interface [Auto | Stopped] -> C:/Program Files/Common Files/Akamai/rswin_3629.dll -> [2009/12/14 17:48:49 | 02,431,024 | ---- | M] ()
(AntiVirService) Avira AntiVir Guard [Auto | Stopped] -> C:\Program Files\Avira\AntiVir Desktop\avguard.exe -> [2009/07/21 14:34:33 | 00,185,089 | ---- | M] (Avira GmbH)
(AntiVirSchedulerService) Avira AntiVir Scheduler [Auto | Stopped] -> C:\Program Files\Avira\AntiVir Desktop\sched.exe -> [2009/05/13 16:48:22 | 00,108,289 | ---- | M] (Avira GmbH)
(WinDefend) Windows Defender [Auto | Stopped] -> C:\Program Files\Windows Defender\MpSvc.dll -> [2008/01/19 02:38:24 | 00,272,952 | ---- | M] (Microsoft Corporation)
(XAudioService) XAudioService [Auto | Stopped] -> C:\WINDOWS\System32\drivers\XAudio.exe -> [2007/06/29 08:11:16 | 00,386,560 | ---- | M] (Conexant Systems, Inc.)
(ose) Office Source Engine [On_Demand | Stopped] -> C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -> [2003/07/28 11:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation)
 
