Jump to content

wodeson

Members
  • Posts

    11
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Here is the latest MBytes full scan of my C: drive. Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Database version: v2012.02.15.03 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Administrator :: ANONYMOUS [administrator] 2/15/2012 7:46:51 PM mbam-log-2012-02-15 (19-46-51).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 204176 Time elapsed: 27 minute(s), 28 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 19 C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\33\7dc27821-143d030c (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\42\4b70b46a-7ab6e5c3 (Trojan.FakeMS) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\62\653533be-6d0575e7 (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{0B035B8E-E09E-44BE-A296-D2DEE4530CDA}\RP607\A0207928.exe (Adware.FunWeb) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{0B035B8E-E09E-44BE-A296-D2DEE4530CDA}\RP608\A0207934.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{0B035B8E-E09E-44BE-A296-D2DEE4530CDA}\RP608\A0207939.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{0B035B8E-E09E-44BE-A296-D2DEE4530CDA}\RP608\A0207940.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{0B035B8E-E09E-44BE-A296-D2DEE4530CDA}\RP608\A0207941.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{0B035B8E-E09E-44BE-A296-D2DEE4530CDA}\RP608\A0207942.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{0B035B8E-E09E-44BE-A296-D2DEE4530CDA}\RP625\A0209048.exe (Rogue.InternetSecurity) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{0B035B8E-E09E-44BE-A296-D2DEE4530CDA}\RP626\A0212273.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{0B035B8E-E09E-44BE-A296-D2DEE4530CDA}\RP626\A0212274.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\TDSSKiller_Quarantine\08.02.2012_20.11.46\mbr0000\tdlfs0000\tsk0009.dta (Rootkit.TDSS) -> Quarantined and deleted successfully. C:\TDSSKiller_Quarantine\08.02.2012_20.11.46\mbr0000\tdlfs0000\tsk0005.dta (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\TDSSKiller_Quarantine\08.02.2012_20.11.46\mbr0000\tdlfs0000\tsk0006.dta (Rootkit.TDSS) -> Quarantined and deleted successfully. C:\TDSSKiller_Quarantine\08.02.2012_20.11.46\mbr0000\tdlfs0000\tsk0007.dta (Rootkit.TDSS.64) -> Quarantined and deleted successfully. C:\TDSSKiller_Quarantine\08.02.2012_20.11.46\mbr0000\tdlfs0000\tsk0008.dta (Rootkit.TDSS) -> Quarantined and deleted successfully. C:\TDSSKiller_Quarantine\08.02.2012_20.11.46\mbr0000\tdlfs0000\tsk0010.dta (Rootkit.TDSS.64) -> Quarantined and deleted successfully. C:\TDSSKiller_Quarantine\08.02.2012_20.11.46\mbr0000\tdlfs0000\tsk0012.dta (Rootkit.TDSS.64) -> Quarantined and deleted successfully. (end)
  2. https://www.virustotal.com/file/fea73d4bd03eeb6976c41643286c3608b66047b03e46f6e7c47cca97f00307dd/analysis/1329235512/
  3. ComboFix 12-02-13.01 - Administrator 02/13/2012 16:05:28.3.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.275 [GMT 1:00] Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe . . ((((((((((((((((((((((((( Files Created from 2012-01-13 to 2012-02-13 ))))))))))))))))))))))))))))))) . . 2012-02-13 14:55 . 2001-08-17 11:52 23552 ----a-w- c:\windows\system32\dllcache\OLD24.tmp 2012-02-13 14:55 . 2008-04-13 22:16 48128 ----a-w- c:\windows\system32\dllcache\OLD20.tmp 2012-02-13 14:55 . 2008-04-13 22:10 12288 ----a-w- c:\windows\system32\dllcache\OLD1C.tmp 2012-02-13 14:54 . 2001-08-17 12:06 11264 ----a-w- c:\windows\system32\dllcache\OLD18.tmp 2012-02-13 14:54 . 2011-10-25 13:38 2148864 ----a-w- c:\windows\system32\dllcache\OLD14.tmp 2012-02-13 14:41 . 2001-08-17 11:52 23552 ----a-w- c:\windows\system32\dllcache\abp480n5.sys 2012-02-13 14:40 . 2008-04-13 22:16 48128 ----a-w- c:\windows\system32\dllcache\61883.sys 2012-02-13 14:40 . 2008-04-13 22:10 12288 ----a-w- c:\windows\system32\dllcache\4mmdat.sys 2012-02-13 14:40 . 2001-08-17 12:06 11264 ----a-w- c:\windows\system32\dllcache\1394vdbg.sys 2012-02-13 14:39 . 2012-02-13 14:55 -------- d-----w- c:\windows\LastGood 2012-02-13 14:39 . 2011-10-25 13:38 2148864 ----a-w- c:\windows\system32\dllcache\OLD4.tmp 2012-02-13 14:12 . 2012-02-13 14:12 -------- d-----w- c:\windows\system32\wbem\snmp 2012-02-13 14:11 . 2012-02-13 14:11 -------- d-----w- c:\windows\system32\xircom 2012-02-13 14:11 . 2012-02-13 14:11 -------- d-----w- c:\windows\system32\oobe 2012-02-13 14:11 . 2012-02-13 14:11 -------- d-----w- c:\program files\microsoft frontpage 2012-02-08 19:13 . 2012-02-08 19:13 -------- d-----w- C:\TDSSKiller_Quarantine 2012-02-08 13:28 . 2012-02-08 13:28 -------- d-----w- c:\windows\system32\wbem\Repository 2012-02-02 14:07 . 2012-02-07 20:01 -------- d-----w- c:\program files\GridinSoft Trojan Killer 2012-01-14 15:59 . 2012-01-14 16:51 -------- d-----w- c:\program files\PC Tools Security . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-12-10 14:24 . 2011-11-21 20:35 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-11-25 21:56 . 2009-02-13 06:27 293376 ----a-w- c:\windows\system32\winsrv.dll 2011-11-23 13:29 . 2009-02-13 06:27 1868544 ----a-w- c:\windows\system32\win32k.sys 2011-11-18 12:35 . 2008-04-14 11:00 60416 ----a-w- c:\windows\system32\packager.exe 2011-11-16 14:20 . 2009-02-13 06:26 152064 ----a-w- c:\windows\system32\schannel.dll 2011-11-16 14:20 . 2008-04-14 11:00 354816 ----a-w- c:\windows\system32\winhttp.dll 2012-01-08 15:29 . 2011-06-14 16:16 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2009-02-13 . 2547D2CF090AC7636898F16957EBCEDC . 502272 . . [1.0626.6002.16497] . . c:\windows\system32\usp10.dll . ((((((((((((((((((((((((((((( SnapShot@2012-02-08_22.04.35 ))))))))))))))))))))))))))))))))))))))))) . + 2011-04-18 21:51 . 2011-04-18 21:51 51024 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_4ddc769f\vcomp90.dll + 2011-04-18 21:51 . 2011-04-18 21:51 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90rus.dll + 2011-04-18 21:51 . 2011-04-18 21:51 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90kor.dll + 2011-04-18 21:51 . 2011-04-18 21:51 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90jpn.dll + 2011-04-18 21:51 . 2011-04-18 21:51 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90ita.dll + 2011-04-18 21:51 . 2011-04-18 21:51 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90fra.dll + 2011-04-18 21:51 . 2011-04-18 21:51 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90esp.dll + 2011-04-18 21:51 . 2011-04-18 21:51 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90esn.dll + 2011-04-18 21:51 . 2011-04-18 21:51 53584 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90enu.dll + 2011-04-18 21:51 . 2011-04-18 21:51 63312 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90deu.dll + 2011-04-18 21:51 . 2011-04-18 21:51 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90cht.dll + 2011-04-18 21:51 . 2011-04-18 21:51 35664 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90chs.dll + 2011-04-18 21:51 . 2011-04-18 21:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfcm90u.dll + 2011-04-18 21:51 . 2011-04-18 21:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfcm90.dll + 2012-02-13 14:12 . 2012-02-13 14:12 16384 c:\windows\Temp\Perflib_Perfdata_6a0.dat + 2008-04-14 11:00 . 2008-04-14 11:00 30749 c:\windows\system32\dllcache\vbajet32.dll + 2008-04-14 11:00 . 2008-04-14 11:00 25600 c:\windows\system32\dllcache\twunk_32.exe + 2008-04-14 11:00 . 2008-04-14 11:00 49680 c:\windows\system32\dllcache\twunk_16.exe + 2008-04-14 11:00 . 2008-04-14 11:00 25088 c:\windows\system32\dllcache\slayerxp.dll + 2009-02-13 06:26 . 2009-02-13 06:26 66048 c:\windows\system32\dllcache\shimeng.dll + 2008-04-14 11:00 . 2008-04-14 11:00 77312 c:\windows\system32\dllcache\sdbinst.exe + 2008-04-14 11:00 . 2008-04-14 11:00 64000 c:\windows\system32\dllcache\samlib.dll + 2008-04-14 11:00 . 2008-04-14 11:00 84992 c:\windows\system32\dllcache\olepro32.dll + 2009-09-25 21:36 . 2008-04-14 11:00 65536 c:\windows\system32\dllcache\oledb32r.dll + 2008-04-14 11:00 . 2008-04-14 11:00 20511 c:\windows\system32\dllcache\odtext32.dll + 2008-04-14 11:00 . 2008-04-14 11:00 20510 c:\windows\system32\dllcache\odpdx32.dll + 2008-04-14 11:00 . 2008-04-14 11:00 20510 c:\windows\system32\dllcache\odfox32.dll + 2008-04-14 11:00 . 2008-04-14 11:00 20510 c:\windows\system32\dllcache\odexl32.dll + 2008-04-14 11:00 . 2008-04-14 11:00 20511 c:\windows\system32\dllcache\oddbse32.dll + 2008-04-14 11:00 . 2008-04-14 11:00 53279 c:\windows\system32\dllcache\odbcji32.dll + 2008-04-14 11:00 . 2008-04-14 11:00 94208 c:\windows\system32\dllcache\odbcint.dll + 2008-04-14 11:00 . 2008-04-14 11:00 65536 c:\windows\system32\dllcache\odbccu32.dll + 2008-04-14 11:00 . 2008-04-14 11:00 65536 c:\windows\system32\dllcache\odbccr32.dll + 2008-04-14 11:00 . 