Jump to content

Tot

Members
  • Posts

    12
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Okay, did that. Thanks again!
  2. Also, I do have both Norton and Sophos installed. I honestly like Sophos better for the antivirus, but Norton for the firewall/defrag. So that means I should uninstall one of them?
  3. First of all, thank you VERY VERY VERY MUCH for your kind help. I didn't realize how big an impact it can be to be compromised, have to be more careful in future. One more question: I used Defogger before, do I need to run it again to 'refog' now?
  4. Kaspersky + Security Check logs done. (took a long time!) KASPERSKY ONLINE SCANNER 7.0: scan report Tuesday, May 18, 2010 Operating system: Microsoft Professional (build 7600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Monday, May 17, 2010 15:24:22 Records in database: 4119521 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: C:\ D:\ E:\ Scan statistics: Objects scanned: 207390 Threats found: 5 Infected objects found: 13 Suspicious objects found: 0 Scan duration: 08:18:18 File name / Threat / Threats count C:\Downloads\mIRC.6.3.-.Keygen.rar Infected: not-a-virus:Client-IRC.Win32.mIRC.63 1 C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.631 1 C:\Program Files\mIRC\mirc.exe.BAK Infected: not-a-virus:Client-IRC.Win32.mIRC.631 1 C:\ProgramData\Sophos\Sophos Anti-Virus\INFECTED\00000062.000 Infected: Trojan-Downloader.Win32.VB.bou 1 C:\ProgramData\Sophos\Sophos Anti-Virus\INFECTED\00000366.000 Infected: Trojan-Downloader.Win32.VB.bou 1 C:\ProgramData\Sophos\Sophos Anti-Virus\INFECTED\00000AB0.000 Infected: Trojan-Downloader.Win32.VB.bou 1 C:\ProgramData\Sophos\Sophos Anti-Virus\INFECTED\autorun.inf.1.000 Infected: Trojan-GameThief.Win32.Magania.bvse 1 C:\Users\All Users\Sophos\Sophos Anti-Virus\INFECTED\00000062.000 Infected: Trojan-Downloader.Win32.VB.bou 1 C:\Users\All Users\Sophos\Sophos Anti-Virus\INFECTED\00000366.000 Infected: Trojan-Downloader.Win32.VB.bou 1 C:\Users\All Users\Sophos\Sophos Anti-Virus\INFECTED\00000AB0.000 Infected: Trojan-Downloader.Win32.VB.bou 1 C:\Users\All Users\Sophos\Sophos Anti-Virus\INFECTED\autorun.inf.1.000 Infected: Trojan-GameThief.Win32.Magania.bvse 1 C:\Users\Tot!\AppData\Local\Microsoft\Windows Sidebar\Gadgets\AutoShutdown.gadget\core\gadget.js Infected: not-a-virus:RiskTool.JS.Shutdown.a 1 Selected area has been scanned. Results of screen317's Security Check version 0.99.4 Windows 7 (UAC is enabled) Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Disabled! Sophos Anti-Virus Norton Internet Security Norton 360 WMI entry may not exist for antivirus; attempting automatic update. ``````````````````````````````` Anti-malware/Other Utilities Check: Ad-Aware Malwarebytes' Anti-Malware CCleaner (remove only) Java 6 Update 19 Java SE Runtime Environment 6 Java 6 Update 3 Java 6 Update 5 Java 6 Update 7 Out of date Java installed! Adobe Flash Player 10.0.45.2 ```````````````````````````````` Process Check: objlist.exe by Laurent Norton ccSvcHst.exe Ad-Aware AAWService.exe Ad-Aware AAWTray.exe is disabled! Sophos Sophos Anti-Virus SavService.exe Sophos Sophos Anti-Virus SAVAdminService.exe Sophos Sophos Anti-Virus SavMain.exe ```````````````````````````````` DNS Vulnerability Check: GREAT! (Not vulnerable to DNS cache poisoning) ``````````End of Log````````````
