Jump to content

Recommended Posts

I have ran malwarebytes multiple times in regular and safemode. Sometimes it finds 1 or so things, but removing changes nothing. Have ran spybot and it too really finds not much and changes nothing.

When my computer starts it makes it to my wallpaper pic fairly normal, but slower. Then I ALWAYS notice that my wallpaper pic disappears to the background blank color page and then the wallpaper pic gets "re-drawn". Once that happens the computer is changed. But, now the refresh is real slow like in 1/4 screen slices. This is visible when closing or changing screens. My wireless keyboard is also very slow reading the keystrokes. The whole computer gets bound up and when the svcs finally error, then I also lose my sound. But, once they finally error, The whole system speeds up. Some consistant errors are the following:

1) appcompat.txt

2) wr34ofdir\appopat.txt

3) svchost.exe -k netsvcs which uses an excessive amount of memory till it crashes

4) I noticed when everything is running, that there is excessive IP activity and my computer is connected to a bunch of servers......ALOT

HERE is my scan:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Sonia Evans at 19:55:57 on 2011-11-18

.

============== Running Processes ===============

.

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.yahoo.com/

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [VTTimer] VTTimer.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\program files\yahoo!\messenger\YahooMessenger.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

Trusted Zone: gamls.com\www

Trusted Zone: rexplorer.net\atl

Trusted Zone: rexplorer.net

DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} - hxxp://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1318504715250

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1318649841562

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{29B64B33-71B6-48DC-9796-9058471823B5} : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{9CEA6E8D-6780-4CBD-B697-934D4F39934C} : DhcpNameServer = 192.168.1.254

Notify: WRNotifier - WRLogonNTF.dll

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\sonia evans\application data\mozilla\firefox\profiles\axuvh315.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npybrowserplus_2.4.17.dll

FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Forecastfox: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3} - %profile%\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - true

.

============= SERVICES / DRIVERS ===============

.

.

=============== Created Last 30 ================

.

2011-11-14 03:50:22 -------- d-----w- c:\program files\DriverGuide DriverScan

2011-11-13 18:42:41 -------- d-----w- c:\documents and settings\sonia evans\local settings\application data\Apple Computer

2011-11-13 18:41:32 -------- d-----w- c:\documents and settings\all users\application data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2011-11-13 18:41:11 -------- d-----w- c:\documents and settings\sonia evans\local settings\application data\Apple

2011-10-21 13:37:21 -------- d-----w- c:\documents and settings\all users\application data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}

2011-10-21 03:54:04 -------- d-----w- c:\documents and settings\sonia evans\local settings\application data\PackageAware

2011-10-20 03:28:45 -------- d-----w- c:\windows\UltraDefrag

2011-10-20 03:28:03 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe

.

==================== Find3M ====================

.

2011-11-18 11:55:31 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-08-31 21:00:50 22216 -c--a-w- c:\windows\system32\drivers\mbam.sys

.

=================== ROOTKIT ====================

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: WDC_WD1600AAJB-00J3A0 rev.01.03E01 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4

.

device: opened successfully

user: MBR read successfully

.

Disk trace:

called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8329F4C0]<<

_asm { MOV EAX, [ESP+0x4]; MOV ECX, [0x832a68a4]; PUSH ESI; MOV ESI, [ESP+0xc]; PUSH EDI; MOV EDI, [ESI+0x60]; CMP EAX, [0x832a6730]; JNZ 0x1f; MOV [ESP+0xc], ECX; }

1 nt!IofCallDriver[0x804E37C5] -> \Device\Harddisk0\DR0[0x83342AB8]

3 CLASSPNP[0xF7EFAFD7] -> nt!IofCallDriver[0x804E37C5] -> \Device\0000005a[0x833472E0]

5 ACPI[0xF7E71620] -> nt!IofCallDriver[0x804E37C5] -> [0x8337E940]

\Driver\atapi[0x833D7218] -> IRP_MJ_CREATE -> 0x8329F4C0

error: Read A device attached to the system is not functioning.

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; }

detected disk devices:

detected hooks:

\Driver\atapi DriverStartIo -> 0x8329F2E0

user & kernel MBR OK

Warning: possible TDL3 rootkit infection !

.

============= FINISH: 19:57:37.56 ===============

Here is Attach.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

.

==== Disk Partitions =========================

.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

Sansa Media Converter

µTorrent

Adobe Flash Player 10 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader 7.1.0

Adobe Shockwave Player

AnyDVD

Apple Application Support

Bing Maps 3D

Brother MFL-Pro Suite

C-Media WDM Audio Driver

Collectorz.com Movie Collector

DriverGuide DriverScan

DVD Shrink 3.2

Engine Analyzer Pro v3.3

Hayabusa ECUeditor for K2-K7, K8- models

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB954550-v5)

ImgBurn

KM400/KN400 Display Driver and Utilities

Malwarebytes' Anti-Malware version 1.51.2.1300

MediaMonkey 2.5

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Office 2000 Premium

Microsoft Office 2000 Web Archive Add-On

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Windows Script 5.7

Microsoft Word Supplemental Templates and Wizards

Mozilla Firefox (3.6.23)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6 Service Pack 2 (KB973686)