2008-04-14 11:00 69632 c:\windows\system32\dllcache\odbcconf.exe + 2008-04-14 11:00 . 2008-04-14 11:00 32768 c:\windows\system32\dllcache\odbcad32.exe + 2008-04-14 11:00 . 2008-04-14 11:00 16384 c:\windows\system32\dllcache\odbc32gt.dll + 2008-04-14 11:00 . 2008-04-14 11:00 67584 c:\windows\system32\dllcache\ocmanage.dll + 2008-04-14 11:00 . 2008-04-14 11:00 64000 c:\windows\system32\dllcache\nwapi32.dll + 2008-04-14 11:00 . 2008-04-14 11:00 17408 c:\windows\system32\dllcache\nwapi16.dll + 2009-09-25 21:36 . 2008-04-14 11:00 10240 c:\windows\system32\dllcache\npwmsdrm.dll + 2009-02-13 06:26 . 2009-02-13 06:26 91776 c:\windows\system32\dllcache\ndiswan.sys + 2009-09-25 21:36 . 2008-04-14 11:00 24576 c:\windows\system32\dllcache\msxactps.dll + 2008-04-14 11:00 . 2008-04-14 11:00 61440 c:\windows\system32\dllcache\msvcrt40.dll + 2008-04-14 11:00 . 2008-04-14 11:00 60192 c:\windows\system32\dllcache\msjter40.dll + 2009-09-25 21:36 . 2008-04-14 11:00 36864 c:\windows\system32\dllcache\msdfmap.dll + 2009-09-25 21:36 . 2008-04-14 11:00 20480 c:\windows\system32\dllcache\msdatt.dll + 2009-09-25 21:36 . 2008-04-14 11:00 16384 c:\windows\system32\dllcache\msdasqlr.dll + 2009-09-25 21:36 . 2008-04-14 11:00 16384 c:\windows\system32\dllcache\msdaremr.dll + 2009-09-25 21:36 . 2008-04-14 11:00 16384 c:\windows\system32\dllcache\msdaprsr.dll + 2009-09-25 21:36 . 2008-04-14 11:00 77824 c:\windows\system32\dllcache\msdaosp.dll + 2008-04-14 11:00 . 2008-04-14 11:00 36864 c:\windows\system32\dllcache\mscpxl32.dll + 2009-09-25 21:36 . 2008-04-14 11:00 57344 c:\windows\system32\dllcache\msadrh15.dll + 2009-09-25 21:36 . 2008-04-14 11:00 57344 c:\windows\system32\dllcache\msador15.dll + 2009-09-25 21:36 . 2008-04-14 11:00 24576 c:\windows\system32\dllcache\msader15.dll + 2009-09-25 21:36 . 2008-04-14 11:00 24576 c:\windows\system32\dllcache\msaddsr.dll + 2009-09-25 21:36 . 2008-04-14 11:00 53248 c:\windows\system32\dllcache\msadcs.dll + 2009-09-25 21:36 . 2008-04-14 11:00 16384 c:\windows\system32\dllcache\msadcor.dll + 2009-09-25 21:36 . 2008-04-14 11:00 16384 c:\windows\system32\dllcache\msadcfr.dll + 2009-09-25 21:36 . 2008-04-14 11:00 61440 c:\windows\system32\dllcache\msadcf.dll + 2009-09-25 21:36 . 2008-04-14 11:00 20480 c:\windows\system32\dllcache\msadcer.dll + 2008-04-14 11:00 . 2008-04-14 11:00 22528 c:\windows\system32\dllcache\mfcsubs.dll + 2009-02-13 06:25 . 2009-02-13 06:25 11264 c:\windows\system32\dllcache\laprxy.dll - 2010-04-06 22:43 . 2011-11-04 19:20 25600 c:\windows\system32\dllcache\jsproxy.dll + 2009-02-13 06:25 . 2011-11-04 19:20 25600 c:\windows\system32\dllcache\jsproxy.dll + 2008-04-14 11:00 . 2008-04-14 11:00 75264 c:\windows\system32\dllcache\ipsec.sys + 2008-04-14 11:00 . 2008-04-14 11:00 36921 c:\windows\system32\dllcache\imeshare.dll + 2008-04-14 11:00 . 2008-04-14 11:00 16384 c:\windows\system32\dllcache\ds32gt.dll + 2008-04-14 11:00 . 2008-04-14 11:00 87040 c:\windows\system32\dllcache\drmstor.dll + 2008-04-14 11:00 . 2008-04-14 11:00 32768 c:\windows\system32\dllcache\dispex.dll + 2008-04-14 11:00 . 2008-04-14 11:00 39936 c:\windows\system32\dllcache\dimsroam.dll + 2008-04-14 11:00 . 2008-04-14 11:00 19456 c:\windows\system32\dllcache\dimsntfy.dll + 2008-04-14 11:00 . 2008-04-14 11:00 27136 c:\windows\system32\dllcache\ctl3d32.dll + 2008-04-14 11:00 . 2008-04-14 11:00 62464 c:\windows\system32\dllcache\cryptsvc.dll + 2008-04-14 11:00 . 2008-04-14 11:00 64512 c:\windows\system32\dllcache\cryptnet.dll + 2008-04-14 11:00 . 2008-04-14 11:00 53760 c:\windows\system32\dllcache\cryptext.dll + 2008-04-14 11:00 . 2008-04-14 11:00 33280 c:\windows\system32\dllcache\cryptdll.dll + 2008-04-14 11:00 . 2008-04-14 11:00 74752 c:\windows\system32\dllcache\cryptdlg.dll + 2008-04-14 11:00 . 2008-04-14 11:00 16896 c:\windows\system32\dllcache\cfgmgr32.dll + 2008-04-14 11:00 . 2008-04-14 11:00 62464 c:\windows\system32\dllcache\authz.dll + 2008-04-14 11:00 . 2008-04-14 11:00 14336 c:\windows\system32\dllcache\auditusr.exe + 2008-04-14 11:00 . 2008-04-14 11:00 42496 c:\windows\system32\dllcache\audiosrv.dll + 2008-04-14 11:00 . 2008-04-14 11:00 12288 c:\windows\system32\dllcache\attrib.exe + 2009-09-25 21:37 . 2008-04-14 11:00 11264 c:\windows\system32\dllcache\atrace.dll + 2008-04-14 11:00 . 2008-04-14 11:00 34816 c:\windows\system32\dllcache\atmpvcno.dll + 2008-04-14 11:00 . 2008-04-14 11:00 30208 c:\windows\system32\dllcache\atmlib.dll + 2008-04-14 11:00 . 2008-04-14 11:00 55808 c:\windows\system32\dllcache\atmlane.sys + 2008-04-14 11:00 . 2008-04-14 11:00 31360 c:\windows\system32\dllcache\atmepvc.sys + 2008-04-14 11:00 . 2008-04-14 11:00 59904 c:\windows\system32\dllcache\atmarpc.sys + 2008-04-14 11:00 . 2008-04-14 11:00 11264 c:\windows\system32\dllcache\atmadm.exe + 2008-04-14 11:00 . 2009-07-17 19:01 58880 c:\windows\system32\dllcache\atl.dll - 2010-03-08 13:36 . 2009-07-17 19:01 58880 c:\windows\system32\dllcache\atl.dll + 2008-04-14 11:00 . 2008-04-14 11:00 13312 c:\windows\system32\dllcache\atkctrs.dll + 2008-04-14 11:00 . 2008-04-13 23:10 96512 c:\windows\system32\dllcache\atapi.sys + 2008-04-14 11:00 . 2008-04-14 11:00 25088 c:\windows\system32\dllcache\at.exe + 2008-04-14 11:00 . 2008-04-14 11:00 14336 c:\windows\system32\dllcache\asyncmac.sys + 2008-04-14 11:00 . 2010-03-05 14:37 65536 c:\windows\system32\dllcache\asycfilt.dll - 2010-06-09 04:46 . 2010-03-05 14:37 65536 c:\windows\system32\dllcache\asycfilt.dll + 2008-04-14 11:00 . 2008-04-14 11:00 32768 c:\windows\system32\dllcache\asr_pfu.exe + 2008-04-14 11:00 . 2008-04-14 11:00 32256 c:\windows\system32\dllcache\asr_ldm.exe + 2008-04-14 11:00 . 2008-04-14 11:00 30208 c:\windows\system32\dllcache\asr_fmt.exe + 2012-02-13 14:56 . 2001-08-17 11:51 14848 c:\windows\system32\dllcache\asc3550.sys + 2012-02-13 14:56 . 2001-08-17 11:52 22400 c:\windows\system32\dllcache\asc3350p.sys + 2012-02-13 14:56 . 2001-08-17 11:52 26496 c:\windows\system32\dllcache\asc.sys + 2008-04-13 23:21 . 2009-02-13 06:38 60800 c:\windows\system32\dllcache\arp1394.sys + 2008-04-14 11:00 . 2008-04-14 11:00 19456 c:\windows\system32\dllcache\arp.exe + 2008-04-14 11:00 . 2008-04-14 11:00 12498 c:\windows\system32\dllcache\append.exe + 2008-04-14 11:00 . 2008-04-14 11:00 70656 c:\windows\system32\dllcache\amstream.dll + 2012-02-13 14:56 . 2001-08-17 11:52 12032 c:\windows\system32\dllcache\amsint.sys + 2008-04-13 23:01 . 2009-02-13 06:38 37760 c:\windows\system32\dllcache\amdk7.sys + 2008-04-13 23:01 . 2009-02-13 06:38 37376 c:\windows\system32\dllcache\amdk6.sys + 2012-02-13 14:56 . 2008-04-13 22:06 43008 c:\windows\system32\dllcache\amdagp.sys + 2008-04-14 11:00 . 2008-04-14 11:00 17408 c:\windows\system32\dllcache\alrsvc.dll + 2012-02-13 14:56 . 2008-04-13 22:06 42752 c:\windows\system32\dllcache\alim1541.sys + 2012-02-13 14:56 . 2001-08-17 11:49 26624 c:\windows\system32\dllcache\alifir.sys + 2008-04-14 11:00 . 2008-04-14 11:00 44544 c:\windows\system32\dllcache\alg.exe + 2012-02-13 14:56 . 2001-08-17 12:07 56960 c:\windows\system32\dllcache\aic78xx.sys + 2012-02-13 14:56 . 2001-08-17 12:07 55168 c:\windows\system32\dllcache\aic78u2.sys + 2008-04-14 11:00 . 2008-04-14 11:00 98304 c:\windows\system32\dllcache\ahui.exe + 2012-02-13 14:56 . 2001-08-17 11:52 12800 c:\windows\system32\dllcache\aha154x.sys + 2008-04-14 11:00 . 2008-04-14 11:00 24064 c:\windows\system32\dllcache\agtintl.dll + 2008-04-14 11:00 . 2008-04-14 11:00 20480 c:\windows\system32\dllcache\agt0c0a.dll + 2008-04-14 11:00 . 2008-04-14 11:00 20992 c:\windows\system32\dllcache\agt0816.dll + 2009-09-25 23:23 . 2008-04-14 11:00 19456 c:\windows\system32\dllcache\agt0804.dll + 2009-09-25 23:21 . 2008-04-14 11:00 19456 c:\windows\system32\dllcache\agt041f.dll + 2008-04-14 11:00 . 2008-04-14 11:00 19456 c:\windows\system32\dllcache\agt041d.dll + 2009-09-25 23:21 . 2008-04-14 11:00 19456 c:\windows\system32\dllcache\agt0419.dll + 2008-04-14 11:00 . 2008-04-14 11:00 20480 c:\windows\system32\dllcache\agt0416.dll + 2009-09-25 23:21 . 2008-04-14 11:00 19456 c:\windows\system32\dllcache\agt0415.dll + 2008-04-14 11:00 . 2008-04-14 11:00 19456 c:\windows\system32\dllcache\agt0414.dll + 2008-04-14 11:00 . 2008-04-14 11:00 20992 c:\windows\system32\dllcache\agt0413.dll + 2009-09-25 23:23 . 2008-04-14 11:00 19456 c:\windows\system32\dllcache\agt0412.dll + 2009-09-25 23:23 . 2008-04-14 11:00 19456 c:\windows\system32\dllcache\agt0411.dll + 2008-04-14 11:00 . 2008-04-14 11:00 20992 c:\windows\system32\dllcache\agt0410.dll + 2009-09-25 23:21 . 2008-04-14 11:00 19968 c:\windows\system32\dllcache\agt040e.dll + 2009-09-25 23:23 . 2008-04-14 11:00 19456 c:\windows\system32\dllcache\agt040d.dll + 2008-04-14 11:00 . 2008-04-14 11:00 21504 c:\windows\system32\dllcache\agt040c.dll + 2008-04-14 11:00 . 2008-04-14 11:00 19456 c:\windows\system32\dllcache\agt040b.dll + 2008-04-14 11:00 . 2008-04-14 11:00 19968 c:\windows\system32\dllcache\agt0409.dll + 2009-09-25 23:21 . 