[Driver Services - Safe List]
(avgntflt) avgntflt [File_System | Auto | Stopped] -> C:\WINDOWS\System32\drivers\avgntflt.sys -> [2009/12/17 14:15:55 | 00,056,816 | ---- | M] (Avira GmbH)
(SASENUM) SASENUM [Kernel | On_Demand | Stopped] -> C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -> [2009/10/12 21:24:56 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
(SASDIFSV) SASDIFSV [Kernel | System | Stopped] -> C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -> [2009/10/12 21:24:54 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
(SASKUTIL) SASKUTIL [Kernel | System | Stopped] -> C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -> [2009/10/12 21:24:52 | 00,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
(ssmdrv) ssmdrv [Kernel | System | Stopped] -> C:\WINDOWS\System32\drivers\ssmdrv.sys -> [2009/05/11 10:12:24 | 00,028,520 | ---- | M] (Avira GmbH)
(avipbb) avipbb [Kernel | System | Stopped] -> C:\WINDOWS\System32\drivers\avipbb.sys -> [2009/03/30 10:33:07 | 00,096,104 | ---- | M] (Avira GmbH)
(avgio) avgio [Kernel | System | Stopped] -> C:\Program Files\Avira\AntiVir Desktop\avgio.sys -> [2009/02/13 12:35:05 | 00,011,608 | ---- | M] (Avira GmbH)
(RimUsb) BlackBerry Smartphone [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\drivers\RimUsb.sys -> [2008/04/16 14:51:56 | 00,022,784 | ---- | M] (Research In Motion Limited)
(igfx) igfx [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\drivers\igdkmd32.sys -> [2008/01/02 15:48:28 | 02,016,256 | ---- | M] (Intel Corporation)
(ialm) ialm [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\drivers\igdkmd32.sys -> [2008/01/02 15:48:28 | 02,016,256 | ---- | M] (Intel Corporation)
(XAudio) XAudio [Kernel | Auto | Stopped] -> C:\WINDOWS\System32\drivers\XAudio.sys -> [2007/06/29 08:11:02 | 00,008,704 | ---- | M] (Conexant Systems, Inc.)
(HSF_DPV) HSF_DPV [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\drivers\HSX_DPV.sys -> [2007/06/20 02:29:56 | 00,984,064 | ---- | M] (Conexant Systems, Inc.)
(HSXHWBS2) HSXHWBS2 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\drivers\HSXHWBS2.sys -> [2007/06/20 02:28:38 | 00,267,264 | ---- | M] (Conexant Systems, Inc.)
(winachsf) winachsf [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\drivers\HSX_CNXT.sys -> [2007/06/20 02:28:22 | 00,660,480 | ---- | M] (Conexant Systems, Inc.)
(ql2300) QLogic Fibre Channel Miniport Driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ql2300.sys -> [2006/11/02 04:51:45 | 00,900,712 | ---- | M] (QLogic Corporation)
(adp94xx) adp94xx [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adp94xx.sys -> [2006/11/02 04:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.)
(elxstor) elxstor [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\elxstor.sys -> [2006/11/02 04:51:34 | 00,316,520 | ---- | M] (Emulex)
(adpahci) adpahci [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adpahci.sys -> [2006/11/02 04:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.)
(uliahci) uliahci [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\uliahci.sys -> [2006/11/02 04:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.)
(iaStorV) Intel RAID Controller Vista [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iastorv.sys -> [2006/11/02 04:51:25 | 00,232,040 | ---- | M] (Intel Corporation)
(adpu320) adpu320 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adpu320.sys -> [2006/11/02 04:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.)
(ulsata2) ulsata2 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ulsata2.sys -> [2006/11/02 04:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.)
(vsmraid) vsmraid [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\vsmraid.sys -> [2006/11/02 04:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd)
(ql40xx) QLogic iSCSI Miniport Driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ql40xx.sys -> [2006/11/02 04:50:35 | 00,106,088 | ---- | M] (QLogic Corporation)
(UlSata) UlSata [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ulsata.sys -> [2006/11/02 04:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.)
(adpu160m) adpu160m [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adpu160m.sys -> [2006/11/02 04:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.)
(nvraid) nvraid [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\nvraid.sys -> [2006/11/02 04:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation)
(nfrd960) nfrd960 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\nfrd960.sys -> [2006/11/02 04:50:19 | 00,045,160 | ---- | M] (IBM Corporation)
(iirsp) iirsp [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iirsp.sys -> [2006/11/02 04:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH)
(SiSRaid4) SiSRaid4 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sisraid4.sys -> [2006/11/02 04:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems)
(nvstor) nvstor [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\nvstor.sys -> [2006/11/02 04:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation)