  5. Well, file is deleted. Thanks for the help!
  6. It's in the Recycle Bin now. Should I delete it?
  7. By the way, MBAM Quick Scan still finds nothing.
  8. Ugh! The file is still here, and it's a medium-risk malware! At least it's visible and identified... http://www.virustotal.com/analisis/d947d66...e63d-1271210015
  9. Combofix + DDS text ComboFix 10-05-15.01 - Tot! 05/2010 週日 10:28:15.7.2 - x86 Microsoft Windows 7 Ultimate 6.1.7600.0.950.852.1033.18.2014.790 [GMT 8:00] 執行位置: c:\users\Tot!\Desktop\ComboFi1x.exe Command switches used :: c:\users\Tot!\Desktop\CFScript.txt * 成功創造新還原點 . PEV Error: UserFile ((((((((((((((((((((((((((((((((((((((( 被刪除的檔案 ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( 驅動/服務 ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_EPVVDW -------\Service_epvvdw ((((((((((((((((((((((((( 2010-04-16 至 2010-05-16 的新的檔案 ))))))))))))))))))))))))))))))) . 2010-05-16 03:07 . 2010-05-16 03:07 -------- d-----w- c:\users\Tot-Fujitsu\AppData\Local\temp 2010-05-16 03:07 . 2010-05-16 03:07 -------- d-----w- c:\users\Public\AppData\Local\temp 2010-05-16 03:07 . 2010-05-16 03:07 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-05-16 03:07 . 2010-05-16 03:07 -------- d-----w- c:\users\Chunk\AppData\Local\temp 2010-05-16 03:07 . 2010-05-16 03:07 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2010-05-14 02:44 . 2009-06-30 01:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys 2010-05-14 02:33 . 2010-05-14 02:33 -------- d-----w- c:\program files\FileASSASSIN 2010-05-14 02:23 . 2010-05-14 02:43 -------- d-----w- c:\program files\Panda Security 2010-05-14 02:22 . 2010-05-14 02:23 -------- d--h--w- c:\windows\AxInstSV 2010-05-14 00:47 . 2010-05-14 00:47 -------- d-----w- c:\users\Tot!\AppData\Local\Diagnostics 2010-05-13 07:41 . 2010-05-16 03:15 -------- d-----w- c:\users\Tot!\AppData\Local\temp 2010-05-12 13:37 . 2010-03-04 07:33 740864 ----a-w- c:\windows\system32\inetcomm.dll 2010-05-05 23:40 . 2010-05-05 23:40 -------- d-----w- c:\users\Tot!\AppData\Roaming\Malwarebytes 2010-05-05 23:39 . 2010-04-29 07:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-05-05 23:39 . 2010-05-05 23:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-05-05 23:39 . 2010-05-05 23:39 -------- d-----w- c:\programdata\Malwarebytes 2010-05-05 23:39 . 2010-04-29 07:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-05-02 13:53 . 2010-05-16 01:07 -------- d-----w- c:\users\Tot!\AppData\Local\CrashDumps 2010-05-02 12:21 . 2010-02-27 02:23 43696 ----a-w- c:\windows\system32\drivers\srtspx.sys 2010-05-02 12:21 . 2009-11-26 06:41 172592 ----a-r- c:\windows\system32\drivers\symefa.sys 2010-05-02 12:21 . 2009-11-22 00:43 340016 ----a-r- c:\windows\system32\drivers\symtdiv.sys 2010-05-02 12:21 . 2009-10-15 03:50 328752 ----a-r- c:\windows\system32\drivers\symds.sys 2010-05-02 12:21 . 2010-02-27 02:23 116784 ----a-w- c:\windows\system32\drivers\ironx86.sys 2010-05-02 12:21 . 2010-02-25 23:22 501888 ----a-w- c:\windows\system32\drivers\cchpx86.sys 2010-05-02 12:17 . 2010-05-02 12:17 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2010-05-02 12:17 . 2010-05-02 12:17 -------- d-----w- c:\program files\Symantec 2010-05-02 12:16 . 2010-05-02 12:25 -------- d-----w- c:\windows\system32\drivers\N360 2010-05-02 12:16 . 2010-05-02 12:16 -------- d-----w- c:\program files\Norton 360 2010-05-02 12:16 . 2010-05-02 12:16 -------- d-----w- c:\program files\NortonInstaller 2010-05-02 11:23 . 2010-05-14 06:59 1152 ----a-w- c:\windows\system32\drivers\epvvdw.sys 2010-04-28 12:05 . 2009-09-26 05:58 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys 2010-04-28 12:04 . 2009-12-11 07:44 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2010-04-28 12:04 . 2009-12-11 07:38 1037312 ----a-w- c:\windows\system32\lsasrv.dll 2010-04-23 12:41 . 2010-04-23 12:41 -------- d-----w- c:\program files\iPod 2010-04-23 12:41 . 2010-04-23 12:42 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521} 2010-04-23 12:33 . 2010-04-23 12:33 -------- d-----w- c:\program files\Bonjour 2010-04-17 01:28 . 2007-03-22 20:05 29272 ----a-r- c:\windows\system32\AdobePDF.dll . (((((((((((((((((((((((((((((((((((((((( 在三個月內被修改的檔案 )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-16 03:11 . 2010-02-16 02:13 -------- d-----w- c:\program files\PeerBlock 2010-05-14 07:06 . 2010-02-16 01:45 686904 ----a-w- c:\windows\system32\perfh00A.dat 2010-05-14 07:06 . 2010-02-16 01:45 134548 ----a-w- c:\windows\system32\perfc00A.dat 2010-05-14 07:06 . 2010-02-16 01:25 97358 ----a-w- c:\windows\system32\prfc0404.dat 2010-05-14 07:06 . 2010-02-16 01:25 374202 ----a-w- c:\windows\system32\prfh0404.dat 2010-05-14 07:06 . 2010-02-16 00:59 358232 ----a-w- c:\windows\system32\prfh0804.dat 2010-05-14 07:06 . 2010-02-16 00:59 102272 ----a-w- c:\windows\system32\prfc0804.dat 2010-05-13 05:12 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail 2010-05-13 05:12 . 2007-04-17 23:52 -------- d-----w- c:\programdata\Microsoft Help 2010-05-13 05:07 . 2008-02-15 15:37 -------- d-----w- c:\program files\RAR Password Cracker 2010-05-05 01:10 . 2007-10-10 09:10 -------- d-----w- c:\users\Tot!\AppData\Roaming\Azureus 2010-05-02 12:28 . 