2008-04-14 11:00 22016 c:\windows\system32\dllcache\agt0408.dll + 2008-04-14 11:00 . 2008-04-14 11:00 21504 c:\windows\system32\dllcache\agt0407.dll + 2008-04-14 11:00 . 2008-04-14 11:00 19456 c:\windows\system32\dllcache\agt0406.dll + 2009-09-25 23:21 . 2008-04-14 11:00 19456 c:\windows\system32\dllcache\agt0405.dll + 2009-09-25 23:23 . 2008-04-14 11:00 19456 c:\windows\system32\dllcache\agt0404.dll + 2009-09-25 23:23 . 2008-04-14 11:00 19456 c:\windows\system32\dllcache\agt0401.dll + 2012-02-13 14:56 . 2008-04-13 22:06 44928 c:\windows\system32\dllcache\agpcpq.sys + 2012-02-13 14:56 . 2008-04-13 22:06 42368 c:\windows\system32\dllcache\agp440.sys + 2008-04-14 11:00 . 2008-04-14 11:00 44032 c:\windows\system32\dllcache\agentsr.dll + 2008-04-14 11:00 . 2008-04-14 11:00 24064 c:\windows\system32\dllcache\agentpsh.dll + 2008-04-14 11:00 . 2008-04-14 11:00 49152 c:\windows\system32\dllcache\agentmpx.dll + 2008-04-14 11:00 . 2008-04-14 11:00 57344 c:\windows\system32\dllcache\agentdpv.dll + 2008-04-14 11:00 . 2008-04-14 11:00 42496 c:\windows\system32\dllcache\agentdp2.dll + 2008-04-14 11:00 . 2008-04-14 11:00 24064 c:\windows\system32\dllcache\agentanm.dll + 2009-02-13 06:25 . 2009-02-13 06:25 68096 c:\windows\system32\dllcache\adsmsext.dll + 2008-04-14 11:00 . 2008-04-14 11:00 26112 c:\windows\system32\dllcache\adptif.dll - 2009-03-08 02:32 . 2009-03-08 02:32 72704 c:\windows\system32\dllcache\admparse.dll + 2009-02-13 06:25 . 2009-03-08 02:32 72704 c:\windows\system32\dllcache\admparse.dll + 2008-04-14 11:00 . 2008-04-14 11:00 98304 c:\windows\system32\dllcache\actxprxy.dll + 2008-04-14 11:00 . 2008-04-14 11:00 11648 c:\windows\system32\dllcache\acpiec.sys + 2008-04-14 11:00 . 2008-04-14 11:00 25600 c:\windows\system32\dllcache\aaaamon.dll + 2009-02-13 06:25 . 2009-02-13 06:25 53504 c:\windows\system32\dllcache\1394bus.sys + 2012-02-13 14:55 . 2001-08-17 11:52 23552 c:\windows\LastGood\system32\dllcache\abp480n5.sys + 2012-02-13 14:55 . 2008-04-13 22:16 48128 c:\windows\LastGood\system32\dllcache\61883.sys + 2012-02-13 14:55 . 2008-04-13 22:10 12288 c:\windows\LastGood\system32\dllcache\4mmdat.sys + 2012-02-13 14:54 . 2001-08-17 12:06 11264 c:\windows\LastGood\system32\dllcache\1394vdbg.sys + 2008-04-14 11:00 . 2008-04-14 11:00 9728 c:\windows\system32\dllcache\sfc.exe + 2008-04-14 11:00 . 2008-04-14 11:00 5120 c:\windows\system32\dllcache\sfc.dll + 2008-04-14 11:00 . 2008-04-14 11:00 4569 c:\windows\system32\dllcache\secupd.dat + 2008-04-14 11:00 . 2008-04-14 11:00 3584 c:\windows\system32\dllcache\riched32.dll + 2008-04-14 11:00 . 2008-04-14 11:00 4463 c:\windows\system32\dllcache\oembios.dat + 2008-04-14 11:00 . 2008-04-14 11:00 4608 c:\windows\system32\dllcache\mssip32.dll + 2008-04-14 11:00 . 2008-04-14 11:00 4126 c:\windows\system32\dllcache\msdxmlc.dll + 2009-09-25 21:36 . 2008-04-14 11:00 4096 c:\windows\system32\dllcache\msdaurl.dll + 2009-09-25 21:36 . 2008-04-14 11:00 4096 c:\windows\system32\dllcache\msdasc.dll + 2009-09-25 21:36 . 2008-04-14 11:00 4096 c:\windows\system32\dllcache\msdaer.dll + 2009-09-25 21:36 . 2008-04-14 11:00 4096 c:\windows\system32\dllcache\msdaenum.dll + 2009-09-25 21:36 . 2008-04-14 11:00 4096 c:\windows\system32\dllcache\msdadc.dll + 2009-09-25 21:36 . 2008-04-14 11:00 4639 c:\windows\system32\dllcache\mplayer2.exe + 2008-04-14 11:00 . 2008-04-14 11:00 6144 c:\windows\system32\dllcache\kbdpash.dll + 2008-04-14 11:00 . 2008-04-14 11:00 6144 c:\windows\system32\dllcache\kbdnepr.dll + 2008-04-14 11:00 . 2008-04-14 11:00 6144 c:\windows\system32\dllcache\kbdiultn.dll + 2008-04-14 11:00 . 2008-04-14 11:00 6144 c:\windows\system32\dllcache\kbdbhc.dll + 2009-09-25 21:36 . 2008-04-14 11:00 7168 c:\windows\system32\dllcache\bitsprx4.dll + 2009-09-25 23:30 . 2001-08-17 12:59 3072 c:\windows\system32\dllcache\audstub.sys + 2009-02-13 06:25 . 2009-02-13 06:25 7168 c:\windows\system32\dllcache\asferror.dll + 2012-02-13 14:56 . 2001-08-17 11:47 6272 c:\windows\system32\dllcache\apmbatt.sys + 2008-04-14 11:00 . 2008-04-14 11:00 9029 c:\windows\system32\dllcache\ansi.sys + 2012-02-13 14:56 . 2001-08-17 11:51 5248 c:\windows\system32\dllcache\aliide.sys + 2008-04-14 11:00 . 2008-04-14 11:00 4096 c:\windows\system32\dllcache\actmovie.exe + 2011-04-18 21:51 . 2011-04-18 21:51 653136 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll + 2011-04-18 21:51 . 2011-04-18 21:51 569680 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll + 2011-04-18 21:51 . 2011-04-18 21:51 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcm90.dll + 2011-04-18 21:51 . 2011-04-18 21:51 159048 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_92453bb7\atl90.dll + 2009-02-13 06:33 . 2008-06-20 11:59 361600 c:\windows\system32\drivers\tcpip.sys - 2009-02-13 06:33 . 2009-02-13 06:33 361600 c:\windows\system32\drivers\tcpip.sys + 2009-02-13 06:27 . 2009-12-24 06:42 178176 c:\windows\system32\dllcache\wintrust.dll - 2010-05-02 23:30 . 2009-12-24 06:42 178176 c:\windows\system32\dllcache\wintrust.dll + 2009-02-13 06:27 . 2009-02-13 06:27 507904 c:\windows\system32\dllcache\winlogon.exe - 2010-04-06 22:43 . 2011-11-04 19:20 916992 c:\windows\system32\dllcache\wininet.dll + 2009-02-13 06:27 . 2011-11-04 19:20 916992 c:\windows\system32\dllcache\wininet.dll - 2010-05-02 23:42 . 2011-03-04 06:37 420864 c:\windows\system32\dllcache\vbscript.dll + 2009-02-13 06:27 . 2011-03-04 06:37 420864 c:\windows\system32\dllcache\vbscript.dll - 2010-04-06 22:43 . 2011-11-04 19:20 105984 c:\windows\system32\dllcache\url.dll + 2009-02-13 06:27 . 2011-11-04 19:20 105984 c:\windows\system32\dllcache\url.dll + 2009-02-13 06:27 . 2009-02-13 06:27 317440 c:\windows\system32\dllcache\unregmp2.exe + 2009-02-13 06:27 . 2009-02-13 06:27 123392 c:\windows\system32\dllcache\umpnpmgr.dll + 2008-04-14 11:00 . 2008-04-14 11:00 177856 c:\windows\system32\dllcache\typelib.dll + 2008-04-14 11:00 . 2008-04-14 11:00 106496 c:\windows\system32\dllcache\sysocmgr.exe - 2010-03-08 13:36 . 2009-08-26 08:03 247326 c:\windows\system32\dllcache\strmdll.dll + 2009-02-13 06:26 . 2009-08-26 08:03 247326 c:\windows\system32\dllcache\strmdll.dll + 2009-02-13 06:26 . 2009-02-13 06:26 985088 c:\windows\system32\dllcache\setupapi.dll + 2009-02-13 06:26 . 2009-02-13 06:26 172032 c:\windows\system32\dllcache\scrrun.dll + 2009-02-13 06:26 . 2009-02-13 06:26 180224 c:\windows\system32\dllcache\scrobj.dll - 2010-03-08 13:26 . 2011-11-16 14:20 152064 c:\windows\system32\dllcache\schannel.dll + 2009-02-13 06:26 . 2011-11-16 14:20 152064 c:\windows\system32\dllcache\schannel.dll + 2008-04-14 11:00 . 2008-04-14 11:00 415744 c:\windows\system32\dllcache\samsrv.dll + 2008-04-14 11:00 . 2008-04-14 11:00 208384 c:\windows\system32\dllcache\rsaenh.dll + 2009-02-13 06:26 . 2009-02-13 06:26 433664 c:\windows\system32\dllcache\riched20.dll + 2009-09-25 21:36 . 2008-04-14 11:00 487424 c:\windows\system32\dllcache\oledb32.dll - 2011-06-16 18:29 . 2010-12-20 17:32 551936 c:\windows\system32\dllcache\oleaut32.dll + 2008-04-14 11:00 . 2010-12-20 17:32 551936 c:\windows\system32\dllcache\oleaut32.dll + 2008-04-14 11:00 . 2008-04-14 11:00 147456 c:\windows\system32\dllcache\odbctrac.dll + 2008-04-14 11:00 . 2008-04-14 11:00 278559 c:\windows\system32\dllcache\odbcjt32.dll + 2009-02-13 06:26 . 2009-02-13 06:26 106496 c:\windows\system32\dllcache\odbccp32.dll + 2008-04-14 11:00 . 2008-04-14 11:00 135168 c:\windows\system32\dllcache\odbcconf.dll - 2011-01-12 19:31 . 2010-11-09 14:50 253952 c:\windows\system32\dllcache\odbc32.dll + 2009-02-13 06:26 . 2010-11-09 14:50 253952 c:\windows\system32\dllcache\odbc32.dll + 2008-11-18 14:02 . 2008-11-18 14:02 576384 c:\windows\system32\dllcache\ntfs.sys - 2010-03-08 13:27 . 2010-12-09 15:15 718336 c:\windows\system32\dllcache\ntdll.dll + 2008-05-05 08:16 . 2010-12-09 15:15 718336 c:\windows\system32\dllcache\ntdll.dll + 2009-09-25 21:36 . 2008-04-14 11:00 364544 c:\windows\system32\dllcache\npdsplay.dll + 2009-02-13 06:26 . 2009-02-13 06:26 339456 c:\windows\system32\dllcache\netapi32.dll + 2008-04-14 11:00 . 2008-04-14 11:00 355104 c:\windows\system32\dllcache\msxbde40.dll + 2008-04-14 11:00 . 2008-04-14 11:00 621344 c:\windows\system32\dllcache\mswstr10.dll + 2008-04-14 11:00 . 2008-04-14 11:00 838432 c:\windows\system32\dllcache\mswdat10.dll + 2009-02-13 06:26 . 2009-02-13 06:26 343040 c:\windows\system32\dllcache\msvcrt.dll + 2008-04-14 11:00 . 2008-04-14 11:00 264992 c:\windows\system32\dllcache\mstext40.dll + 2008-04-14 11:00 . 2008-04-14 11:00 559904 c:\windows\system32\dllcache\msrepl40.dll + 2008-04-14 11:00 . 2008-04-14 11:00 322336 c:\windows\system32\dllcache\msrd3x40.dll + 2009-02-13 06:26 . 2009-02-13 06:26 287768 c:\windows\system32\dllcache\msrd2x40.dll + 2008-04-14 11:00 . 2008-04-14 11:00 355104 c:\windows\system32\dllcache\mspbde40.dll + 2008-04-14 11:00 . 2008-04-14 11:00 143360 c:\windows\system32\dllcache\msorcl32.dll + 2008-04-14 11:00 . 