(aic78xx) aic78xx [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\djsvs.sys -> [2006/11/02 04:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.)
(arcsas) arcsas [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\arcsas.sys -> [2006/11/02 04:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.)
(LSI_SCSI) LSI_SCSI [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\lsi_scsi.sys -> [2006/11/02 04:50:10 | 00,065,640 | ---- | M] (LSI Logic)
(SiSRaid2) SiSRaid2 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sisraid2.sys -> [2006/11/02 04:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.)
(HpCISSs) HpCISSs [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\hpcisss.sys -> [2006/11/02 04:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company)
(arc) arc [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\arc.sys -> [2006/11/02 04:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.)
(iteraid) ITERAID_Service_Install [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iteraid.sys -> [2006/11/02 04:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.)
(iteatapi) ITEATAPI_Service_Install [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iteatapi.sys -> [2006/11/02 04:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.)
(LSI_SAS) LSI_SAS [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\lsi_sas.sys -> [2006/11/02 04:50:05 | 00,065,640 | ---- | M] (LSI Logic)
(Symc8xx) Symc8xx [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\symc8xx.sys -> [2006/11/02 04:50:05 | 00,035,944 | ---- | M] (LSI Logic)
(LSI_FC) LSI_FC [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\lsi_fc.sys -> [2006/11/02 04:50:04 | 00,065,640 | ---- | M] (LSI Logic)
(Sym_u3) Sym_u3 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sym_u3.sys -> [2006/11/02 04:50:03 | 00,034,920 | ---- | M] (LSI Logic)
(Mraid35x) Mraid35x [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\mraid35x.sys -> [2006/11/02 04:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation)
(Sym_hi) Sym_hi [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sym_hi.sys -> [2006/11/02 04:49:56 | 00,031,848 | ---- | M] (LSI Logic)
(megasas) megasas [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\megasas.sys -> [2006/11/02 04:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation)
(viaide) viaide [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\viaide.sys -> [2006/11/02 04:49:30 | 00,017,512 | ---- | M] (VIA Technologies, Inc.)
(cmdide) cmdide [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\cmdide.sys -> [2006/11/02 04:49:28 | 00,016,488 | ---- | M] (CMD Technology, Inc.)
(aliide) aliide [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\aliide.sys -> [2006/11/02 04:49:20 | 00,014,952 | ---- | M] (Acer Laboratories Inc.)
(Brserid) Brother MFC Serial Port Interface Driver (WDM) [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\brserid.sys -> [2006/11/02 03:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.)
(BrUsbSer) Brother MFC USB Serial WDM Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\brusbser.sys -> [2006/11/02 03:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.)
(BrFiltUp) Brother USB Mass-Storage Upper Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\brfiltup.sys -> [2006/11/02 03:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.)
(BrFiltLo) Brother USB Mass-Storage Lower Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\brfiltlo.sys -> [2006/11/02 03:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.)
(BrSerWdm) Brother WDM Serial driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\brserwdm.sys -> [2006/11/02 03:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.)
(BrUsbMdm) Brother MFC USB Fax Only Modem [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\brusbmdm.sys -> [2006/11/02 03:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.)
(ntrigdigi) N-trig HID Tablet Driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ntrigdigi.sys -> [2006/11/02 02:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies)
(NETw2v32) Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\drivers\NETw2v32.sys -> [2006/11/02 02:30:56 | 02,589,184 | ---- | M] (Intel® Corporation)
(yukonwlh) NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\drivers\yk60x86.sys -> [2006/11/02 02:30:56 | 00,194,048 | ---- | M] (Marvell)
(E1G60) Intel(R) PRO/1000 NDIS 6 Adapter Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\drivers\E1G60I32.sys -> [2006/11/02 02:30:54 | 00,117,760 | ---- | M] (Intel Corporation)
(secdrv) Security Driver [Kernel | Auto | Stopped] -> C:\WINDOWS\System32\drivers\secdrv.sys -> [2006/11/02 01:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(E100B) Intel(R) PRO Network Connection Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\drivers\e100b325.sys -> [2006/10/31 17:15:24 | 00,165,760 | ---- | M] (Intel Corporation)
(mdmxsdk) mdmxsdk [Kernel | Auto | Stopped] -> C:\WINDOWS\System32\drivers\mdmxsdk.sys -> [2006/06/19 05:26:58 | 00,012,672 | ---- | M] (Conexant)
 