Nero OEM

Nitrous Log

PaperPort

PC Camera Capture

PC Link Nitrous

Power Commander 3

Power Commander 5 Software V1.0.1

Punch! 5 in 1 Home Design

Quicken 2005

QuickTime

RemotePlayback

RTLSetup

S3 S3Display

S3 S3Gamma2

S3 S3Info2

S3 S3Overlay

Sansa Media Converter

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player 8 (KB911565)

Security Update for Windows Media Player 8 (KB917734)

Sid Meier's Civilization 4

Slotman

Spybot - Search & Destroy

Ultimate Racer 3.0

Ultra Defragmenter

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

WebCam

WebFldrs XP

WEGO Log

Windows Genuine Advantage Notifications (KB905474)

Windows Imaging Component

Windows Internet Explorer 8

Windows Media Format Runtime

Windows XP Service Pack 3

WinRAR archiver

Xfire (remove only)

Xtranormal State

Xtranormal State - Showpak-Playgoz-Preview

Xtranormal State - SoundPack-Starter Kit

Xtranormal State - Voicepack-English-UK-Daniel

Xtranormal State - Voicepack-English-UK-Serena

Xtranormal State - Voicepack-English-US-Samantha

Xtranormal State - Voicepack-English-US-Tom

Yahoo! Messenger

YOSHIMURA Engine Management Professional

.

==== End Of File ===========================

Link to post
Share on other sites

  • Replies 101
  • Created
  • Last Reply

Top Posters In This Topic

:welcome:

Logs will be closed if you haven't replied within 3 days

You have a Master Boot Record RootKit

Please don't attach the scans / logs from these scans, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

Next:

Note: if the Cure option is not there, please select 'Skip'.

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    TDSSKillermain.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
    TDSSKillerSuspicious.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

please post the contents of that log TDSSKiller log.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

LDTATE, Thanks you for your assistance. I have followed the TTDS and now the computer is running good. I did not see the "re-load" of the screen and my keyboard is typing at speed. Currently my problem Generic Host process is not eating up the memory.

Here is a post of the log.

08:53:07.0015 1576 TDSS rootkit removing tool 2.6.19.0 Nov 16 2011 12:18:50

08:53:07.0484 1576 ============================================================

08:53:07.0484 1576 Current date / time: 2011/11/19 08:53:07.0484

08:53:07.0484 1576 SystemInfo:

08:53:07.0484 1576

08:53:07.0484 1576 OS Version: 5.1.2600 ServicePack: 3.0

08:53:07.0484 1576 Product type: Workstation

08:53:07.0484 1576 ComputerName: HIGHLANDER

08:53:07.0484 1576 UserName: Sonia Evans

08:53:07.0484 1576 Windows directory: C:\WINDOWS

08:53:07.0484 1576 System windows directory: C:\WINDOWS

08:53:07.0484 1576 Processor architecture: Intel x86

08:53:07.0484 1576 Number of processors: 1

08:53:07.0484 1576 Page size: 0x1000

08:53:07.0484 1576 Boot type: Normal boot

08:53:07.0484 1576 ============================================================

08:53:08.0796 1576 Initialize success

08:54:07.0156 1056 ============================================================

08:54:07.0156 1056 Scan started

08:54:07.0156 1056 Mode: Manual;

08:54:07.0156 1056 ============================================================

08:54:08.0375 1056 Abiosdsk - ok

08:54:08.0609 1056 abp480n5 - ok

08:54:08.0734 1056 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

08:54:08.0750 1056 ACPI - ok

08:54:08.0968 1056 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

08:54:08.0968 1056 ACPIEC - ok

08:54:09.0156 1056 adpu160m - ok

08:54:09.0296 1056 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

08:54:09.0296 1056 aec - ok

08:54:09.0546 1056 AFD (322d0e36693d6e24a2398bee62a268cd) C:\WINDOWS\System32\drivers\afd.sys

08:54:09.0546 1056 AFD - ok

08:54:09.0750 1056 Aha154x - ok

08:54:09.0859 1056 aic78u2 - ok

08:54:09.0906 1056 aic78xx - ok

08:54:10.0140 1056 AliIde - ok

08:54:10.0265 1056 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys

08:54:10.0265 1056 AmdK7 - ok

08:54:10.0437 1056 AmdLLD - ok

08:54:10.0546 1056 amsint - ok

08:54:10.0656 1056 AnyDVD (64f24088dbb1d68ee9963f66f8eb68cf) C:\WINDOWS\system32\Drivers\AnyDVD.sys

08:54:10.0656 1056 AnyDVD - ok

08:54:10.0875 1056 asc - ok

08:54:10.0968 1056 asc3350p - ok

08:54:11.0031 1056 asc3550 - ok

08:54:11.0328 1056 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

08:54:11.0328 1056 AsyncMac - ok

08:54:11.0562 1056 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

08:54:11.0562 1056 atapi - ok

08:54:11.0796 1056 Atdisk - ok

08:54:12.0015 1056 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

08:54:12.0015 1056 Atmarpc - ok

08:54:12.0250 1056 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

08:54:12.0250 1056 audstub - ok

08:54:12.0453 1056 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

08:54:12.0453 1056 Beep - ok

08:54:12.0734 1056 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\Drivers\BrScnUsb.sys

08:54:12.0734 1056 BrScnUsb - ok

08:54:12.0937 1056 BrSerIf (c121e10c64318182a6478acae1855ee0) C:\WINDOWS\system32\Drivers\BrSerIf.sys