2008-04-14 11:00 219936 c:\windows\system32\dllcache\msltus40.dll + 2008-04-14 11:00 . 2008-04-14 11:00 248608 c:\windows\system32\dllcache\msjtes40.dll + 2009-09-25 21:36 . 2010-11-09 14:50 102400 c:\windows\system32\dllcache\msjro.dll - 2011-01-12 19:31 . 2010-11-09 14:50 102400 c:\windows\system32\dllcache\msjro.dll + 2008-04-14 11:00 . 2008-04-14 11:00 151583 c:\windows\system32\dllcache\msjint40.dll + 2009-02-13 06:26 . 2009-02-13 06:26 304152 c:\windows\system32\dllcache\msexcl40.dll + 2008-04-14 11:00 . 2008-04-14 11:00 518944 c:\windows\system32\dllcache\msexch40.dll + 2009-09-25 21:36 . 2008-04-14 11:00 315392 c:\windows\system32\dllcache\msdasql.dll + 2009-09-25 21:36 . 2008-04-14 11:00 118784 c:\windows\system32\dllcache\msdarem.dll + 2009-09-25 21:36 . 2008-04-14 11:00 204800 c:\windows\system32\dllcache\msdaps.dll + 2009-09-25 21:36 . 2008-04-14 11:00 200704 c:\windows\system32\dllcache\msdaprst.dll + 2009-09-25 21:36 . 2008-04-14 11:00 233472 c:\windows\system32\dllcache\msdaora.dll + 2009-09-25 21:36 . 2010-11-09 14:50 200704 c:\windows\system32\dllcache\msadox.dll - 2011-01-12 19:31 . 2010-11-09 14:50 200704 c:\windows\system32\dllcache\msadox.dll + 2009-09-25 21:36 . 2010-11-09 14:50 180224 c:\windows\system32\dllcache\msadomd.dll - 2011-01-12 19:31 . 2010-11-09 14:50 180224 c:\windows\system32\dllcache\msadomd.dll + 2009-09-25 21:36 . 2010-11-09 19:20 565248 c:\windows\system32\dllcache\msado15.dll - 2010-11-09 19:20 . 2010-11-09 19:20 565248 c:\windows\system32\dllcache\msado15.dll + 2009-09-25 21:36 . 2008-04-14 11:00 155648 c:\windows\system32\dllcache\msadds.dll - 2011-01-12 19:31 . 2010-11-09 14:50 143360 c:\windows\system32\dllcache\msadco.dll + 2009-09-25 21:36 . 2010-11-09 14:50 143360 c:\windows\system32\dllcache\msadco.dll + 2009-09-25 21:36 . 2009-02-13 06:25 331776 c:\windows\system32\dllcache\msadce.dll + 2008-04-14 11:00 . 2011-02-08 17:03 974848 c:\windows\system32\dllcache\mfc42u.dll - 2010-09-18 10:23 . 2011-02-08 17:03 974848 c:\windows\system32\dllcache\mfc42u.dll + 2008-04-14 11:00 . 2011-02-08 13:33 978944 c:\windows\system32\dllcache\mfc42.dll - 2010-10-13 22:59 . 2011-02-08 13:33 978944 c:\windows\system32\dllcache\mfc42.dll + 2008-04-14 11:00 . 2010-09-18 06:53 953856 c:\windows\system32\dllcache\mfc40u.dll - 2010-10-13 22:59 . 2010-09-18 06:53 953856 c:\windows\system32\dllcache\mfc40u.dll - 2010-10-13 22:59 . 2010-09-18 06:53 954368 c:\windows\system32\dllcache\mfc40.dll + 2008-04-14 11:00 . 2010-09-18 06:53 954368 c:\windows\system32\dllcache\mfc40.dll + 2009-02-13 06:25 . 2010-12-20 17:24 730112 c:\windows\system32\dllcache\lsasrv.dll - 2009-06-26 14:11 . 2010-12-20 17:24 730112 c:\windows\system32\dllcache\lsasrv.dll + 2009-02-13 06:25 . 2009-02-13 06:25 100864 c:\windows\system32\dllcache\logagent.exe + 2009-02-13 06:25 . 2009-03-21 18:29 991744 c:\windows\system32\dllcache\kernel32.dll - 2009-03-21 18:29 . 2009-03-21 18:29 991744 c:\windows\system32\dllcache\kernel32.dll - 2010-03-08 13:19 . 2011-03-04 06:37 726528 c:\windows\system32\dllcache\jscript.dll + 2009-02-13 06:25 . 2011-03-04 06:37 726528 c:\windows\system32\dllcache\jscript.dll + 2008-04-14 11:00 . 2008-04-14 11:00 138240 c:\windows\system32\dllcache\itss.dll + 2008-04-14 11:00 . 2008-04-14 11:00 155136 c:\windows\system32\dllcache\itircl.dll + 2008-04-14 11:00 . 2008-04-14 11:00 143744 c:\windows\system32\dllcache\fastfat.sys + 2008-04-14 11:00 . 2008-04-14 11:00 380445 c:\windows\system32\dllcache\expsrv.dll + 2008-04-14 11:00 . 2008-04-14 11:00 498742 c:\windows\system32\dllcache\dxmasf.dll + 2008-04-14 11:00 . 2008-04-14 11:00 138752 c:\windows\system32\dllcache\dssenh.dll + 2008-04-14 11:00 . 2008-04-14 11:00 299520 c:\windows\system32\dllcache\drmclien.dll + 2009-09-25 21:36 . 2008-04-14 11:00 554008 c:\windows\system32\dllcache\dao360.dll + 2008-04-14 11:00 . 2008-04-14 11:00 512512 c:\windows\system32\dllcache\cryptui.dll - 2011-09-08 13:09 . 2011-09-28 07:05 599552 c:\windows\system32\dllcache\crypt32.dll + 2009-02-13 06:25 . 2011-09-28 07:05 599552 c:\windows\system32\dllcache\crypt32.dll + 2008-04-14 11:00 . 2008-04-14 11:00 252928 c:\windows\system32\dllcache\compatui.dll + 2008-04-14 11:00 . 2008-04-14 11:00 276992 c:\windows\system32\dllcache\comdlg32.dll - 2010-10-13 22:59 . 2010-08-23 16:12 617472 c:\windows\system32\dllcache\comctl32.dll + 2008-04-14 11:00 . 2010-08-23 16:12 617472 c:\windows\system32\dllcache\comctl32.dll + 2008-04-14 11:00 . 2008-04-14 11:00 233472 c:\windows\system32\dllcache\azroles.dll + 2008-04-14 11:00 . 2008-04-14 11:00 602624 c:\windows\system32\dllcache\autoconv.exe + 2008-04-14 11:00 . 2008-04-14 11:00 588800 c:\windows\system32\dllcache\autochk.exe + 2008-04-14 11:00 . 2008-04-14 11:00 352256 c:\windows\system32\dllcache\atmuni.sys + 2009-02-13 06:25 . 2011-02-15 13:05 290432 c:\windows\system32\dllcache\atmfd.dll - 2010-06-09 04:46 . 2011-02-15 13:05 290432 c:\windows\system32\dllcache\atmfd.dll + 2008-04-14 11:00 . 2008-04-14 11:00 295936 c:\windows\system32\dllcache\appmgr.dll + 2008-04-14 11:00 . 2008-04-14 11:00 167936 c:\windows\system32\dllcache\appmgmts.dll + 2008-04-14 11:00 . 2008-04-14 11:00 125952 c:\windows\system32\dllcache\apphelp.dll + 2008-04-14 11:00 . 2008-04-14 11:00 102912 c:\windows\system32\dllcache\apcups.dll + 2008-04-14 11:00 . 2008-04-14 11:00 256512 c:\windows\system32\dllcache\agentsvr.exe + 2008-04-14 11:00 . 2008-04-14 11:00 214016 c:\windows\system32\dllcache\agentctl.dll + 2009-02-13 06:25 . 2011-08-17 13:41 138496 c:\windows\system32\dllcache\afd.sys - 2011-04-16 14:55 . 2011-08-17 13:41 138496 c:\windows\system32\dllcache\afd.sys + 2009-09-26 09:57 . 2008-04-13 19:09 142592 c:\windows\system32\dllcache\aec.sys - 2010-04-06 22:43 . 2009-03-08 02:32 128512 c:\windows\system32\dllcache\advpack.dll + 2009-02-13 06:25 . 2009-03-08 02:32 128512 c:\windows\system32\dllcache\advpack.dll - 2009-02-10 18:26 . 2009-02-10 18:26 617472 c:\windows\system32\dllcache\advapi32.dll + 2008-04-14 11:00 . 2009-02-10 18:26 617472 c:\windows\system32\dllcache\advapi32.dll + 2008-04-14 11:00 . 2008-04-14 11:00 123392 c:\windows\system32\dllcache\adsnw.dll + 2008-04-14 11:00 . 2008-04-14 11:00 263680 c:\windows\system32\dllcache\adsnt.dll + 2008-04-14 11:00 . 2008-04-14 11:00 161792 c:\windows\system32\dllcache\adsnds.dll + 2008-04-14 11:00 . 2008-04-14 11:00 143360 c:\windows\system32\dllcache\adsldpc.dll + 2009-02-13 06:25 . 2009-02-13 06:25 176128 c:\windows\system32\dllcache\adsldp.dll + 2012-02-13 14:56 . 2001-08-17 12:07 101888 c:\windows\system32\dllcache\adpu160m.sys + 2008-04-14 11:00 . 2008-04-14 11:00 116224 c:\windows\system32\dllcache\acxtrnal.dll + 2008-04-14 11:00 . 2008-04-14 11:00 193536 c:\windows\system32\dllcache\activeds.dll + 2008-04-14 11:00 . 2008-04-14 11:00 245248 c:\windows\system32\dllcache\acspecfc.dll + 2008-04-14 11:00 . 2008-04-14 11:00 187776 c:\windows\system32\dllcache\acpi.sys + 2008-04-14 11:00 . 2008-04-14 11:00 115712 c:\windows\system32\dllcache\aclui.dll + 2008-04-14 11:00 . 2008-04-14 11:00 141312 c:\windows\system32\dllcache\aclua.dll + 2008-04-14 11:00 . 2008-04-14 11:00 129536 c:\windows\system32\dllcache\acledit.dll - 2010-03-08 13:31 . 2009-11-21 15:51 471552 c:\windows\system32\dllcache\aclayers.dll + 2008-04-14 11:00 . 2009-11-21 15:51 471552 c:\windows\system32\dllcache\aclayers.dll + 2009-09-25 21:32 . 2008-04-14 11:00 184320 c:\windows\system32\dllcache\accwiz.exe + 2009-09-25 21:32 . 2008-04-14 11:00 136192 c:\windows\system32\dllcache\aaclient.dll + 2008-04-14 11:00 . 2010-02-12 04:27 100864 c:\windows\system32\dllcache\6to4svc.dll - 2010-05-02 23:41 . 2010-02-12 04:27 100864 c:\windows\system32\dllcache\6to4svc.dll + 2012-02-13 14:48 . 2012-02-13 14:48 223744 c:\windows\Installer\21bd88.msi + 2011-04-18 21:51 . 2011-04-18 21:51 3781960 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90u.dll + 2011-04-18 21:51 . 2011-04-18 21:51 3766600 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90.dll + 2009-02-13 06:27 . 2011-11-04 19:20 1212416 c:\windows\system32\dllcache\urlmon.dll - 2010-04-06 22:43 . 2011-11-04 19:20 1212416 c:\windows\system32\dllcache\urlmon.dll + 2008-04-14 11:00 . 2008-04-14 11:00 1614848 c:\windows\system32\dllcache\sfcfiles.dll + 2009-02-13 06:26 . 2011-11-01 16:05 1289216 c:\windows\system32\dllcache\ole32.dll - 2010-10-13 22:59 . 2011-11-01 16:05 1289216 c:\windows\system32\dllcache\ole32.dll + 2009-02-13 06:26 . 2011-10-25 13:34 2192768 c:\windows\system32\dllcache\ntoskrnl.exe - 2010-03-08 13:21 . 2011-10-25 13:34 2192768 c:\windows\system32\dllcache\ntoskrnl.exe + 2009-02-13 06:26 . 2009-02-13 06:26 1520664 c:\windows\system32\dllcache\msjet40.dll + 2008-04-14 11:00 . 2008-04-14 11:00 1852928 c:\windows\system32\dllcache\acgenral.dll + 2012-02-13 14:39 . 2011-10-25 13:38 2148864 c:\windows\LastGood\system32\dllcache\ntkrnlmp.exe + 2008-04-14 11:00 . 