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T3604 -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> 
HKEY_CURRENT_USER\: "ProxyOverride" -> <local> -> 
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions ->  -> 
HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions ->  -> 
HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2009/11/05 22:08:22 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2009/12/15 20:51:23 | 00,000,000 | ---D | M]
< FireFox Extensions [User Folders] > -> 
< FireFox Extensions [Program Folders] > -> 
  -> C:\Program Files\Mozilla Firefox\extensions -> [2009/06/23 17:43:09 | 00,000,000 | ---D | M]
< HOSTS File > (28258 bytes and 1662 lines) -> C:\WINDOWS\System32\drivers\etc\hosts -> 
First 25 entries...
Reset Hosts
127.0.0.1       localhost
0.0.0.0 166.82.
0.0.0.0 193.69.
0.0.0.0 200.89.
0.0.0.0 212.113
0.0.0.0 213.219
0.0.0.0 213.248
0.0.0.0 216.200
0.0.0.0 221.82.
0.0.0.0 24.77.2
0.0.0.0 62.146.
0.0.0.0 63.210.
0.0.0.0 64.184.
0.0.0.0 68.116.
0.0.0.0 69.31.4
0.0.0.0 70.242.
0.0.0.0 71.206.
0.0.0.0 76.187.
0.0.0.0 76.217.
0.0.0.0 76.30.2
0.0.0.0 82.238.
0.0.0.0 82.77.4
0.0.0.0 84.53.1
0.0.0.0 84.53.1
< RunOnce [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> 
"" ->  [] -> File not found
"GrpConv" -> C:\Windows\System32\grpconv.exe [grpconv -o] -> [2006/11/02 04:45:12 | 00,016,896 | ---- | M] (Microsoft Corporation)
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main
\Main\\"DisableFirstRunCustomize" ->  [1] -> File not found
< Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDrives" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"EnableLUA" ->  [0] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} [HKLM] -> C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll [Menu: Sun Java Console] -> [2009/05/02 09:33:49 | 00,132,744 | ---- | M] (Sun Microsystems, Inc.)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
DhcpNameServer -> 65.17.128.3 65.17.128.7 -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{51FD6D2C-A164-4B5A-83A6-7A0CD593492C}\\DhcpNameServer -> 65.17.128.3 65.17.128.7   (Intel(R) PRO/100 VE Network Connection) -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> C:\Windows\explorer.exe -> [2009/05/02 08:56:38 | 02,927,104 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
!SASWinLogon -> C:\Program Files\SUPERAntiSpyware\SASWINLO.dll -> [2009/09/03 15:21:42 | 00,548,352 | ---- | M] (SUPERAntiSpyware.com)
igfxcui -> C:\Windows\System32\igfxdev.dll -> [2008/01/02 15:33:36 | 00,200,704 | ---- | M] (Intel Corporation)
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" [HKLM] -> C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [] -> [2008/05/13 10:13:36 | 00,077,824 | ---- | M] (SuperAdBlocker.com)
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}" [HKLM] -> Reg Error: Key error. [] -> File not found
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
"C:\Program Files\BitTorrent\bittorrent.exe" -> C:\Program Files\BitTorrent\bittorrent.exe [C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent] -> File not found
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" ->  [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > ->  -> 
C:\autoexec.bat [REM Dummy file for NTVDM | ] -> C:\autoexec.bat [ NTFS ] -> [2006/09/18 16:43:36 | 00,000,024 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
comfile [open] -> "%1" %* -> 
exefile [open] -> "%1" %* -> 
 