08:54:12.0937 1056 BrSerIf - ok

08:54:13.0171 1056 BrUsbSer (7ac85cdc03befd78908b3b6a73d201d0) C:\WINDOWS\system32\Drivers\BrUsbSer.sys

08:54:13.0171 1056 BrUsbSer - ok

08:54:13.0265 1056 catchme - ok

08:54:13.0484 1056 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

08:54:13.0484 1056 cbidf2k - ok

08:54:13.0734 1056 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

08:54:13.0734 1056 CCDECODE - ok

08:54:13.0937 1056 cd20xrnt - ok

08:54:14.0062 1056 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

08:54:14.0062 1056 Cdaudio - ok

08:54:14.0281 1056 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

08:54:14.0281 1056 Cdfs - ok

08:54:14.0546 1056 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

08:54:14.0546 1056 Cdrom - ok

08:54:14.0781 1056 Changer - ok

08:54:15.0046 1056 CmdIde - ok

08:54:15.0187 1056 cmuda (d9b11a34a4efbd4e12b719c89f09bef3) C:\WINDOWS\system32\drivers\cmuda.sys

08:54:15.0218 1056 cmuda - ok

08:54:15.0421 1056 Cpqarray - ok

08:54:15.0531 1056 dac2w2k - ok

08:54:15.0609 1056 dac960nt - ok

08:54:15.0828 1056 DCamUSBNW802 (34a8699292b57abbbf2ace00b87f9d2d) C:\WINDOWS\system32\DRIVERS\pcam.sys

08:54:15.0843 1056 DCamUSBNW802 - ok

08:54:16.0109 1056 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

08:54:16.0109 1056 Disk - ok

08:54:16.0375 1056 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

08:54:16.0406 1056 dmboot - ok

08:54:16.0671 1056 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

08:54:16.0671 1056 dmio - ok

08:54:16.0937 1056 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

08:54:16.0937 1056 dmload - ok

08:54:17.0125 1056 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

08:54:17.0125 1056 DMusic - ok

08:54:17.0343 1056 dpti2o - ok

08:54:17.0562 1056 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

08:54:17.0562 1056 drmkaud - ok

08:54:17.0843 1056 ElbyCDIO (d71233d7ccc2e64f8715a20428d5a33b) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys

08:54:17.0843 1056 ElbyCDIO - ok

08:54:18.0093 1056 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

08:54:18.0093 1056 Fastfat - ok

08:54:18.0312 1056 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

08:54:18.0312 1056 Fdc - ok

08:54:18.0515 1056 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys

08:54:18.0515 1056 FETNDIS - ok

08:54:18.0718 1056 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

08:54:18.0718 1056 Fips - ok

08:54:18.0953 1056 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

08:54:18.0953 1056 Flpydisk - ok

08:54:19.0156 1056 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

08:54:19.0171 1056 FltMgr - ok

08:54:19.0390 1056 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

08:54:19.0390 1056 Fs_Rec - ok

08:54:19.0593 1056 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

08:54:19.0609 1056 Ftdisk - ok

08:54:19.0828 1056 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys

08:54:19.0843 1056 gameenum - ok

08:54:20.0078 1056 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

08:54:20.0078 1056 Gpc - ok

08:54:20.0312 1056 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

08:54:20.0312 1056 HidUsb - ok

08:54:20.0515 1056 hpn - ok

08:54:20.0656 1056 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys

08:54:20.0656 1056 HTTP - ok

08:54:20.0875 1056 i2omgmt - ok

08:54:20.0953 1056 i2omp - ok

08:54:21.0140 1056 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

08:54:21.0140 1056 i8042prt - ok

08:54:21.0359 1056 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

08:54:21.0359 1056 Imapi - ok

08:54:21.0593 1056 ini910u - ok

08:54:21.0718 1056 IntelIde - ok

08:54:21.0796 1056 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

08:54:21.0796 1056 ip6fw - ok

08:54:22.0015 1056 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

08:54:22.0031 1056 IpFilterDriver - ok

08:54:22.0218 1056 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

08:54:22.0218 1056 IpInIp - ok

08:54:22.0437 1056 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

08:54:22.0437 1056 IpNat - ok

08:54:22.0765 1056 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

08:54:22.0781 1056 IPSec - ok

08:54:23.0046 1056 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

08:54:23.0046 1056 IRENUM - ok

08:54:23.0281 1056 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

08:54:23.0281 1056 isapnp - ok

08:54:23.0500 1056 Iviaspi (4ac11b2250106774f694df2db4ffed61) C:\WINDOWS\system32\drivers\iviaspi.sys

08:54:23.0500 1056 Iviaspi - ok

08:54:23.0687 1056 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

08:54:23.0687 1056 Kbdclass - ok

08:54:23.0906 1056 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

08:54:23.0921 1056 kmixer - ok

08:54:24.0125 1056 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys

08:54:24.0125 1056 KSecDD - ok

08:54:24.0359 1056 lbrtfdc - ok

08:54:24.0609 1056 MBAMSwissArmy - ok

08:54:24.0765 1056 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

08:54:24.0765 1056 mnmdd - ok

08:54:24.0984 1056 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

08:54:24.0984 1056 Modem - ok

08:54:25.0187 1056 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

08:54:25.0187 1056 Mouclass - ok

08:54:25.0406 1056 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

08:54:25.0406 1056 mouhid - ok

08:54:25.0625 1056 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

08:54:25.0625 1056 MountMgr - ok

08:54:25.0828 1056 mraid35x - ok

08:54:25.0953 1056 MREMP50 (80b2ec735495823ae5771a5f603e73bd) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS

08:54:25.0953 1056 MREMP50 - ok

08:54:25.0968 1056 MREMP50a64 - ok

08:54:26.0015 1056 MRESP50 (37d7c22f7e26da90e2d2d260e5d27846) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS

08:54:26.0015 1056 MRESP50 - ok

08:54:26.0031 1056 MRESP50a64 - ok

08:54:26.0250 1056 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

08:54:26.0250 1056 MRxDAV - ok

08:54:26.0484 1056 MRxSmb (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

08:54:26.0500 1056 MRxSmb - ok

08:54:26.0750 1056 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

08:54:26.0750 1056 Msfs - ok

08:54:27.0015 1056 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

08:54:27.0015 1056 MSKSSRV - ok

08:54:27.0234 1056 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

08:54:27.0234 1056 MSPCLOCK - ok

08:54:27.0453 1056 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

08:54:27.0453 1056 MSPQM - ok

08:54:27.0703 1056 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

08:54:27.0703 1056 mssmbios - ok

08:54:27.0937 1056 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

08:54:27.0937 1056 MSTEE - ok

08:54:28.0156 1056 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

08:54:28.0156 1056 Mup - ok

08:54:28.0375 1056 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

08:54:28.0390 1056 NABTSFEC - ok

08:54:28.0625 1056 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

08:54:28.0640 1056 NDIS - ok

08:54:28.0906 1056 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

08:54:28.0906 1056 NdisIP - ok

08:54:29.0125 1056 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

08:54:29.0125 1056 NdisTapi - ok

08:54:29.0328 1056 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

08:54:29.0328 1056 Ndisuio - ok

08:54:29.0562 1056 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

08:54:29.0578 1056 NdisWan - ok

08:54:29.0812 1056 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

08:54:29.0812 1056 NDProxy - ok

08:54:30.0078 1056 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

08:54:30.0078 1056 NetBIOS - ok

08:54:30.0296 1056 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

08:54:30.0312 1056 NetBT - ok

08:54:30.0656 1056 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

08:54:30.0656 1056 Npfs - ok

08:54:30.0875 1056 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

08:54:30.0890 1056 Ntfs - ok

08:54:31.0171 1056 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

08:54:31.0171 1056 Null - ok

08:54:31.0375 1056 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

08:54:31.0375 1056 NwlnkFlt - ok

08:54:31.0656 1056 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

08:54:31.0671 1056 NwlnkFwd - ok

08:54:32.0234 1056 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

08:54:32.0250 1056 Parport - ok

08:54:32.0578 1056 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

08:54:32.0578 1056 PartMgr - ok

08:54:32.0812 1056 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

08:54:32.0812 1056 ParVdm - ok

08:54:33.0078 1056 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

08:54:33.0078 1056 PCI - ok

08:54:33.0281 1056 PCIDump - ok

08:54:33.0390 1056 PCIIde - ok

08:54:33.0484 1056 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

08:54:33.0484 1056 Pcmcia - ok

08:54:33.0687 1056 PDCOMP - ok

08:54:33.0796 1056 PDFRAME - ok

08:54:33.0859 1056 PDRELI - ok

08:54:34.0031 1056 PDRFRAME - ok

08:54:34.0218 1056 perc2 - ok

08:54:34.0343 1056 perc2hib - ok

08:54:34.0515 1056 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

08:54:34.0515 1056 PptpMiniport - ok

08:54:34.0734 1056 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

08:54:34.0734 1056 Processor - ok

08:54:34.0968 1056 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

08:54:34.0968 1056 PSched - ok

08:54:35.0187 1056 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

08:54:35.0187 1056 Ptilink - ok

08:54:35.0421 1056 PxHelp20 (b572ed0c3e6165643fa116af20425a54) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys

08:54:35.0421 1056 PxHelp20 - ok

08:54:35.0609 1056 ql1080 - ok

08:54:35.0703 1056 Ql10wnt - ok

08:54:35.0765 1056 ql12160 - ok

08:54:35.0937 1056 ql1240 - ok

08:54:36.0046 1056 ql1280 - ok

08:54:36.0125 1056 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

08:54:36.0125 1056 RasAcd - ok

08:54:36.0343 1056 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

08:54:36.0343 1056 Rasl2tp - ok

08:54:36.0578 1056 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

08:54:36.0578 1056 RasPppoe - ok

08:54:36.0765 1056 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

08:54:36.0781 1056 Raspti - ok

08:54:36.0984 1056 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

08:54:37.0000 1056 Rdbss - ok

08:54:37.0218 1056 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

08:54:37.0218 1056 RDPCDD - ok

08:54:37.0437 1056 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

08:54:37.0453 1056 rdpdr - ok

08:54:37.0937 1056 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

08:54:37.0968 1056 RDPWD - ok

08:54:38.0406 1056 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

08:54:38.0406 1056 redbook - ok

08:54:38.0718 1056 RTL8023xp (3529828ec571fb2f64f6b142f9109993) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys

08:54:38.0718 1056 RTL8023xp - ok

08:54:38.0921 1056 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS

08:54:38.0937 1056 rtl8139 - ok

08:54:39.0187 1056 rtl8185 (88b63f291ae10c1b66d2b9ed6921a7df) C:\WINDOWS\system32\DRIVERS\rtl8185.sys

08:54:39.0187 1056 rtl8185 - ok

08:54:39.0500 1056 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

08:54:39.0500 1056 Secdrv - ok

08:54:39.0765 1056 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

08:54:39.0765 1056 serenum - ok

08:54:39.0953 1056 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

08:54:39.0968 1056 Serial - ok

08:54:40.0187 1056 sermouse (1f16931c722c69e4a7866244796c66a0) C:\WINDOWS\system32\DRIVERS\sermouse.sys

08:54:40.0187 1056 sermouse - ok

08:54:40.0546 1056 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

08:54:40.0546 1056 Sfloppy - ok

08:54:40.0781 1056 Simbad - ok

08:54:40.0906 1056 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

08:54:40.0906 1056 SLIP - ok

08:54:41.0109 1056 Sparrow - ok

08:54:41.0250 1056 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

08:54:41.0250 1056 splitter - ok

08:54:41.0500 1056 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

08:54:41.0500 1056 sr - ok

08:54:41.0765 1056 Srv (5252605079810904e31c332e241cd59b) C:\WINDOWS\system32\DRIVERS\srv.sys

08:54:41.0781 1056 Srv - ok

08:54:42.0031 1056 SSKBFD (2b38da14e1bad3e4227cfcfaeb505239) C:\WINDOWS\system32\Drivers\sskbfd.sys

08:54:42.0031 1056 SSKBFD - ok

08:54:42.0250 1056 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys

08:54:42.0265 1056 StillCam - ok

08:54:42.0500 1056 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

08:54:42.0500 1056 streamip - ok

08:54:42.0718 1056 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

08:54:42.0718 1056 swenum - ok

08:54:42.0937 1056 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

08:54:42.0937 1056 swmidi - ok

08:54:43.0156 1056 symc810 - ok

08:54:43.0531 1056 symc8xx - ok

08:54:43.0734 1056 sym_hi - ok

08:54:44.0140 1056 sym_u3 - ok

08:54:44.0609 1056 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

08:54:44.0609 1056 sysaudio - ok

08:54:44.0703 1056 Tcpip (93ea8d04ec73a85db02eb8805988f733) C:\WINDOWS\system32\DRIVERS\tcpip.sys

08:54:44.0718 1056 Tcpip - ok

08:54:44.0781 1056 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

08:54:44.0781 1056 TDPIPE - ok

08:54:44.0843 1056 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

08:54:44.0843 1056 TDTCP - ok

08:54:44.0890 1056 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

08:54:44.0890 1056 TermDD - ok

08:54:45.0015 1056 tifsfilter (b0b3122bff3910e0ba97014045467778) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys

08:54:45.0015 1056 tifsfilter - ok

08:54:45.0109 1056 timounter (13bfe330880ac0ce8672d00aa5aff738) C:\WINDOWS\system32\DRIVERS\timntr.sys

08:54:45.0125 1056 timounter - ok

08:54:45.0187 1056 TosIde - ok

08:54:45.0296 1056 uagp35 (d85938f272d1bcf3db3a31fc0a048928) C:\WINDOWS\system32\DRIVERS\uagp35.sys

08:54:45.0328 1056 uagp35 - ok

08:54:45.0390 1056 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

08:54:45.0390 1056 Udfs - ok

08:54:45.0437 1056 ultra - ok

08:54:45.0531 1056 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

08:54:45.0546 1056 Update - ok

08:54:45.0640 1056 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

08:54:45.0640 1056 usbccgp - ok

08:54:45.0703 1056 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

08:54:45.0703 1056 usbehci - ok

08:54:45.0750 1056 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

08:54:45.0750 1056 usbhub - ok

08:54:45.0812 1056 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

08:54:45.0812 1056 usbprint - ok

08:54:45.0875 1056 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

08:54:45.0875 1056 usbscan - ok

08:54:45.0937 1056 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

08:54:45.0937 1056 USBSTOR - ok

08:54:45.0984 1056 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

08:54:45.0984 1056 usbuhci - ok

08:54:46.0015 1056 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

08:54:46.0031 1056 VgaSave - ok

08:54:46.0140 1056 viagfx (3bcc43e2225851e0aef2a8c27ce420ea) C:\WINDOWS\system32\DRIVERS\vtmini.sys

08:54:46.0140 1056 viagfx - ok

08:54:46.0187 1056 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

08:54:46.0203 1056 ViaIde - ok

08:54:46.0250 1056 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

08:54:46.0265 1056 VolSnap - ok

08:54:46.0390 1056 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

08:54:46.0406 1056 Wanarp - ok

08:54:46.0453 1056 WDICA - ok

08:54:46.0515 1056 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

08:54:46.0515 1056 wdmaud - ok

08:54:46.0781 1056 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

08:54:46.0796 1056 WSTCODEC - ok

08:54:46.0953 1056 MBR (0x1B8) (cdac57608c39097805c8c958f1f73d97) \Device\Harddisk0\DR0

08:54:46.0953 1056 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.a ) - infected

08:54:46.0953 1056 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.a (0)

08:54:47.0000 1056 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1

08:54:47.0140 1056 \Device\Harddisk1\DR1 - ok

08:54:47.0171 1056 Boot (0x1200) (65d618203286eca004a097f30dcfa923) \Device\Harddisk0\DR0\Partition0