2008-04-14 11:00 13107200 c:\windows\system32\dllcache\oembios.bin . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168] "Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "_nltide_3"="advpack.dll" [2009-03-08 128512] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-11-13 2057536] WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-11-13 9117504] . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\usmt\\migwiz.exe"= "c:\\Program Files\\Spotify\\spotify.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= . R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [11/13/2009 11:28 AM 110592] R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [6/16/2009 8:58 AM 20480] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2/8/2010 10:47 PM 11520] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WUAUSERV . Contents of the 'Scheduled Tasks' folder . 2012-02-10 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 10:34] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = *.local TCP: DhcpNameServer = 205.152.111.23 205.152.144.23 FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3qr03o8i.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-02-13 16:14 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-682003330-1326574676-1177238915-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ec,12,46,7c,1f,a3,b4,44,a7,27,63,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ba,54,44,e4,b5,6c,89,45,8f,c9,68,\ . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(1312) c:\windows\system32\WININET.dll c:\windows\system32\msi.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2012-02-13 16:17:51 ComboFix-quarantined-files.txt 2012-02-13 15:17 ComboFix2.txt 2012-02-10 02:31 ComboFix3.txt 2012-02-08 22:07 . Pre-Run: 6,429,581,312 bytes free Post-Run: 6,433,669,120 bytes free . - - End Of File - - 29F5D7750B0CDF3754EFF73F6F4597FD
  4. combofix lig: ComboFix 12-02-08.02 - Administrator 02/10/2012 3:21.2.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.174 [GMT 1:00] Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\System32\wscntfy.exe . . . is missing!! . . --------------- FCopy --------------- . c:\windows\system32\dllcache\tcpip.sys --> c:\windows\system32\drivers\tcpip.sys . ((((((((((((((((((((((((( Files Created from 2012-01-10 to 2012-02-10 ))))))))))))))))))))))))))))))) . . 2012-02-08 19:13 . 2012-02-08 19:13 -------- d-----w- C:\TDSSKiller_Quarantine 2012-02-08 13:28 . 2012-02-08 13:28 -------- d-----w- c:\windows\system32\wbem\Repository 2012-02-08 13:24 . 2012-02-08 13:24 -------- d-----w- c:\windows\LastGood(2) 2012-02-02 14:07 . 2012-02-07 20:01 -------- d-----w- c:\program files\GridinSoft Trojan Killer 2012-01-14 15:59 . 2012-01-14 16:51 -------- d-----w- c:\program files\PC Tools Security 2012-01-11 18:37 . 2011-11-03 15:27 386048 ------w- c:\windows\system32\dllcache\qdvd.dll 2012-01-11 18:37 . 2011-10-14 14:47 23040 ------w- c:\windows\system32\dllcache\mciseq.dll 2012-01-11 18:37 . 2011-10-14 14:47 176128 ------w- c:\windows\system32\dllcache\winmm.dll 2012-01-11 18:37 . 2011-11-18 12:35 60416 ------w- c:\windows\system32\dllcache\packager.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-12-10 14:24 . 2011-11-21 20:35 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-11-25 21:56 . 2009-02-13 06:27 293376 ----a-w- c:\windows\system32\winsrv.dll 2011-11-23 13:29 . 2009-02-13 06:27 1868544 ----a-w- c:\windows\system32\win32k.sys 2011-11-18 12:35 . 2008-04-14 11:00 60416 ----a-w- c:\windows\system32\packager.exe 2011-11-16 14:20 . 2009-02-13 06:26 152064 ----a-w- c:\windows\system32\schannel.dll 2011-11-16 14:20 . 2008-04-14 11:00 354816 ----a-w- c:\windows\system32\winhttp.dll 2012-01-08 15:29 . 2011-06-14 16:16 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . (((((((((((((((((((((((((((((((((((((((((( SR_Search )))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2009-02-13 . 2547D2CF090AC7636898F16957EBCEDC . 502272 . . [1.0626.6002.16497] . . c:\windows\system32\usp10.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168] "Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "_nltide_3"="advpack.dll" [2009-03-08 128512] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-11-13 2057536] WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-11-13 9117504] . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\usmt\\migwiz.exe"= "c:\\Program Files\\Spotify\\spotify.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= . R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [11/13/2009 11:28 AM 110592] R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [6/16/2009 8:58 AM 20480] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2/8/2010 10:47 PM 11520] . Contents of the 'Scheduled Tasks' folder . 2012-01-27 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 10:34] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = *.local TCP: DhcpNameServer = 205.152.111.23 205.152.144.23 FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3qr03o8i.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-02-10 03:29 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-682003330-1326574676-1177238915-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ec,12,46,7c,1f,a3,b4,44,a7,27,63,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ba,54,44,e4,b5,6c,89,45,8f,c9,68,\ . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(1748) c:\windows\system32\WININET.dll c:\windows\system32\msi.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2012-02-10 03:31:35 ComboFix-quarantined-files.txt 2012-02-10 02:31 ComboFix2.txt 2012-02-08 22:07 . Pre-Run: 6,645,919,744 bytes free Post-Run: 6,637,801,472 bytes free . - - End Of File - - A4B2737AFE4E7FE3E7E127E165F466FC
  5. Combofix log ComboFix 12-02-08.02 - Administrator 02/08/2012 22:54:16.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.68 [GMT 1:00] Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\~Kvs8Fd5pUHx4R2 c:\documents and settings\All Users\Application Data\~Kvs8Fd5pUHx4R2r c:\documents and settings\All Users\Application Data\Kvs8Fd5pUHx4R2 c:\documents and settings\All Users\Application Data\TEMP c:\program files\CouponAlert_2pEI . . ((((((((((((((((((((((((( Files Created from 2012-01-08 to 2012-02-08 ))))))))))))))))))))))))))))))) . . 2012-02-08 19:13 . 2012-02-08 19:13 -------- d-----w- C:\TDSSKiller_Quarantine 2012-02-08 13:28 . 2012-02-08 13:28 -------- d-----w- c:\windows\system32\wbem\Repository 2012-02-08 13:24 . 2012-02-08 13:24 -------- d-----w- c:\windows\LastGood(2) 2012-02-02 14:07 . 2012-02-07 20:01 -------- d-----w- c:\program files\GridinSoft Trojan Killer 2012-01-14 15:59 . 2012-01-14 16:51 -------- d-----w- c:\program files\PC Tools Security 2012-01-11 18:37 . 2011-11-03 15:27 386048 ------w- c:\windows\system32\dllcache\qdvd.dll 2012-01-11 18:37 . 2011-10-14 14:47 23040 ------w- c:\windows\system32\dllcache\mciseq.dll 2012-01-11 18:37 . 2011-10-14 14:47 176128 ------w- c:\windows\system32\dllcache\winmm.dll 2012-01-11 18:37 . 2011-11-18 12:35 60416 ------w- c:\windows\system32\dllcache\packager.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-12-10 14:24 . 2011-11-21 20:35 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-11-25 21:56 . 2009-02-13 06:27 293376 ----a-w- c:\windows\system32\winsrv.dll 2011-11-23 13:29 . 2009-02-13 06:27 1868544 ----a-w- c:\windows\system32\win32k.sys 2011-11-18 12:35 . 2008-04-14 11:00 60416 ----a-w- c:\windows\system32\packager.exe 2011-11-16 14:20 . 2009-02-13 06:26 152064 ----a-w- c:\windows\system32\schannel.dll 2011-11-16 14:20 . 2008-04-14 11:00 354816 ----a-w- c:\windows\system32\winhttp.dll 2011-11-11 03:40 . 2011-11-11 03:40 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-11-11 03:40 . 2011-11-11 03:40 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-11-11 00:56 . 2011-11-11 00:56 398760 ----a-r- c:\windows\system32\cpnprt2.cid 2012-01-08 15:29 . 2011-06-14 16:16 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2009-02-13 . BA8C046D98345129723E6BCAA1E8AB99 . 361600 . . [5.1.2600.5649] . . c:\windows\system32\drivers\tcpip.sys [7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys . [-] 2009-02-13 . 2547D2CF090AC7636898F16957EBCEDC . 502272 . . [1.0626.6002.16497] . . c:\windows\system32\usp10.dll . . c:\windows\System32\wscntfy.exe ... is missing !! . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168] "Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "_nltide_3"="advpack.dll" [2009-03-08 128512] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-11-13 2057536] WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-11-13 9117504] . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\usmt\\migwiz.exe"= "c:\\Program Files\\Spotify\\spotify.