 
[Files/Folders - Created Within 30 Days]
 Documents -> C:\Windows\system32\config\systemprofile\Documents -> [2009/12/18 08:20:04 | 00,000,000 | R--D | C]
 temp -> C:\Windows\temp -> [2009/12/17 21:00:17 | 00,000,000 | ---D | C]
 Trend Micro -> C:\Program Files\Trend Micro -> [2009/12/16 17:40:39 | 00,000,000 | ---D | C]
 Sun -> C:\Windows\Sun -> [2009/12/16 15:30:15 | 00,000,000 | ---D | C]
 Wise Installation Wizard -> C:\Program Files\Common Files\Wise Installation Wizard -> [2009/12/16 14:18:26 | 00,000,000 | ---D | C]
 mbamswissarmy.sys -> C:\Windows\System32\drivers\mbamswissarmy.sys -> [2009/12/16 14:16:28 | 00,038,224 | ---- | C] (Malwarebytes Corporation)
 mbam.sys -> C:\Windows\System32\drivers\mbam.sys -> [2009/12/16 14:16:17 | 00,019,160 | ---- | C] (Malwarebytes Corporation)
 Malwarebytes' Anti-Malware -> C:\Program Files\Malwarebytes' Anti-Malware -> [2009/12/16 14:16:16 | 00,000,000 | ---D | C]
 CCleaner -> C:\Program Files\CCleaner -> [2009/12/16 14:15:55 | 00,000,000 | ---D | C]
 avipbb.sys -> C:\Windows\System32\drivers\avipbb.sys -> [2009/12/16 14:14:27 | 00,096,104 | ---- | C] (Avira GmbH)
 avgntflt.sys -> C:\Windows\System32\drivers\avgntflt.sys -> [2009/12/16 14:14:27 | 00,056,816 | ---- | C] (Avira GmbH)
 ssmdrv.sys -> C:\Windows\System32\drivers\ssmdrv.sys -> [2009/12/16 14:14:27 | 00,028,520 | ---- | C] (Avira GmbH)
 Avira -> C:\ProgramData\Avira -> [2009/12/16 14:14:23 | 00,000,000 | ---D | C]
 Avira -> C:\Program Files\Avira -> [2009/12/16 14:14:23 | 00,000,000 | ---D | C]
 Favorites -> C:\Windows\system32\config\systemprofile\Favorites -> [2009/12/15 18:17:41 | 00,000,000 | R--D | C]
 Desktop -> C:\Windows\system32\config\systemprofile\Desktop -> [2009/12/15 18:17:36 | 00,000,000 | R--D | C]
 acad.exe -> C:\acad.exe -> [2009/12/15 18:17:09 | 00,043,008 | ---- | C] (Mozilla Foundation)
 igfxres.dll -> C:\Windows\System32\igfxres.dll -> [2009/12/15 18:06:44 | 00,172,032 | ---- | C] (Intel Corporation)
 Akamai -> C:\Program Files\Common Files\Akamai -> [2009/12/14 17:48:17 | 00,000,000 | ---D | C]
 Config.Msi -> C:\Config.Msi -> [2009/12/12 18:17:58 | 00,000,000 | -HSD | C]
 Config.Msi -> \Config.Msi -> [2009/12/12 18:17:58 | 00,000,000 | -HSD | C]
 ieapfltr.dll -> C:\Windows\System32\ieapfltr.dll -> [2009/12/10 00:36:30 | 00,380,928 | ---- | C] (Microsoft Corporation)
 iedkcs32.dll -> C:\Windows\System32\iedkcs32.dll -> [2009/12/10 00:36:28 | 00,389,120 | ---- | C] (Microsoft Corporation)
 msfeeds.dll -> C:\Windows\System32\msfeeds.dll -> [2009/12/10 00:36:27 | 00,458,240 | ---- | C] (Microsoft Corporation)
 ieaksie.dll -> C:\Windows\System32\ieaksie.dll -> [2009/12/10 00:36:26 | 00,230,400 | ---- | C] (Microsoft Corporation)
 mstime.dll -> C:\Windows\System32\mstime.dll -> [2009/12/10 00:36:25 | 00,671,232 | ---- | C] (Microsoft Corporation)
 html.iec -> C:\Windows\System32\html.iec -> [2009/12/10 00:36:25 | 00,389,632 | ---- | C] (Microsoft Corporation)
 ieencode.dll -> C:\Windows\System32\ieencode.dll -> [2009/12/10 00:36:25 | 00,078,336 | ---- | C] (Microsoft Corporation)
 ieUnatt.exe -> C:\Windows\System32\ieUnatt.exe -> [2009/12/10 00:36:25 | 00,026,624 | ---- | C] (Microsoft Corporation)
 mshtml.tlb -> C:\Windows\System32\mshtml.tlb -> [2009/12/10 00:36:24 | 01,383,424 | ---- | C] (Microsoft Corporation)
 jsproxy.dll -> C:\Windows\System32\jsproxy.dll -> [2009/12/10 00:36:24 | 00,028,160 | ---- | C] (Microsoft Corporation)
 raschap.dll -> C:\Windows\System32\raschap.dll -> [2009/12/10 00:35:35 | 00,281,600 | ---- | C] (Microsoft Corporation)
 rastls.dll -> C:\Windows\System32\rastls.dll -> [2009/12/10 00:35:35 | 00,244,224 | ---- | C] (Microsoft Corporation)
 PX Storage Engine -> C:\Program Files\Common Files\PX Storage Engine -> [2009/12/08 14:11:08 | 00,000,000 | ---D | C]
 tzres.dll -> C:\Windows\System32\tzres.dll -> [2009/11/25 03:01:12 | 00,002,048 | ---- | C] (Microsoft Corporation)
 timedate.cpl -> C:\Windows\System32\timedate.cpl -> [2009/11/24 13:50:46 | 00,714,240 | ---- | C] (Microsoft Corporation)
 SBREDrv.sys -> C:\Windows\System32\drivers\SBREDrv.sys -> [2009/11/18 19:41:42 | 00,093,360 | ---- | C] (Sunbelt Software)
 1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> 
 