2007-10-13 13:18 -------- d-----w- c:\program files\Common Files\Symantec Shared 2010-05-02 12:17 . 2010-05-02 12:17 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF 2010-05-02 12:17 . 2010-05-02 12:17 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT 2010-05-02 12:16 . 2010-02-16 03:01 -------- d-----w- c:\programdata\Norton 2010-05-02 12:12 . 2010-02-16 03:01 -------- d-----w- c:\programdata\NortonInstaller 2010-05-02 11:55 . 2007-11-10 06:30 -------- d-----w- c:\users\Tot!\AppData\Roaming\mIRC 2010-05-01 00:39 . 2007-10-10 09:15 -------- d-----w- c:\program files\Opera 2010-04-25 12:12 . 2008-06-18 12:51 -------- d-----w- c:\users\Tot!\AppData\Roaming\ppstream 2010-04-25 10:52 . 2008-07-02 13:41 -------- d-----w- c:\program files\PPStream 2010-04-23 12:42 . 2008-11-25 22:29 -------- d-----w- c:\program files\iTunes 2010-04-23 12:41 . 2008-11-03 01:51 -------- d-----w- c:\program files\Common Files\Apple 2010-04-23 12:38 . 2008-12-26 07:29 -------- d-----w- c:\program files\QuickTime Alternative 2010-04-23 12:32 . 2010-04-23 12:32 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe 2010-04-21 23:02 . 2010-04-21 23:02 548864 ----a-w- c:\programdata\Sophos\AutoUpdate\Cache\savxp\program files\sophos\sophos anti-virus\savres.dll 2010-04-21 23:02 . 2010-04-21 23:02 240680 ----a-w- c:\programdata\Sophos\AutoUpdate\Cache\savxp\program files\sophos\sophos anti-virus\sav32cli.exe 2010-04-21 23:02 . 2010-04-21 23:02 138280 ----a-w- c:\programdata\Sophos\AutoUpdate\Cache\savxp\program files\sophos\sophos anti-virus\savmscm.dll 2010-04-21 23:02 . 2010-04-21 23:02 2030632 ----a-w- c:\programdata\Sophos\AutoUpdate\Cache\savxp\veex.dll 2010-04-21 23:02 . 2010-04-21 23:02 736296 ----a-w- c:\programdata\Sophos\AutoUpdate\Cache\savxp\savi.dll 2010-04-21 23:02 . 2010-04-21 23:02 183336 ----a-w- c:\programdata\Sophos\AutoUpdate\Cache\savxp\osdp.dll 2010-04-06 15:57 . 2008-02-15 11:15 -------- d-----w- c:\program files\Common Files\Acronis 2010-04-05 07:22 . 2010-04-05 07:22 28672 ----a-w- c:\windows\kmouse32.dll 2010-04-05 07:22 . 2010-04-05 07:22 507236 ----a-w- c:\windows\smashface.exe 2010-04-05 07:22 . 2010-04-05 07:22 105908 ----a-w- c:\windows\smashface.scr 2010-04-03 13:49 . 2010-04-03 08:27 -------- d-----w- c:\users\Tot!\AppData\Roaming\vlc 2010-04-03 08:25 . 2010-04-03 08:25 -------- d-----w- c:\program files\VideoLAN 2010-04-01 23:41 . 2007-04-17 20:09 -------- d-----w- c:\program files\Common Files\Java 2010-04-01 23:41 . 2007-04-17 20:09 -------- d-----w- c:\program files\Java 2010-03-28 12:29 . 2007-04-17 20:10 -------- d-----w- c:\program files\Common Files\Adobe 2010-03-08 21:33 . 2010-04-14 15:50 427520 ----a-w- c:\windows\system32\vbscript.dll 2010-03-08 20:28 . 2008-12-07 22:49 411368 ----a-w- c:\windows\system32\deploytk.dll 2010-02-27 12:07 . 2010-04-14 15:50 3954568 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-02-27 12:07 . 2010-04-14 15:50 3899280 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-02-27 07:32 . 2010-04-14 15:50 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2010-02-27 07:32 . 2010-04-14 15:50 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2010-02-27 07:32 . 2010-04-14 15:50 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-24 02:16 . 2009-10-04 00:39 181632 ------w- c:\windows\system32\MpSigStub.exe 2010-02-23 07:56 . 2010-03-30 22:15 977920 ----a-w- c:\windows\system32\wininet.dll 2010-02-16 01:41 . 2010-02-16 01:45 41390 ----a-w- c:\windows\system32\perfd00A.dat 2010-02-16 01:41 . 2010-02-16 01:45 341432 ----a-w- c:\windows\system32\perfi00A.dat 2010-02-16 01:20 . 2010-02-16 01:25 31548 ----a-w- c:\windows\system32\prfd0404.dat 2010-02-16 01:20 . 2010-02-16 01:25 117840 ----a-w- c:\windows\system32\prfi0404.dat 2010-02-16 00:56 . 2010-02-16 00:59 111310 ----a-w- c:\windows\system32\prfi0804.dat 2010-02-16 00:56 . 2010-02-16 00:59 31548 ----a-w- c:\windows\system32\prfd0804.dat 2010-02-15 16:13 . 2010-02-15 16:13 124184 ----a-w- c:\users\Tot!\AppData\Local\GDIPFONTCACHEV1.DAT 2010-02-15 15:48 . 2010-02-15 15:48 21316 ----a-w- c:\windows\system32\emptyregdb.dat 2010-02-15 13:26 . 2007-10-09 15:54 12 ----a-w- c:\windows\bthservsdp.dat 2008-12-01 11:22 . 2008-12-01 11:22 604 ---ha-w- c:\program files\STLL Notifier 2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll 2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat 2006-05-03 10:06 . 2009-03-24 14:07 163328 --sha-r- c:\windows\System32\flvDX.dll 2007-02-21 11:47 . 2009-03-24 14:07 31232 --sha-r- c:\windows\System32\msfDX.dll 2008-03-16 13:30 . 2009-03-24 14:07 216064 --sha-r- c:\windows\System32\nbDX.dll 2005-08-24 15:10 . 2008-02-15 14:07 174592 --sha-w- c:\windows\System32\ncfpsys.exe 2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe . ((((((((((((((((((((((((((((((((((((( 重要登入點 )))))))))))))))))))))))))))))))))))))))))))))))))) . . *注意* 空白與合法缺省登錄將不會被顯示 REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSF_Monitor"="c:\progra~1\MYSECR~1\MSFMON.exe" [2007-02-27 99920] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ AutoUpdate Monitor.lnk - c:\program files\Sophos\AutoUpdate\ALMon.exe [2009-7-2 245760] HKO Weather Wizard.lnk - c:\windows\Installer\{59AB7C01-B31D-424F-88C1-83900495AA7E}\_0E82BA580D7CD34E169718.exe [2008-12-24 16958] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Sophos\SOPHOS~1\sophos_detoured.