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= . R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [11/13/2009 11:28 AM 110592] R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [6/16/2009 8:58 AM 20480] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2/8/2010 10:47 PM 11520] . Contents of the 'Scheduled Tasks' folder . 2012-01-27 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 10:34] . . ------- Supplementary Scan ------- . uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&ptnrS=CDxdm142YYus&ptb=44E34247-A62B-4CAA-845E-EC5154A3DDA4&si=101497_819fpc uInternet Settings,ProxyOverride = *.local TCP: DhcpNameServer = 205.152.111.23 205.152.144.23 FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3qr03o8i.default\ FF - prefs.js: browser.search.selectedEngine - My Web Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=44E34247-A62B-4CAA-845E-EC5154A3DDA4&n=77ecdb32&ind=2012011314&id=CDxdm142YYus&ptnrS=CDxdm142YYus&si=101497_819fpc&searchfor= . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-02-08 23:04 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-682003330-1326574676-1177238915-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ec,12,46,7c,1f,a3,b4,44,a7,27,63,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ba,54,44,e4,b5,6c,89,45,8f,c9,68,\ . Completion time: 2012-02-08 23:07:46 ComboFix-quarantined-files.txt 2012-02-08 22:07 . Pre-Run: 6,364,311,552 bytes free Post-Run: 6,641,135,616 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect . - - End Of File - - 5F7E281A9AB134E8A60BFC9F96F95127
  6. The OTL scan will not finish. It reads "scanning firefox settings" and does nothing further. I forced closed the program after scanning for 20 minutes each time. Here is TDSSKILLER log: 20:11:45.0910 3652 TDSS rootkit removing tool 2.7.10.0 Feb 7 2012 15:14:46 20:11:46.0363 3652 ============================================================ 20:11:46.0363 3652 Current date / time: 2012/02/08 20:11:46.0363 20:11:46.0363 3652 SystemInfo: 20:11:46.0363 3652 20:11:46.0363 3652 OS Version: 5.1.2600 ServicePack: 3.0 20:11:46.0363 3652 Product type: Workstation 20:11:46.0363 3652 ComputerName: ANONYMOUS 20:11:46.0363 3652 UserName: Administrator 20:11:46.0363 3652 Windows directory: C:\WINDOWS 20:11:46.0363 3652 System windows directory: C:\WINDOWS 20:11:46.0363 3652 Processor architecture: Intel x86 20:11:46.0363 3652 Number of processors: 1 20:11:46.0363 3652 Page size: 0x1000 20:11:46.0363 3652 Boot type: Normal boot 20:11:46.0363 3652 ============================================================ 20:11:48.0878 3652 Drive \Device\Harddisk0\DR0 - Size: 0x950A60000 (37.26 Gb), SectorSize: 0x200, Cylinders: 0x1300, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 20:11:48.0878 3652 \Device\Harddisk0\DR0: 20:11:48.0878 3652 MBR used 20:11:48.0878 3652 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A81400 20:11:48.0910 3652 Initialize success 20:11:48.0910 3652 ============================================================ 20:12:51.0519 3260 ============================================================ 20:12:51.0519 3260 Scan started 20:12:51.0519 3260 Mode: Manual; SigCheck; TDLFS; 20:12:51.0519 3260 ============================================================ 20:12:52.0035 3260 Abiosdsk - ok 20:12:52.0082 3260 abp480n5 - ok 20:12:52.0144 3260 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 20:12:54.0800 3260 ACPI - ok 20:12:54.0957 3260 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 20:12:55.0175 3260 ACPIEC - ok 20:12:55.0222 3260 adpu160m - ok 20:12:55.0285 3260 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 20:12:55.0472 3260 aec - ok 20:12:55.0550 3260 AFD (f6b7b1ecd7b41736bdb6ff4b092bcb79) C:\WINDOWS\System32\drivers\afd.sys 20:12:55.0613 3260 AFD - ok 20:12:55.0644 3260 Aha154x - ok 20:12:55.0675 3260 aic78u2 - ok 20:12:55.0707 3260 aic78xx - ok 20:12:55.0769 3260 AliIde - ok 20:12:55.0832 3260 amsint - ok 20:12:55.0925 3260 ApfiltrService (090880e9bf20f928bc341f96d27c019e) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys 20:12:55.0988 3260 ApfiltrService - ok 20:12:56.0160 3260 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 20:12:56.0441 3260 Arp1394 - ok 20:12:56.0550 3260 asc - ok 20:12:56.0566 3260 asc3350p - ok 20:12:56.0582 3260 asc3550 - ok 20:12:57.0425 3260 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 20:12:57.0597 3260 AsyncMac - ok 20:12:57.0644 3260 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 20:12:57.0832 3260 atapi - ok 20:12:57.0847 3260 Atdisk - ok 20:12:57.0894 3260 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 20:12:58.0050 3260 Atmarpc - ok 20:12:58.0082 3260 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 20:12:58.0269 3260 audstub - ok 20:12:58.0300 3260 bcm4sbxp (cd4646067cc7dcba1907fa0acf7e3966) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys 20:12:58.0332 3260 bcm4sbxp - ok 20:12:58.0378 3260 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 20:12:58.0566 3260 Beep - ok 20:12:58.0613 3260 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 20:12:58.0785 3260 cbidf2k - ok 20:12:58.0800 3260 cd20xrnt - ok 20:12:58.0832 3260 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 20:12:58.0988 3260 Cdaudio - ok 20:12:59.0003 3260 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 20:12:59.0207 3260 Cdfs - ok 20:12:59.0222 3260 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys 20:12:59.0269 3260 Cdrom - ok 20:12:59.0285 3260 Changer - ok 20:12:59.0316 3260 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys 20:12:59.0472 3260 CmBatt - ok 20:12:59.0488 3260 CmdIde - ok 20:12:59.0503 3260 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys 20:12:59.0675 3260 Compbatt - ok 20:12:59.0691 3260 Cpqarray - ok 20:12:59.0707 3260 dac2w2k - ok 20:12:59.0722 3260 dac960nt - ok 20:12:59.0769 3260 Disk (47b6aaec570f2c11d8bad80a064d8ed1) C:\WINDOWS\system32\DRIVERS\disk.sys 20:12:59.0832 3260 Disk - ok 20:12:59.0894 3260 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 20:13:00.0144 3260 dmboot - ok 20:13:00.0300 3260 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 20:13:00.0457 3260 dmio - ok 20:13:00.0503 3260 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 20:13:00.0675 3260 dmload - ok 20:13:00.0722 3260 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 20:13:00.0878 3260 DMusic - ok 20:13:00.0910 3260 dpti2o - ok 20:13:00.0957 3260 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 20:13:01.0144 3260 drmkaud - ok 20:13:01.0207 3260 exFat (4d893323dae445e34a4c9038b0551bc9) C:\WINDOWS\system32\drivers\exFat.sys 20:13:01.0253 3260 exFat - ok 20:13:01.0316 3260 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 20:13:01.0472 3260 Fastfat - ok 20:13:01.0488 3260 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys 20:13:01.0660 3260 Fdc - ok 20:13:01.0707 3260 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 20:13:01.0894 3260 Fips - ok 20:13:01.0925 3260 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 20:13:02.0082 3260 Flpydisk - ok 20:13:02.0128 3260 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys 20:13:02.0285 3260 FltMgr - ok 20:13:02.0316 3260 Fs_Rec (30d42943a54704ef13e2562911dbfcea) C:\WINDOWS\system32\drivers\Fs_Rec.sys 20:13:02.0347 3260 Fs_Rec - ok 20:13:02.0394 3260 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 20:13:02.0582 3260 Ftdisk - ok 20:13:02.0691 3260 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 20:13:02.0707 3260 GEARAspiWDM - ok 20:13:02.0753 3260 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 20:13:02.0941 3260 Gpc - ok 20:13:03.0003 3260 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 20:13:03.0160 3260 HidUsb - ok 20:13:03.0175 3260 hpn - ok 20:13:03.0253 3260 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 20:13:03.0300 3260 HTTP - ok 20:13:03.0316 3260 i2omgmt - ok 20:13:03.0332 3260 i2omp - ok 20:13:03.0378 3260 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 20:13:03.0972 3260 i8042prt - ok 20:13:04.0003 3260 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 20:13:04.0238 3260 Imapi - ok 20:13:04.0269 3260 ini910u - ok 20:13:04.0285 3260 IntelIde - ok 20:13:04.0316 3260 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 20:13:04.0472 3260 intelppm - ok 20:13:04.0503 3260 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 20:13:04.0675 3260 Ip6Fw - ok 20:13:04.0722 3260 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 20:13:04.0878 3260 IpFilterDriver - ok 20:13:04.0894 3260 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 20:13:05.0066 3260 IpInIp - ok 20:13:05.0113 3260 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 20:13:05.0285 3260 IpNat - ok 20:13:05.0332 3260 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 20:13:05.0503 3260 IPSec - ok 20:13:05.0550 3260 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 20:13:05.0613 3260 IRENUM - ok 20:13:05.0660 3260 