[Files/Folders - Modified Within 30 Days]
 equluxrq.sys -> C:\Windows\System32\drivers\equluxrq.sys -> [2009/12/18 08:22:37 | 00,722,432 | ---- | M] ()
 system.ini -> C:\Windows\system.ini -> [2009/12/17 20:57:38 | 00,000,215 | ---- | M] ()
 ntuser.dat{abaf5153-7601-11db-9612-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms -> C:\Windows\system32\config\systemprofile\ntuser.dat{abaf5153-7601-11db-9612-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms -> [2009/12/17 20:56:40 | 00,524,288 | -HS- | M] ()
 ntuser.dat -> C:\Windows\system32\config\systemprofile\ntuser.dat -> [2009/12/17 20:56:40 | 00,262,144 | ---- | M] ()
 ntuser.dat{abaf5153-7601-11db-9612-806e6f6e6963}.TM.blf -> C:\Windows\system32\config\systemprofile\ntuser.dat{abaf5153-7601-11db-9612-806e6f6e6963}.TM.blf -> [2009/12/17 20:56:40 | 00,065,536 | -HS- | M] ()
 perfh009.dat -> C:\Windows\System32\perfh009.dat -> [2009/12/17 20:03:06 | 00,597,602 | ---- | M] ()
 perfc009.dat -> C:\Windows\System32\perfc009.dat -> [2009/12/17 20:03:06 | 00,101,610 | ---- | M] ()
 PerfStringBackup.INI -> C:\Windows\System32\PerfStringBackup.INI -> [2009/12/17 20:03:05 | 00,694,964 | ---- | M] ()
 bootstat.dat -> C:\Windows\bootstat.dat -> [2009/12/17 19:58:37 | 00,067,584 | --S- | M] ()
 7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> [2009/12/17 19:57:27 | 00,004,672 | -H-- | M] ()
 7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> [2009/12/17 19:57:27 | 00,004,672 | -H-- | M] ()
 SA.DAT -> C:\Windows\tasks\SA.DAT -> [2009/12/17 19:57:19 | 00,000,006 | -H-- | M] ()
 avgntflt.sys -> C:\Windows\System32\drivers\avgntflt.sys -> [2009/12/17 14:15:55 | 00,056,816 | ---- | M] (Avira GmbH)
 plugin.dat -> C:\Windows\plugin.dat -> [2009/12/16 18:47:48 | 00,581,632 | ---- | M] ()
 sigabulu -> C:\Windows\System32\sigabulu -> [2009/12/16 18:39:34 | 00,011,168 | -H-- | M] ()
 SUPERAntiSpyware Free Edition.lnk -> C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk -> [2009/12/16 14:31:47 | 00,000,902 | ---- | M] ()
 Start AntiVir.lnk -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start AntiVir.lnk -> [2009/12/16 14:14:47 | 00,001,871 | ---- | M] ()
 Avira AntiVir Control Center.lnk -> C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk -> [2009/12/16 14:14:47 | 00,001,847 | ---- | M] ()
 FNTCACHE.DAT -> C:\Windows\System32\FNTCACHE.DAT -> [2009/12/15 21:26:30 | 02,267,064 | ---- | M] ()
 acad.exe -> C:\acad.exe -> [2009/12/15 18:17:10 | 00,043,008 | ---- | M] (Mozilla Foundation)
 mbamswissarmy.sys -> C:\Windows\System32\drivers\mbamswissarmy.sys -> [2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation)
 mbam.sys -> C:\Windows\System32\drivers\mbam.sys -> [2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation)
 SBREDrv.sys -> C:\Windows\System32\drivers\SBREDrv.sys -> [2009/11/18 19:41:40 | 00,093,360 | ---- | M] (Sunbelt Software)
 1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> 
 