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService] @="service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus] "DisableMonitoring"=dword:00000001 R2 LvIBTSvr;Logitech IBT Service;c:\program files\Common Files\LogiShrd\LvIBTSvr\LvIBTSvr.exe [2007-04-03 76576] R3 ADVNTDRV;ADVNTDRV;c:\windows\System32\drivers\ADVNTDRV.SYS [1999-11-18 3872] R3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\DRIVERS\KMWDFILTER.sys [2008-03-22 17024] R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2009-09-27 16472] R3 SBKUPNT;SBKUPNT;c:\windows\system32\Drivers\SBKUPNT.SYS [2001-07-13 14976] R4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys [2008-09-30 20288] S0 FJGSDisk;G-Sensor Application Filter Driver;c:\windows\system32\DRIVERS\FJGSDisk.sys [2007-07-18 10368] S0 iaNvStor;Intel® Turbo Memory Controller;c:\windows\system32\DRIVERS\iaNvStor.sys [2009-07-01 232472] S0 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2006-10-03 36640] S0 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2006-10-12 33152] S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-06-30 28552] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0401000.020\SYMDS.SYS [2009-10-15 328752] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0401000.020\SYMEFA.SYS [2009-11-26 172592] S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100429.001\BHDrvx86.sys [2010-04-29 537136] S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0401000.020\ccHPx86.sys [2010-02-25 501888] S1 Ext2fs;Ext2fs;c:\windows\system32\DRIVERS\ext2fs.sys [2008-09-25 189888] S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100505.001\IDSvix86.sys [2009-11-17 343088] S1 IfsMount;IfsMount;c:\windows\system32\DRIVERS\ifsmount.sys [2008-08-28 60352] S1 SAVOnAccess;SAVOnAccess;c:\windows\system32\DRIVERS\savonaccess.sys [2009-02-26 93192] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0401000.020\Ironx86.SYS [2010-02-27 116784] S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\N360\0401000.020\SYMTDIV.SYS [2009-11-22 340016] S2 FJSPA;FJSPA;c:\program files\Fujitsu\FJSPA\FJSPA.sys [2006-12-08 17712] S2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\ApaxQMouse\KMWDSrv.exe [2008-06-23 208896] S2 MSF32;MSF32;c:\program files\MySecretFolder\MSF32.SYS [2007-02-27 39424] S2 N360;Norton 360;c:\program files\Norton 360\Engine\4.1.0.32\ccSvcHst.exe [2010-02-25 126392] S2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2009-10-29 80936] S2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [2008-09-30 98304] S2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\Intel\AMT\UNS.exe [2007-07-18 1489688] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-05-02 102448] S3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\DRIVERS\FUJ02E3.sys [2006-11-02 5632] S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168] S3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\DRIVERS\SMSCirda.sys [2007-04-25 31232] --- Other Services/Drivers In Memory --- *Deregistered* - SYMFW *Deregistered* - SYMNDISV [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr .
  10. Thank you for the help! ComboFix and DDS logs posted (some in zip file). Incidentally, I ran MBAM again, and now no files are detected as malicious... strange. DDS (Ver_10-03-17.01) - NTFSx86 Run by Tot! at 9:42:59.09 on 16/05/2010 週日 Internet Explorer: 8.0.7600.16385 Microsoft Windows 7 Ultimate 6.1.7600.0.950.852.1033.18.2014.1130 [GMT 8:00] ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\MySecretFolder\MSFMON.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Sophos\AutoUpdate\ALMon.exe C:\Windows\system32\taskhost.exe C:\Program Files\HKO\HKO WeatherWizard\toolbar.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Intel\AMT\atchksrv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Program Files\ApaxQMouse\KMWDSrv.exe C:\Program Files\Intel\AMT\LMS.exe C:\Program Files\Norton 360\Engine\4.1.0.32\ccSvcHst.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Windows\system32\o2flash.exe C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe C:\Program Files\Sophos\AutoUpdate\ALsvc.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Intel\AMT\UNS.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Norton 360\Engine\4.1.0.32\ccSvcHst.exe C:\Windows\system32\svchost.exe -k WindowsMobile C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\System32\mobsync.exe C:\Program Files\PeerBlock\peerblock.exe C:\Program Files\QuickTime Alternative\QuickTimePlayer.exe C:\Windows\system32\conhost.exe C:\ComboFi1x\CF8776.cfxxe C:\Windows\Explorer.exe C:\ComboFi1x\handle.cfxxe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Users\Tot!