08:54:47.0171 1056 \Device\Harddisk0\DR0\Partition0 - ok

08:54:47.0203 1056 Boot (0x1200) (b69aee1c213a7e7fe1e9d3f1721eb166) \Device\Harddisk1\DR1\Partition0

08:54:47.0203 1056 \Device\Harddisk1\DR1\Partition0 - ok

08:54:47.0218 1056 ============================================================

08:54:47.0218 1056 Scan finished

08:54:47.0218 1056 ============================================================

08:54:47.0265 1572 Detected object count: 1

08:54:47.0265 1572 Actual detected object count: 1

08:55:10.0890 1572 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.a ) - will be cured on reboot

08:55:10.0890 1572 \Device\Harddisk0\DR0 - ok

08:55:10.0890 1572 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.a ) - User select action: Cure

08:55:19.0218 0524 Deinitialize success

Link to post
Share on other sites

That looks much better.

Please do not attach the scan results from Combofx. Use copy/paste.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have XP SP3, use the XP SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

LDTate, okay now my computer is still having a slow screen reload. When I close the browser it closes in rows slowly. Now that I have typed more, I am still noticing that my keystrokes are being interupted. I have not had a generic host services error yet though. I have been looking at the scans reports some myself, and i see stuff loading that i don't want even if they are not virus's. It is geting hader to typ as i am msng ltters nw...

Hereisthescan

ComboFix 11-11-19.03 - Sonia Evans 11/19/2011 9:19.6.1 - x86

Running from: c:\internet downloads\ComboFix.exe

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\CSC\d6

.

.

((((((((((((((((((((((((( Files Created from 2011-10-19 to 2011-11-19 )))))))))))))))))))))))))))))))

.

.

2011-11-13 18:41 . 2011-11-13 18:42 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2011-10-21 13:37 . 2011-11-19 06:04 -------- d-----w- c:\documents and settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-18 11:55 . 2011-08-16 10:41 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-20 11:59 . 2011-10-20 03:28 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe

2011-08-31 21:00 . 2009-11-22 23:55 22216 -c--a-w- c:\windows\system32\drivers\mbam.sys

.

.

((((((((((((((((((((((((((((( SnapShot_2011-10-21_02.27.19 )))))))))))))))))))))))))))))))))))))))))

.

+ 2006-06-21 02:07 . 2008-04-14 05:15 26368 c:\windows\system32\drivers\USBSTOR.SYS

- 2006-06-21 02:07 . 2008-04-14 04:15 26368 c:\windows\system32\drivers\usbstor.sys

+ 2002-08-29 12:00 . 2008-04-14 05:10 36352 c:\windows\system32\drivers\disk.sys

- 2002-08-29 12:00 . 2008-04-14 04:10 36352 c:\windows\system32\drivers\disk.sys

- 2006-06-09 23:44 . 2011-10-20 03:41 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

+ 2006-06-09 23:44 . 2011-11-19 09:18 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

- 2006-06-09 23:44 . 2011-10-20 03:41 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

+ 2006-06-09 23:44 . 2011-11-19 09:18 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

+ 2011-10-16 16:35 . 2011-11-19 09:18 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat

- 2011-10-16 16:35 . 2011-10-20 03:41 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat

+ 2011-10-21 05:50 . 2011-11-19 09:18 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat

- 2011-10-16 16:35 . 2011-10-20 03:41 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat

+ 2004-08-04 07:56 . 2004-08-04 07:56 151552 c:\windows\system32\scrrun.dll

+ 2011-11-18 11:55 . 2011-11-18 11:55 247968 c:\windows\system32\Macromed\Flash\FlashUtil11e_Plugin.exe

+ 2006-06-09 19:30 . 2011-10-22 02:14 126912 c:\windows\system32\FNTCACHE.DAT

+ 2004-08-04 07:56 . 2004-08-04 07:56 151552 c:\windows\system32\dllcache\scrrun.dll

+ 2004-02-23 08:00 . 2004-02-23 08:00 1386496 c:\windows\system32\msvbvm60.dll

+ 2010-01-27 01:07 . 2011-11-18 11:55 8527008 c:\windows\system32\Macromed\Flash\NPSWF32.dll

+ 2007-05-05 00:40 . 2011-11-19 06:05 15411796 c:\windows\system32\Restore\rstrlog.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-10 98304]

"VTTimer"="VTTimer.exe" [2003-05-07 36864]

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]

c:\windows\system32\dumprep 0 -u [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]

2011-09-30 11:35 5361272 ----a-w- c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2001-07-09 15:50 155648 -c--a-w- c:\windows\system32\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2007-02-10 01:56 98304 ----a-w- c:\program files\QuickTime\qttask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

2009-03-05 20:07 2260480 -c----w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]

2003-05-07 20:32 36864 -c--a-r- c:\windows\system32\VTTimer.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"Messenger"=2 (0x2)

"McciCMService"=2 (0x2)

"gusvc"=3 (0x3)

"wuauserv"=2 (0x2)

"wscsvc"=2 (0x2)

"TrkWks"=2 (0x2)

"Themes"=2 (0x2)

"TapiSrv"=3 (0x3)

"SysmonLog"=3 (0x3)

"Schedule"=2 (0x2)

"SCardSvr"=3 (0x3)

"FastUserSwitchingCompatibility"=3 (0x3)

"Eventlog"=2 (0x2)

"ERSvc"=2 (0x2)

"idsvc"=3 (0x3)

"AMDFusionSVC"=2 (0x2)

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=

"%windir%\\system32\\drivers\\svchost.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

.