[Files - No Company Name]
 Start AntiVir.lnk -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start AntiVir.lnk -> [2009/12/17 13:08:42 | 00,001,871 | ---- | C] ()
 vFind.exe -> C:\Windows\vFind.exe -> [2009/12/16 17:19:59 | 00,117,248 | ---- | C] ()
 SUPERAntiSpyware Free Edition.lnk -> C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk -> [2009/12/16 14:31:47 | 00,000,902 | ---- | C] ()
 Avira AntiVir Control Center.lnk -> C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk -> [2009/12/16 14:14:47 | 00,001,847 | ---- | C] ()
 plugin.dat -> C:\Windows\plugin.dat -> [2009/12/15 21:04:20 | 00,581,632 | ---- | C] ()
 aaw7boot.log -> \aaw7boot.log -> [2009/12/15 19:04:22 | 00,003,929 | ---- | C] ()
 equluxrq.sys -> C:\Windows\System32\drivers\equluxrq.sys -> [2009/12/15 18:18:11 | 00,722,432 | ---- | C] ()
 acad.exe -> \acad.exe -> [2009/12/15 18:17:09 | 00,043,008 | ---- | C] ()
 PICSDK.ini -> C:\Windows\System32\PICSDK.ini -> [2009/05/06 19:17:09 | 00,000,097 | ---- | C] ()
 ODBC.INI -> C:\Windows\ODBC.INI -> [2009/05/04 12:07:18 | 00,000,376 | ---- | C] ()
 igfxCoIn_v1409.dll -> C:\Windows\System32\igfxCoIn_v1409.dll -> [2008/01/02 15:57:36 | 00,147,456 | ---- | C] ()
 igfxCoIn_v1114.dll -> C:\Windows\System32\igfxCoIn_v1114.dll -> [2006/12/16 14:15:14 | 00,204,800 | ---- | C] ()
 GlobalUserInterface.CompositeFont -> C:\Windows\Fonts\GlobalUserInterface.CompositeFont -> [2006/11/02 07:35:51 | 00,030,808 | ---- | C] ()
 GlobalSerif.CompositeFont -> C:\Windows\Fonts\GlobalSerif.CompositeFont -> [2006/11/02 07:35:51 | 00,029,779 | ---- | C] ()
 GlobalSansSerif.CompositeFont -> C:\Windows\Fonts\GlobalSansSerif.CompositeFont -> [2006/11/02 07:35:51 | 00,026,489 | ---- | C] ()
 GlobalMonospace.CompositeFont -> C:\Windows\Fonts\GlobalMonospace.CompositeFont -> [2006/11/02 07:35:51 | 00,026,040 | ---- | C] ()
 pacerprf.ini -> C:\Windows\System32\pacerprf.ini -> [2006/11/02 02:40:29 | 00,013,750 | ---- | C] ()
 EPSPTDV.DLL -> C:\Windows\System32\EPSPTDV.DLL -> [2005/02/25 05:15:00 | 00,159,744 | ---- | C] ()
 OUTLPERF.INI -> C:\Windows\System32\OUTLPERF.INI -> [2003/01/07 14:05:08 | 00,002,695 | ---- | C] ()
< End of report >
[/code]

Open in new window

0
 
rpggamergirlCommented:

Start OTS. Copy/Paste the information below(bolded text) into the panel where it says "Paste fix here" and then click the Run Fix button.


[Kill All Processes]
[Unregister Dlls]
[Files/Folders - Modified Within 30 Days]
NY -> equluxrq.sys -> C:\Windows\System32\drivers\equluxrq.sys
NY -> sigabulu -> C:\Windows\System32\sigabulu
[Files - No Company Name]
NY -> equluxrq.sys -> C:\Windows\System32\drivers\equluxrq.sys
[Empty Temp Folders]
[Start Explorer]
[Reboot]


If the problem persists, try running the beta version of ComboFix.
0
 
Blue Street TechLast KnightsCommented:
Did the resotre opints fail? That would the your best bet.
0
 
wcoilAuthor Commented:
thanks for this suggestion.  i was able to get the malware removed using the OTS.
0
 
rpggamergirlCommented:
Glad to know it's been resolved.

Thanks!
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

  • 3
  • 3
  • 2
  • +3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now