\Desktop\dds.com C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = https://gmail.google.com/ uInternet Settings,ProxyOverride = *.local BHO: Sophos Web Content Scanner: {39ea7695-b3f2-4c44-a4bc-297ada8fd235} - c:\program files\sophos\sophos anti-virus\SophosBHO.dll BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\4.1.0.32\coIEPlg.dll BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\4.1.0.32\IPSBHO.DLL BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\4.1.0.32\coIEPlg.dll TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun mRun: [MSF_Monitor] c:\progra~1\mysecr~1\MSFMON.exe /Start mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\autoup~1.lnk - c:\program files\sophos\autoupdate\ALMon.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hkowea~1.lnk - c:\windows\installer\{59ab7c01-b31d-424f-88c1-83900495aa7e}\_0E82BA580D7CD34E169718.exe mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL Trusted Zone: tvb.com\mytv DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} - c:\users\tot!\appdata\local\temp\f5tmp\f5tunsrv.cab DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - hxxps://gateway.ha.org.hk/vdesk/terminal/InstallerControl.cab DPF: {7E73BE8F-FD87-44EC-8E22-023D5FF960FF} - c:\users\tot!\appdata\local\temp\f5tmp\vdeskctrl.cab DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} - c:\users\tot!\appdata\local\temp\f5tmp\urxshost.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} - c:\users\tot!\appdata\local\temp\f5tmp\urxhost.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll AppInit_DLLs: c:\progra~1\sophos\sophos~1\sophos_detoured.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll ============= SERVICES / DRIVERS =============== R0 FJGSDisk;G-Sensor Application Filter Driver;c:\windows\system32\drivers\FJGSDisk.sys [2007-7-18 10368] R0 iaNvStor;Intel® Turbo Memory Controller;c:\windows\system32\drivers\iaNvStor.sys [2010-2-27 232472] R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2006-10-4 36640] R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2006-10-13 33152] R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-5-14 28552] R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0401000.020\symds.sys [2010-5-2 328752] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0401000.020\symefa.sys [2010-5-2 172592] R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\bashdefs\20100429.001\BHDrvx86.sys [2010-4-30 537136] R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0401000.020\cchpx86.sys [2010-5-2 501888] R1 Ext2fs;Ext2fs;c:\windows\system32\drivers\ext2fs.sys [2009-3-24 189888] R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\ipsdefs\20100505.001\IDSvix86.sys [2010-5-12 343088] R1 IfsMount;IfsMount;c:\windows\system32\drivers\ifsmount.sys [2009-3-24 60352] R1 SAVOnAccess;SAVOnAccess;c:\windows\system32\drivers\savonaccess.sys [2009-2-26 93192] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0401000.020\ironx86.sys [2010-5-2 116784] R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0401000.020\symtdiv.sys [2010-5-2 340016] R2 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2008-1-4 607576] R2 FJSPA;FJSPA;c:\program files\fujitsu\fjspa\FJSPA.sys [2006-12-8 17712] R2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\apaxqmouse\KMWDSrv.exe [2008-6-23 208896] R2 MSF32;MSF32;c:\program files\mysecretfolder\MSF32.SYS [2007-10-14 39424] R2 N360;Norton 360;c:\program files\norton 360\engine\4.1.0.32\ccsvchst.exe [2010-5-2 126392] R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\sophos\sophos anti-virus\SAVAdminService.exe [2009-10-29 80936] R2 SAVService;Sophos Anti-Virus;c:\program files\sophos\sophos anti-virus\SavService.exe [2008-9-30 98304] R2 Sophos AutoUpdate Service;Sophos AutoUpdate Service;c:\program files\sophos\autoupdate\ALsvc.exe [2009-7-2 172032] R2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\intel\amt\UNS.exe [2007-7-18 1489688] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-5-2 102448] R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\fuj02e3.sys [2007-7-18 5632] R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-11 4231168] R3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2010-2-16 16472] R3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\drivers\smscirda.sys [2007-4-25 31232] S0 epvvdw;epvvdw;c:\windows\system32\drivers\epvvdw.sys [2010-5-2 1152] S2 LvIBTSvr;Logitech IBT Service;c:\program files\common files\logishrd\lvibtsvr\LvIBTSvr.exe [2007-4-3 76576] S3 ADVNTDRV;ADVNTDRV;c:\windows\system32\drivers\ADVNTDRV.SYS [2007-10-10 3872] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888] S3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\drivers\KMWDFILTER.sys [2009-4-29 17024] S3 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [2009-3-24 14976] S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [2008-9-30 20288] =============== Created Last 30 ================ 2010-05-16 01:35:54 0 d-sh--w- C:\$RECYCLE.BIN 2010-05-14 02:48:48 0 ----a-w- c:\users\tot!\defogger_reenable 2010-05-14 02:44:12 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys 2010-05-14 02:33:57 0 d-----w- c:\program files\FileASSASSIN 2010-05-14 02:23:07 0 d-----w- c:\program files\Panda Security 2010-05-14 02:22:48 0 d--h--w- c:\windows\AxInstSV 2010-05-13 06:35:35 77312 ----a-w- c:\windows\MBR.exe 2010-05-13 06:35:35 256512 ----a-w- c:\windows\PEV.exe 2010-05-12 13:37:52 740864 ----a-w- c:\windows\system32\inetcomm.dll 2010-05-05 23:40:19 0 d-----w- c:\users\tot!