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]

R4 MaxSch2Svc;Maxtor Scheduler2 Service;c:\program files\Common Files\Maxtor\Schedule2\schedul2.exe [x]

S3 DCamUSBNW802;PC Camera Capture;c:\windows\system32\DRIVERS\pcam.sys [2006-09-25 269480]

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - PROCEXP141

.

Contents of the 'Scheduled Tasks' folder

.

2011-10-16 c:\windows\Tasks\WGASetup.job

- c:\windows\system32\KB905474\wgasetup.exe [2011-10-15 02:18]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

Trusted Zone: gamls.com\www

Trusted Zone: rexplorer.net\atl

Trusted Zone: rexplorer.net

TCP: DhcpNameServer = 192.168.1.254

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\Sonia Evans\Application Data\Mozilla\Firefox\Profiles\axuvh315.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Forecastfox: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3} - %profile%\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - user.js: yahoo.homepage.dontask - true

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\documents and settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}\bm_installer.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-11-19 09:30

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(832)

c:\windows\system32\ieframe.dll

c:\windows\system32\msls31.dll

c:\windows\system32\OneX.DLL

c:\windows\system32\eappprxy.dll

c:\windows\system32\webcheck.dll

.

Completion time: 2011-11-19 09:33:37

ComboFix-quarantined-files.txt 2011-11-19 14:33

ComboFix2.txt 2011-10-21 02:31

ComboFix3.txt 2011-10-14 04:37

ComboFix4.txt 2011-10-12 12:23

ComboFix5.txt 2011-11-19 14:18

.

Pre-Run: 54,731,513,856 bytes free

Post-Run: 61,333,962,752 bytes free

.

- - End Of File - - 01289E168D4171FFFFBC9AE1E6F99AD4

Link to post
Share on other sites

This is the section that the "monster" works in that when I stop the processes I can affect the symptoms

path

C:\WINDOWS\system32\svchost.exe

command line

C:\WINDOWS\System32\svchost.exe -k netsvcs

current directory

C:\WINDOWS\system32\

I attached an image of my generic host list that is running and one of them crashes the whole svchost

post-100317-0-36356300-1321715433.jpg

Link to post
Share on other sites

I don't see anything bad there.

Svchost.exe is a process on your computer that hosts, or contains, other individual services that Windows uses to perform various functions. For example, Windows Defender uses a service that is hosted by a svchost.exe process.

There can be multiple instances of svchost.exe running on your computer, with each instance containing different services. One instance of svchost.exe might host a single service for a program, and another instance might host several services related to Windows. You can use Task Manager to view which services are running under each instance of svchost.exe.

Do you have a anti-virus program?

I don't see one installed.

I don't see a anti-virus program running. Get a free one.

Only run one Anti-Virus at a time.

Use an AntiVirus Software - Choose only one - More than one will conflict. It is very important that your computer has anti-virus software running to protect against viruses. Update Antivirus prior to manual scans as necessary or as used. Please only choose one, having more than one can cause problems, such as crashes and your computer to slow down.

Run a full scan and let us know what it finds.

Also please describe how your computer behaves at the moment

Link to post
Share on other sites

LDTate, ok, i rebooted and again the computer loads my desktop pic and then before it loads the LAN/internet connection icon, the pics disappears and then "re-loads" all choppy slow. So I know that what ever is loading during this time frame is playing into the symptoms I am having. I would like to DELETE whatever is causing my screen to reload. When I close down the computer it does the reverse. Choppy closing pic then blue screen then INSTANT pic,,, but I cant stop the system at that point. The "monster" is connected to something that runs in the above picture list. I have tried to kill each process one at a time till I discover which one does it, but that has not worked to find it at this point.

Can you see anything that "loads" between the initial wallpaper pic and the second reload of the wallpaper pic?

Link to post
Share on other sites

SPYBOT TEATIMER

  • Launch Spybot S&D, go to the Mode menu and make sure "Advanced Mode" is selected.
  • On the left hand side, click on Tools, then click on the Resident Icon in the list.
  • Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
  • Click on the "System Startup" icon in the List
  • Uncheck the "TeaTimer" box and "OK" any prompts.
  • If Teatimer gives you a warning that changes were made, click the "Allow Change" box when prompted.
  • Exit Spybot S&D when done.
  • (When we are done, you can re-enable Teatimer using the same steps but this time place a check next to "Resident TeaTimer" and check the "TeaTimer" box in System Startup.]

Next:

Copy/paste the text in the Codebox below into notepad:

Here's how to do that:

Click Start > Run type Notepad click OK.

This will open an empty notepad file:

Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text.

KillAll::

DDS::
Trusted Zone: gamls.com\www
Trusted Zone: rexplorer.net\atl
Trusted Zone: rexplorer.net

FireFox::
FF - ProfilePath - c:\documents and settings\Sonia Evans\Application Data\Mozilla\Firefox\Profiles\axuvh315.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Forecastfox: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3} - %profile%\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;

2.Click Save As... Change the directory to your desktop;

3.Change the Save as type to "All Files";

4.Type in the file name: CFScript

5.Click Save ...