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 20:13:06.0644 3260 isapnp - ok 20:13:06.0753 3260 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 20:13:06.0957 3260 Kbdclass - ok 20:13:06.0988 3260 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 20:13:07.0160 3260 kbdhid - ok 20:13:07.0222 3260 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 20:13:07.0394 3260 kmixer - ok 20:13:07.0425 3260 KSecDD (c6ebf1d6ad71df30db49b8d3287e1368) C:\WINDOWS\system32\drivers\KSecDD.sys 20:13:07.0519 3260 KSecDD - ok 20:13:07.0535 3260 lbrtfdc - ok 20:13:07.0582 3260 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 20:13:07.0753 3260 Modem - ok 20:13:07.0800 3260 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 20:13:07.0957 3260 Mouclass - ok 20:13:08.0019 3260 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 20:13:08.0207 3260 mouhid - ok 20:13:08.0222 3260 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 20:13:08.0363 3260 MountMgr - ok 20:13:08.0378 3260 mraid35x - ok 20:13:08.0441 3260 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS 20:13:08.0457 3260 MREMP50 ( UnsignedFile.Multi.Generic ) - warning 20:13:08.0457 3260 MREMP50 - detected UnsignedFile.Multi.Generic (1) 20:13:08.0472 3260 MREMP50a64 - ok 20:13:08.0503 3260 MREMPR5 - ok 20:13:08.0503 3260 MRENDIS5 - ok 20:13:08.0535 3260 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS 20:13:08.0550 3260 MRESP50 ( UnsignedFile.Multi.Generic ) - warning 20:13:08.0550 3260 MRESP50 - detected UnsignedFile.Multi.Generic (1) 20:13:08.0550 3260 MRESP50a64 - ok 20:13:08.0613 3260 MRxDAV (65e818c473e220b6ab762e1966296fd1) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 20:13:08.0660 3260 MRxDAV - ok 20:13:08.0816 3260 MRxSmb (fb2fccc70f7174c7bf64f48e96d3adf4) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 20:13:08.0894 3260 MRxSmb - ok 20:13:08.0925 3260 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 20:13:09.0113 3260 Msfs - ok 20:13:09.0175 3260 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 20:13:09.0347 3260 MSKSSRV - ok 20:13:09.0378 3260 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 20:13:09.0550 3260 MSPCLOCK - ok 20:13:09.0566 3260 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 20:13:09.0738 3260 MSPQM - ok 20:13:09.0769 3260 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 20:13:09.0957 3260 mssmbios - ok 20:13:09.0988 3260 Mup (f7b1ad991491f02af6da70b00b8bf114) C:\WINDOWS\system32\drivers\Mup.sys 20:13:10.0050 3260 Mup - ok 20:13:10.0066 3260 NDIS (b5b1080d35974c0e718d64280761bcd5) C:\WINDOWS\system32\drivers\NDIS.sys 20:13:10.0160 3260 NDIS - ok 20:13:10.0222 3260 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 20:13:10.0269 3260 NdisTapi - ok 20:13:10.0316 3260 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 20:13:10.0519 3260 Ndisuio - ok 20:13:10.0582 3260 NdisWan (b053a8411045fd0664b389a090cb2bbc) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 20:13:10.0597 3260 NdisWan - ok 20:13:10.0753 3260 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 20:13:10.0800 3260 NDProxy - ok 20:13:10.0832 3260 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 20:13:10.0988 3260 NetBIOS - ok 20:13:11.0019 3260 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 20:13:11.0238 3260 NetBT - ok 20:13:11.0285 3260 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 20:13:11.0457 3260 NIC1394 - ok 20:13:11.0472 3260 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 20:13:11.0644 3260 Npfs - ok 20:13:11.0707 3260 Ntfs (4c51d5275ae8a16999edfe7e647d00de) C:\WINDOWS\system32\drivers\Ntfs.sys 20:13:11.0800 3260 Ntfs - ok 20:13:11.0832 3260 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 20:13:11.0988 3260 Null - ok 20:13:12.0019 3260 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 20:13:12.0207 3260 NwlnkFlt - ok 20:13:12.0222 3260 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 20:13:12.0378 3260 NwlnkFwd - ok 20:13:12.0394 3260 ohci1394 (2553f7c60b8d291b5a812245e6d4da6e) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 20:13:12.0472 3260 ohci1394 - ok 20:13:12.0503 3260 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys 20:13:12.0675 3260 Parport - ok 20:13:12.0691 3260 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 20:13:12.0847 3260 PartMgr - ok 20:13:12.0878 3260 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 20:13:13.0066 3260 ParVdm - ok 20:13:13.0082 3260 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 20:13:13.0253 3260 PCI - ok 20:13:13.0269 3260 PCIDump - ok 20:13:13.0285 3260 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 20:13:13.0441 3260 PCIIde - ok 20:13:13.0488 3260 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys 20:13:13.0675 3260 Pcmcia - ok 20:13:13.0769 3260 PDCOMP - ok 20:13:13.0785 3260 PDFRAME - ok 20:13:13.0800 3260 PDRELI - ok 20:13:13.0816 3260 PDRFRAME - ok 20:13:13.0832 3260 perc2 - ok 20:13:13.0847 3260 perc2hib - ok 20:13:13.0894 3260 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 20:13:14.0082 3260 PptpMiniport - ok 20:13:14.0097 3260 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 20:13:14.0269 3260 PSched - ok 20:13:14.0300 3260 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 20:13:14.0488 3260 Ptilink - ok 20:13:14.0503 3260 ql1080 - ok 20:13:14.0519 3260 Ql10wnt - ok 20:13:14.0535 3260 ql12160 - ok 20:13:14.0550 3260 ql1240 - ok 20:13:14.0566 3260 ql1280 - ok 20:13:14.0582 3260 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 20:13:14.0753 3260 RasAcd - ok 20:13:14.0769 3260 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 20:13:14.0941 3260 Rasl2tp - ok 20:13:14.0972 3260 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 20:13:15.0160 3260 RasPppoe - ok 20:13:15.0175 3260 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 20:13:15.0363 3260 Raspti - ok 20:13:15.0410 3260 Rdbss (77050c6615f6eb5402f832b27fd695e0) C:\WINDOWS\system32\DRIVERS\rdbss.sys 20:13:15.0441 3260 Rdbss - ok 20:13:15.0457 3260 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 20:13:15.0613 3260 RDPCDD - ok 20:13:15.0660 3260 rdpdr (c694a927eb7c354f7ae97955043a9641) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 20:13:15.0691 3260 rdpdr - ok 20:13:15.0738 3260 RDPWD (3348e61a78ba4f79c795aad6565d3b6f) C:\WINDOWS\system32\drivers\RDPWD.sys 20:13:15.0785 3260 RDPWD - ok 20:13:15.0816 3260 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 20:13:15.0972 3260 redbook - ok 20:13:16.0050 3260 rspndr (743d7d59767073a617b1dcc6c546f234) C:\WINDOWS\system32\DRIVERS\rspndr.sys 20:13:16.0082 3260 rspndr - ok 20:13:16.0128 3260 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys 20:13:16.0722 3260 sdbus - ok 20:13:16.0769 3260 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 20:13:16.0832 3260 Secdrv - ok 20:13:16.0925 3260 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys 20:13:17.0097 3260 Serial - ok 20:13:17.0160 3260 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 20:13:17.0316 3260 Sfloppy - ok 20:13:17.0363 3260 Simbad - ok 20:13:17.0378 3260 Sparrow - ok 20:13:17.0425 3260 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 20:13:17.0582 3260 splitter - ok 20:13:17.0644 3260 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 20:13:17.0707 3260 sr - ok 20:13:17.0785 3260 Srv (9b390283569ea58d43d2586032b892f5) C:\WINDOWS\system32\DRIVERS\srv.sys 20:13:17.0863 3260 Srv - ok 20:13:17.0894 3260 STAC97 (305cc42945a713347f978d78566113f3) C:\WINDOWS\system32\drivers\STAC97.sys 20:13:17.0957 3260 STAC97 - ok 20:13:17.0972 3260 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 20:13:18.0144 3260 swenum - ok 20:13:18.0191 3260 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 20:13:18.0363 3260 swmidi - ok 20:13:18.0394 3260 symc810 - ok 20:13:18.0410 3260 symc8xx - ok 20:13:18.0425 3260 sym_hi - ok 20:13:18.0441 3260 sym_u3 - ok 20:13:18.0472 3260 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 20:13:18.0644 3260 sysaudio - ok 20:13:18.0894 3260 Tcpip (ba8c046d98345129723e6bcaa1e8ab99) C:\WINDOWS\system32\DRIVERS\tcpip.sys 20:13:19.0347 3260 Tcpip ( UnsignedFile.Multi.Generic ) - warning 20:13:19.0347 3260 Tcpip - detected UnsignedFile.Multi.Generic (1) 20:13:19.0441 3260 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 20:13:19.0613 3260 TDPIPE - ok 20:13:19.0644 3260 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 20:13:19.0800 3260 TDTCP - ok 20:13:19.0878 3260 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 20:13:20.0019 3260 TermDD - ok 20:13:20.0050 3260 TosIde - ok 20:13:20.0097 3260 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 20:13:20.0300 3260 Udfs - ok 20:13:20.0316 3260 ultra - ok 20:13:20.0378 3260 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 20:13:20.0535 3260 Update - ok 20:13:20.0582 3260 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys 20:13:20.0628 3260 USBAAPL - ok 