\appdata\roaming\Malwarebytes 2010-05-05 23:39:58 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-05-05 23:39:56 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-05-05 23:39:56 0 d-----w- c:\programdata\Malwarebytes 2010-05-05 23:39:56 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-05-02 12:21:32 43696 ----a-w- c:\windows\system32\drivers\srtspx.sys 2010-05-02 12:21:32 340016 ----a-r- c:\windows\system32\drivers\symtdiv.sys 2010-05-02 12:21:32 328752 ----a-r- c:\windows\system32\drivers\symds.sys 2010-05-02 12:21:32 172592 ----a-r- c:\windows\system32\drivers\symefa.sys 2010-05-02 12:21:31 501888 ----a-w- c:\windows\system32\drivers\cchpx86.sys 2010-05-02 12:21:31 116784 ----a-w- c:\windows\system32\drivers\ironx86.sys 2010-05-02 12:17:56 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF 2010-05-02 12:17:56 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT 2010-05-02 12:17:56 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2010-05-02 12:17:41 0 d-----w- c:\program files\Symantec 2010-05-02 12:16:44 0 d-----w- c:\windows\system32\drivers\N360 2010-05-02 12:16:41 0 d-----w- c:\program files\Norton 360 2010-05-02 12:16:33 0 d-----w- c:\program files\NortonInstaller 2010-05-02 11:23:46 1152 ----a-w- c:\windows\system32\drivers\epvvdw.sys 2010-04-28 12:05:08 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys 2010-04-28 12:04:40 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2010-04-28 12:04:40 1037312 ----a-w- c:\windows\system32\lsasrv.dll 2010-04-23 12:41:32 0 d-----w- c:\program files\iPod 2010-04-23 12:41:31 0 d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521} 2010-04-23 12:33:53 0 d-----w- c:\program files\Bonjour 2010-04-17 01:28:42 29272 ----a-r- c:\windows\system32\AdobePDF.dll ==================== Find3M ==================== 2010-05-14 07:06:35 97358 ----a-w- c:\windows\system32\prfc0404.dat 2010-05-14 07:06:35 686904 ----a-w- c:\windows\system32\perfh00A.dat 2010-05-14 07:06:35 374202 ----a-w- c:\windows\system32\prfh0404.dat 2010-05-14 07:06:35 358232 ----a-w- c:\windows\system32\prfh0804.dat 2010-05-14 07:06:35 134548 ----a-w- c:\windows\system32\perfc00A.dat 2010-05-14 07:06:35 102272 ----a-w- c:\windows\system32\prfc0804.dat 2010-04-05 07:22:17 28672 ----a-w- c:\windows\kmouse32.dll 2010-04-05 07:22:15 507236 ----a-w- c:\windows\smashface.exe 2010-04-05 07:22:15 105908 ----a-w- c:\windows\smashface.scr 2010-03-08 21:33:56 427520 ----a-w- c:\windows\system32\vbscript.dll 2010-03-08 20:28:20 411368 ----a-w- c:\windows\system32\deploytk.dll 2010-02-27 12:07:48 3954568 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-02-27 12:07:48 3899280 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-02-24 02:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe 2010-02-23 07:56:00 977920 ----a-w- c:\windows\system32\wininet.dll 2010-02-16 01:41:35 41390 ----a-w- c:\windows\system32\perfd00A.dat 2010-02-16 01:41:35 41390 ----a-w- c:\windows\inf\perflib\0c0a\perfd.dat 2010-02-16 01:41:35 41390 ----a-w- c:\windows\inf\perflib\0c0a\perfc.dat 2010-02-16 01:41:35 341432 ----a-w- c:\windows\system32\perfi00A.dat 2010-02-16 01:41:35 341432 ----a-w- c:\windows\inf\perflib\0c0a\perfi.dat 2010-02-16 01:41:35 341432 ----a-w- c:\windows\inf\perflib\0c0a\perfh.dat 2010-02-16 01:20:33 31548 ----a-w- c:\windows\system32\prfd0404.dat 2010-02-16 01:20:33 31548 ----a-w- c:\windows\inf\perflib\0404\perfd.dat 2010-02-16 01:20:33 31548 ----a-w- c:\windows\inf\perflib\0404\perfc.dat 2010-02-16 01:20:33 117840 ----a-w- c:\windows\system32\prfi0404.dat 2010-02-16 01:20:33 117840 ----a-w- c:\windows\inf\perflib\0404\perfi.dat 2010-02-16 01:20:33 117840 ----a-w- c:\windows\inf\perflib\0404\perfh.dat 2010-02-16 00:56:49 31548 ----a-w- c:\windows\system32\prfd0804.dat 2010-02-16 00:56:49 31548 ----a-w- c:\windows\inf\perflib\0804\perfd.dat 2010-02-16 00:56:49 31548 ----a-w- c:\windows\inf\perflib\0804\perfc.dat 2010-02-16 00:56:49 111310 ----a-w- c:\windows\system32\prfi0804.dat 2010-02-16 00:56:49 111310 ----a-w- c:\windows\inf\perflib\0804\perfi.dat 2010-02-16 00:56:49 111310 ----a-w- c:\windows\inf\perflib\0804\perfh.dat 2010-02-15 15:48:03 21316 ----a-w- c:\windows\system32\emptyregdb.dat 2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat 2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat 2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat 2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat 2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini 2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat 2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat 2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat 2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat 2008-12-01 11:22:24 604 ---ha-w- c:\program files\STLL Notifier 2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat 2006-05-03 10:06:54 163328 --sha-r- c:\windows\system32\flvDX.dll 2007-02-21 11:47:16 31232 --sha-r- c:\windows\system32\msfDX.dll 2008-03-16 13:30:52 216064 --sha-r- c:\windows\system32\nbDX.dll 2005-08-24 15:10:04 174592 --sha-w- c:\windows\system32\ncfpsys.exe 2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe ============= FINISH: 9:45:09.54 =============== Attach1.zip
  11. Would anybody be available to help me? I still need help. Thanks.
  12. My antivirus (sophos) detected a Trojan, but wasn't able to remove it. I tried removing it via MBAM, but it comes back after reboot. Hopefully I've followed all the instructions correctly for posting here (used Defogger; got MBAM, DDS logs, plus attached GMER) I -would- like to know, though... how badly am I compromised? Thank you SO MUCH for your help in advance. Sure hoping that it's not too bad... Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4094 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 14/5/2010 10:23:39 mbam-log-2010-05-14 (10-23-39).txt Scan type: Quick scan Objects scanned: 141354 Time elapsed: 14 minute(s), 18 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Windows\system32\Drivers\epvvdw.sys (Rootkit.Agent) -> No action taken. DDS (Ver_10-03-17.01) - NTFSx86 Run by Tot! at 10:49:37.02 on 14/05/2010 週五 Internet Explorer: 8.0.7600.16385 Microsoft Windows 7 Ultimate 6.1.7600.0.950.852.1033.18.2014.808 [GMT 8:00] ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskhost.exe C:\Program Files\MySecretFolder\MSFMON.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Sophos\AutoUpdate\ALMon.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Intel\AMT\atchksrv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Program Files\ApaxQMouse\KMWDSrv.exe C:\Program Files\Intel\AMT\LMS.exe C:\Program Files\Norton 360\Engine\4.1.0.32\ccSvcHst.exe C:\Program Files\HKO\HKO WeatherWizard\toolbar.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Windows\system32\o2flash.exe C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe C:\Program Files\Sophos\AutoUpdate\ALsvc.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Intel\AMT\UNS.exe C:\Program Files\Norton 360\Engine\4.1.0.32\ccSvcHst.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\svchost.exe -k WindowsMobile C:\Windows\system32\NOTEPAD.EXE C:\Program Files\Opera\opera.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Tot!\Desktop\dds.com C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = https://gmail.google.com/ uInternet Settings,ProxyOverride = *.local BHO: Sophos Web Content Scanner: {39ea7695-b3f2-4c44-a4bc-297ada8fd235} - c:\program files\sophos\sophos anti-virus\SophosBHO.dll BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\4.1.0.32\coIEPlg.dll BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\4.1.0.32\IPSBHO.DLL BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\4.1.0.32\coIEPlg.dll TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun mRun: [MSF_Monitor] c:\progra~1\mysecr~1\MSFMON.exe /Start mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\autoup~1.lnk - c:\program files\sophos\autoupdate\ALMon.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hkowea~1.lnk - c:\windows\installer\{59ab7c01-b31d-424f-88c1-83900495aa7e}\_0E82BA580D7CD34E169718.exe mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL Trusted Zone: tvb.com\mytv DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} - c:\users\tot!\appdata\local\temp\f5tmp\f5tunsrv.cab DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - hxxps://gateway.ha.org.hk/vdesk/terminal/InstallerControl.cab DPF: {7E73BE8F-FD87-44EC-8E22-023D5FF960FF} - c:\users\tot!\appdata\local\temp\f5tmp\vdeskctrl.cab DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} - c:\users\tot!\appdata\local\temp\f5tmp\urxshost.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} - c:\users\tot!\appdata\local\temp\f5tmp\urxhost.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll AppInit_DLLs: c:\progra~1\sophos\sophos~1\sophos_detoured.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll ============= SERVICES / DRIVERS =============== R0 FJGSDisk;G-Sensor Application Filter Driver;c:\windows\system32\drivers\FJGSDisk.sys [2007-7-18 10368] R0 iaNvStor;Intel® Turbo Memory Controller;c:\windows\system32\drivers\iaNvStor.sys [2010-2-27 232472] R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2006-10-4 36640] R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2006-10-13 33152] R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0401000.020\symds.sys [2010-5-2 328752] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0401000.020\symefa.sys [2010-5-2 172592] R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\bashdefs\20100429.001\BHDrvx86.sys [2010-4-30 537136] R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0401000.020\cchpx86.sys [2010-5-2 501888] R1 Ext2fs;Ext2fs;c:\windows\system32\drivers\ext2fs.sys [2009-3-24 189888] R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\ipsdefs\20100505.001\IDSvix86.sys [2010-5-12 343088] R1 IfsMount;IfsMount;c:\windows\system32\drivers\ifsmount.sys [2009-3-24 60352] R1 SAVOnAccess;SAVOnAccess;c:\windows\system32\drivers\savonaccess.sys [2009-2-26 93192] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0401000.020\ironx86.sys [2010-5-2 116784] R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0401000.020\symtdiv.sys [2010-5-2 340016] R2 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2008-1-4 607576] R2 FJSPA;FJSPA;c:\program files\fujitsu\fjspa\FJSPA.sys [2006-12-8 17712] R2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\apaxqmouse\KMWDSrv.exe [2008-6-23 208896] R2 MSF32;MSF32;c:\program files\mysecretfolder\MSF32.SYS [2007-10-14 39424] R2 N360;Norton 360;c:\program files\norton 360\engine\4.1.0.32\ccsvchst.exe [2010-5-2 126392] R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\sophos\sophos anti-virus\SAVAdminService.exe [2009-10-29 80936] R2 SAVService;Sophos Anti-Virus;c:\program files\sophos\sophos anti-virus\SavService.exe [2008-9-30 98304] R2 Sophos AutoUpdate Service;Sophos AutoUpdate Service;c:\program files\sophos\autoupdate\ALsvc.exe [2009-7-2 172032] R2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\intel\amt\UNS.exe [2007-7-18 1489688] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-5-2 102448] R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\fuj02e3.sys [2007-7-18 5632] R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-11 4231168] R3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\drivers\smscirda.sys [2007-4-25 31232] S2 LvIBTSvr;Logitech IBT Service;c:\program files\common files\logishrd\lvibtsvr\LvIBTSvr.exe [2007-4-3 76576] S3 ADVNTDRV;ADVNTDRV;c:\windows\system32\drivers\ADVNTDRV.SYS [2007-10-10 3872] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888] S3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\drivers\KMWDFILTER.sys [2009-4-29 17024] S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2010-2-16 16472] S3 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [2009-3-24 14976] S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [2008-9-30 20288] =============== Created Last 30 ================ 2010-05-14 02:48:48 0 ----a-w- c:\users\tot!