20:13:20.0675 3260 usbccgp (c18d6c74953621346df6b0a11f80c1cc) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 20:13:20.0722 3260 usbccgp - ok 20:13:20.0753 3260 usbehci (152ee0baa614388273a0b9ae9c9fd5a0) C:\WINDOWS\system32\DRIVERS\usbehci.sys 20:13:20.0785 3260 usbehci - ok 20:13:20.0816 3260 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 20:13:21.0003 3260 usbhub - ok 20:13:21.0035 3260 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 20:13:21.0222 3260 usbprint - ok 20:13:21.0285 3260 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 20:13:21.0457 3260 usbscan - ok 20:13:21.0488 3260 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 20:13:21.0644 3260 USBSTOR - ok 20:13:21.0722 3260 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 20:13:21.0863 3260 usbuhci - ok 20:13:21.0925 3260 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 20:13:22.0082 3260 VgaSave - ok 20:13:22.0113 3260 ViaIde - ok 20:13:22.0128 3260 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 20:13:22.0316 3260 VolSnap - ok 20:13:22.0472 3260 w29n51 (f0608f3b5b6d16f4870e867f9d069b6b) C:\WINDOWS\system32\DRIVERS\w29n51.sys 20:13:22.0675 3260 w29n51 - ok 20:13:22.0738 3260 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 20:13:22.0910 3260 Wanarp - ok 20:13:22.0957 3260 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys 20:13:23.0035 3260 WDC_SAM - ok 20:13:23.0050 3260 WDICA - ok 20:13:23.0097 3260 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 20:13:23.0269 3260 wdmaud - ok 20:13:23.0425 3260 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 20:13:23.0597 3260 WS2IFSL - ok 20:13:23.0628 3260 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 20:13:23.0675 3260 WudfPf - ok 20:13:23.0707 3260 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 20:13:23.0722 3260 WudfRd - ok 20:13:23.0753 3260 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0 20:13:23.0800 3260 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected 20:13:23.0800 3260 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0) 20:13:23.0863 3260 \Device\Harddisk0\DR0 ( TDSS File System ) - warning 20:13:23.0863 3260 \Device\Harddisk0\DR0 - detected TDSS File System (1) 20:13:23.0863 3260 Boot (0x1200) (b2eea4a9c5c21d39f7602c54d53507b3) \Device\Harddisk0\DR0\Partition0 20:13:23.0863 3260 \Device\Harddisk0\DR0\Partition0 - ok 20:13:23.0863 3260 ============================================================ 20:13:23.0863 3260 Scan finished 20:13:23.0863 3260 ============================================================ 20:13:23.0988 1772 Detected object count: 5 20:13:23.0988 1772 Actual detected object count: 5 20:13:50.0050 1772 MREMP50 ( UnsignedFile.Multi.Generic ) - skipped by user 20:13:50.0050 1772 MREMP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:13:50.0050 1772 MRESP50 ( UnsignedFile.Multi.Generic ) - skipped by user 20:13:50.0050 1772 MRESP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:13:50.0050 1772 Tcpip ( UnsignedFile.Multi.Generic ) - skipped by user 20:13:50.0050 1772 Tcpip ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:13:50.0800 1772 \Device\Harddisk0\DR0\# - copied to quarantine 20:13:50.0800 1772 \Device\Harddisk0\DR0 - copied to quarantine 20:13:50.0957 1772 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine 20:13:51.0050 1772 \Device\Harddisk0\DR0\TDLFS\vbr - copied to quarantine 20:13:51.0128 1772 \Device\Harddisk0\DR0\TDLFS\bid - copied to quarantine 20:13:51.0128 1772 \Device\Harddisk0\DR0\TDLFS\affid - copied to quarantine 20:13:51.0128 1772 \Device\Harddisk0\DR0\TDLFS\boot - copied to quarantine 20:13:51.0160 1772 \Device\Harddisk0\DR0\TDLFS\cmd32 - copied to quarantine 20:13:51.0160 1772 \Device\Harddisk0\DR0\TDLFS\cmd64 - copied to quarantine 20:13:51.0175 1772 \Device\Harddisk0\DR0\TDLFS\dbg32 - copied to quarantine 20:13:51.0175 1772 \Device\Harddisk0\DR0\TDLFS\dbg64 - copied to quarantine 20:13:51.0207 1772 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine 20:13:51.0410 1772 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine 20:13:51.0457 1772 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine 20:13:51.0457 1772 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine 20:13:51.0457 1772 \Device\Harddisk0\DR0\TDLFS\main - copied to quarantine 20:13:51.0457 1772 \Device\Harddisk0\DR0\TDLFS\subid - copied to quarantine 20:13:51.0472 1772 \Device\Harddisk0\DR0\TDLFS\info - copied to quarantine 20:13:51.0472 1772 \Device\Harddisk0\DR0\TDLFS\mainfb.script - copied to quarantine 20:13:51.0519 1772 \Device\Harddisk0\DR0\TDLFS\com32 - copied to quarantine 20:13:51.0535 1772 \Device\Harddisk0\DR0\TDLFS\bbr232 - copied to quarantine 20:13:51.0660 1772 \Device\Harddisk0\DR0\TDLFS\bbr_conf - copied to quarantine 20:13:51.0738 1772 \Device\Harddisk0\DR0\TDLFS\serf332 - copied to quarantine 20:13:52.0394 1772 \Device\Harddisk0\DR0\TDLFS\sant32 - copied to quarantine 20:13:52.0597 1772 \Device\Harddisk0\DR0\TDLFS\serf_conf - copied to quarantine 20:13:52.0597 1772 \Device\Harddisk0\DR0\TDLFS\time.txt - copied to quarantine 20:13:52.0660 1772 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot 20:13:52.0660 1772 \Device\Harddisk0\DR0 - ok 20:13:52.0660 1772 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure 20:13:52.0675 1772 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user 20:13:52.0675 1772 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
  7. I downloaded and ran both options for the dss scan, but niether scan completed or posted a log after 10+ minutes. Each scan did freeze the computer and it had to be manually restarted. While the scan was in process, the screen seemed to flicker every 30 seconds or so. The computer's performance is signifigantly slower, much like there are many processes happening at once. Please let me know how to proceed. Thanks!!!
  8. Can you post a link so I can download the DSS scan? I removed the previous version I had installed. Here is log from MB when scan was peformed in normal mode: Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Database version: v2012.02.08.02 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Administrator :: ANONYMOUS [administrator] 2/8/2012 2:44:56 PM mbam-log-2012-02-08 (14-44-56).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 167144 Time elapsed: 9 minute(s), 35 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  9. I was able to unhide my icons and run a quick scan using MB. However, when I run the DSS scan, the cursor turns to the hourglass after the scan is complete and no log is opened. While I am able to browse the net, the computer seems very slow. I did download TrojanKiller beofre I reached out to you. I ran the uninstall but the icon is still on my desktop. Is this another malicious program? Here is the report from the MB quick scan: Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Database version: v2012.02.07.05 Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking) Internet Explorer 8.0.6001.18702 Administrator :: ANONYMOUS [administrator] 2/7/2012 8:45:38 PM mbam-log-2012-02-07 (20-45-38).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 166018 Time elapsed: 4 minute(s), 59 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|NGpTbpTyTEb.exe (Trojan.FakeAlert) -> Data: C:\Documents and Settings\All Users\Application Data\NGpTbpTyTEb.exe -> Quarantined and deleted successfully. Registry Data Items Detected: 6 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowControlPanel (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowRun (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully. Folders Detected: 0 (No malicious items detected) Files Detected: 2 C:\Documents and Settings\All Users\Application Data\NGpTbpTyTEb.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Kvs8Fd5pUHx4R2.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. (end)
  10. I am running XP on my system. I followed directions tp ran a dds scan, however, when can completes, the computer freezes and I do not receive the scan log that I need to post. I cannot run a scan using malwarebytes and all icons are hidden. I am also experiencing redirects. Please advise on where to begin to remove this problem,.
  11. I am running XP on a Dell Inspiron. Picked up this virus (System Check) earlier today and have tried to run Malwaebytes that is currently installed. However, I cannot see any pre-existing icons. I am currently using the laptop in safe mode and have exhausted every trick I know to correct these issues. Recent posts refer to using Windows 7 and Vista, but I have not found anything in regards to XP. I am also being redirected to random sites when using google. Please help with instructions on how to scan and remove virus, unhide icons and remove redirects. Thank you in advance!!!!! CB
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.