\defogger_reenable 2010-05-14 02:44:12 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys 2010-05-14 02:33:57 0 d-----w- c:\program files\FileASSASSIN 2010-05-14 02:23:07 0 d-----w- c:\program files\Panda Security 2010-05-14 02:22:48 0 d--h--w- c:\windows\AxInstSV 2010-05-13 07:44:13 0 d-sh--w- C:\$RECYCLE.BIN 2010-05-13 06:35:35 77312 ----a-w- c:\windows\MBR.exe 2010-05-13 06:35:35 256512 ----a-w- c:\windows\PEV.exe 2010-05-13 06:35:02 0 d-----w- C:\ComboFix 2010-05-12 13:37:52 740864 ----a-w- c:\windows\system32\inetcomm.dll 2010-05-05 23:40:19 0 d-----w- c:\users\tot!\appdata\roaming\Malwarebytes 2010-05-05 23:39:58 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-05-05 23:39:56 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-05-05 23:39:56 0 d-----w- c:\programdata\Malwarebytes 2010-05-05 23:39:56 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-05-02 12:21:32 43696 ----a-w- c:\windows\system32\drivers\srtspx.sys 2010-05-02 12:21:32 340016 ----a-r- c:\windows\system32\drivers\symtdiv.sys 2010-05-02 12:21:32 328752 ----a-r- c:\windows\system32\drivers\symds.sys 2010-05-02 12:21:32 172592 ----a-r- c:\windows\system32\drivers\symefa.sys 2010-05-02 12:21:31 501888 ----a-w- c:\windows\system32\drivers\cchpx86.sys 2010-05-02 12:21:31 116784 ----a-w- c:\windows\system32\drivers\ironx86.sys 2010-05-02 12:17:56 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF 2010-05-02 12:17:56 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT 2010-05-02 12:17:56 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2010-05-02 12:17:41 0 d-----w- c:\program files\Symantec 2010-05-02 12:16:44 0 d-----w- c:\windows\system32\drivers\N360 2010-05-02 12:16:41 0 d-----w- c:\program files\Norton 360 2010-05-02 12:16:33 0 d-----w- c:\program files\NortonInstaller 2010-05-02 11:23:46 823808 ----a-w- c:\windows\system32\drivers\epvvdw.sys 2010-04-28 12:05:08 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys 2010-04-28 12:04:40 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2010-04-28 12:04:40 1037312 ----a-w- c:\windows\system32\lsasrv.dll 2010-04-23 12:41:32 0 d-----w- c:\program files\iPod 2010-04-23 12:41:31 0 d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521} 2010-04-23 12:33:53 0 d-----w- c:\program files\Bonjour 2010-04-17 01:28:42 29272 ----a-r- c:\windows\system32\AdobePDF.dll 2010-04-14 15:50:43 3954568 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-04-14 15:50:43 3899280 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-04-14 15:50:42 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2010-04-14 15:50:42 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2010-04-14 15:50:42 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-04-14 15:50:40 427520 ----a-w- c:\windows\system32\vbscript.dll 2010-04-14 15:50:31 132608 ----a-w- c:\windows\system32\cabview.dll 2010-04-14 15:50:29 172032 ----a-w- c:\windows\system32\wintrust.dll ==================== Find3M ==================== 2010-05-14 02:33:57 97358 ----a-w- c:\windows\system32\prfc0404.dat 2010-05-14 02:33:57 686904 ----a-w- c:\windows\system32\perfh00A.dat 2010-05-14 02:33:57 374202 ----a-w- c:\windows\system32\prfh0404.dat 2010-05-14 02:33:57 358232 ----a-w- c:\windows\system32\prfh0804.dat 2010-05-14 02:33:57 134548 ----a-w- c:\windows\system32\perfc00A.dat 2010-05-14 02:33:57 102272 ----a-w- c:\windows\system32\prfc0804.dat 2010-04-05 07:22:17 28672 ----a-w- c:\windows\kmouse32.dll 2010-04-05 07:22:15 507236 ----a-w- c:\windows\smashface.exe 2010-04-05 07:22:15 105908 ----a-w- c:\windows\smashface.scr 2010-03-08 20:28:20 411368 ----a-w- c:\windows\system32\deploytk.dll 2010-02-24 02:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe 2010-02-23 07:56:00 977920 ----a-w- c:\windows\system32\wininet.dll 2010-02-16 01:41:35 41390 ----a-w- c:\windows\system32\perfd00A.dat 2010-02-16 01:41:35 41390 ----a-w- c:\windows\inf\perflib\0c0a\perfd.dat 2010-02-16 01:41:35 41390 ----a-w- c:\windows\inf\perflib\0c0a\perfc.dat 2010-02-16 01:41:35 341432 ----a-w- c:\windows\system32\perfi00A.dat 2010-02-16 01:41:35 341432 ----a-w- c:\windows\inf\perflib\0c0a\perfi.dat 2010-02-16 01:41:35 341432 ----a-w- c:\windows\inf\perflib\0c0a\perfh.dat 2010-02-16 01:20:33 31548 ----a-w- c:\windows\system32\prfd0404.dat 2010-02-16 01:20:33 31548 ----a-w- c:\windows\inf\perflib\0404\perfd.dat 2010-02-16 01:20:33 31548 ----a-w- c:\windows\inf\perflib\0404\perfc.dat 2010-02-16 01:20:33 117840 ----a-w- c:\windows\system32\prfi0404.dat 2010-02-16 01:20:33 117840 ----a-w- c:\windows\inf\perflib\0404\perfi.dat 2010-02-16 01:20:33 117840 ----a-w- c:\windows\inf\perflib\0404\perfh.dat 2010-02-16 00:56:49 31548 ----a-w- c:\windows\system32\prfd0804.dat 2010-02-16 00:56:49 31548 ----a-w- c:\windows\inf\perflib\0804\perfd.dat 2010-02-16 00:56:49 31548 ----a-w- c:\windows\inf\perflib\0804\perfc.dat 2010-02-16 00:56:49 111310 ----a-w- c:\windows\system32\prfi0804.dat 2010-02-16 00:56:49 111310 ----a-w- c:\windows\inf\perflib\0804\perfi.dat 2010-02-16 00:56:49 111310 ----a-w- c:\windows\inf\perflib\0804\perfh.dat 2010-02-15 15:48:03 21316 ----a-w- c:\windows\system32\emptyregdb.dat 2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat 2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat 2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat 2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat 2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini 2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat 2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat 2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat 2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat 2008-12-01 11:22:24 604 ---ha-w- c:\program files\STLL Notifier 2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat 2006-05-03 10:06:54 163328 --sha-r- c:\windows\system32\flvDX.dll 2007-02-21 11:47:16 31232 --sha-r- c:\windows\system32\msfDX.dll 2008-03-16 13:30:52 216064 --sha-r- c:\windows\system32\nbDX.dll 2005-08-24 15:10:04 174592 --sha-w- c:\windows\system32\ncfpsys.exe 2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe ============= FINISH: 10:52:41.56 =============== attach.zip
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.