CFScriptB-4.gif

Drag CFScript.txt into ComboFix.exe

Then post the results log using Copy / Paste

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

LDTate,

After my last post, a notice from Microsoft to update IE 8 came up so I did, and then another popup from that there was 108 microsoft updates required in the yellow shield as a different popup, so I let that go ahead and run... Well it rebooted itself and when it restarted i attempted to get back to this website on mozilla and IE8 and it cannot find it?!?!?! I can get to other sites, but no longer to this site. So now I am on a different computer to post this message... HELP?!

Link to post
Share on other sites

That is correct. Using your link, my infected computer now does not find this site with my browsers now. It acts like I have no internet connection. But if i go to other saved sites, no problem....??? I think the site is blocked now somehow?! Does microsoft block other sites that are competitors? I am apparently blocked in Mozilla and IE8.

Because I cant get to the website, I am definitely not logged in simultaneously. Anyway, I should still be able to get to this website on multiple computers at the same time.

Link to post
Share on other sites

Did you do this?

SPYBOT TEATIMER

  • Launch Spybot S&D, go to the Mode menu and make sure "Advanced Mode" is selected.
  • On the left hand side, click on Tools, then click on the Resident Icon in the list.
  • Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
  • Click on the "System Startup" icon in the List
  • Uncheck the "TeaTimer" box and "OK" any prompts.
  • If Teatimer gives you a warning that changes were made, click the "Allow Change" box when prompted.
  • Exit Spybot S&D when done.
  • (When we are done, you can re-enable Teatimer using the same steps but this time place a check next to "Resident TeaTimer" and check the "TeaTimer" box in System Startup.]

Next:

Copy/paste the text in the Codebox below into notepad:

Here's how to do that:

Click Start > Run type Notepad click OK.

This will open an empty notepad file:

Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text.

KillAll::

DDS::
Trusted Zone: gamls.com\www
Trusted Zone: rexplorer.net\atl
Trusted Zone: rexplorer.net

FireFox::
FF - ProfilePath - c:\documents and settings\Sonia Evans\Application Data\Mozilla\Firefox\Profiles\axuvh315.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Forecastfox: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3} - %profile%\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;

2.Click Save As... Change the directory to your desktop;

3.Change the Save as type to "All Files";

4.Type in the file name: CFScript

5.Click Save ...

CFScriptB-4.gif

Drag CFScript.txt into ComboFix.exe

Then post the results log using Copy / Paste

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

LDTate, I have not been able to do the above yet... I have tried many things to "unblock" this website on that computer. I can get to the internet, but not here. I went to another computer on that same router gate, and it was blocked too. So I rebooted the router and unplugged the computer rebooted everything and still the same. I am typing this message from a computer on a different router. So now I think I have something blocking in the router too. I also noticed that there was A BUNCH of blocked sites in mozilla and IE8 so I deleted all of them.... no change. This all started after I did the antivirus with the microsoft. I have uninstalled that program. Did uninstalling the antivirus cause the issue?!

I thought we were almost finished with my problems and now this new problem. If you can log on directly, I am not opposed to that either, as I can still get on the internet with that computer. I will try and figure out how to take the above information and save to a flash to do the procedure... Do you need to add anymore "kill all" to the script?!?!

Link to post
Share on other sites

Let’s try to reset the router to its default configuration.

  • This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router.
  • Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).
  • You also need to reconfigure any security settings you had in place prior to the reset.
  • You may also need to consult with your Internet service provider to find out which DNS servers your network should be using.

Link to post
Share on other sites

LDTate, Ok i am back on the infected computer. I have ran the CFScript and the computer booted up at least 2x faster!!! The wallpaper pic did "reload" though. I had to do a dns flush and complete router reboot again to get back to the website. But, I had to use the email verification link to find the thread, because the newest update was 4am 11-20-11 and it is currently 12:30am 11-21-11. So I am not sure why the website will not refresh from your server yet?! Here is the current combofix report:

ComboFix 11-11-20.02 - Sonia Evans 11/20/2011 23:59:27.7.1 - x86

Running from: c:\internet downloads\ComboFix.exe

Command switches used :: c:\documents and settings\All Users\Documents\CFScript.txt

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Sonia Evans\Application Data\Mozilla\Firefox\Profiles\axuvh315.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}

c:\documents and settings\Sonia Evans\Application Data\Mozilla\Firefox\Profiles\axuvh315.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}\chrome.manifest

c:\documents and settings\Sonia Evans\Application Data\Mozilla\Firefox\Profiles\axuvh315.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}\chrome\forecastfox.jar

c:\documents and settings\Sonia Evans\Application Data\Mozilla\Firefox\Profiles\axuvh315.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}\icon.png

c:\documents and settings\Sonia Evans\Application Data\Mozilla\Firefox\Profiles\axuvh315.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}\install.rdf

c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\icon.png

c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\install.rdf

c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\preview.png

c:\windows\CSC\d6

.

.

((((((((((((((((((((((((( Files Created from 2011-10-21 to 2011-11-21 )))))))))))))))))))))))))))))))

.

.

2011-11-21 04:12 . 2011-11-21 04:12 -------- d-sh--w- c:\documents and settings\Sonia Evans\IECompatCache

2011-11-19 15:52 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-11-13 18:41 . 2011-11-13 18:42 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-18 11:55 . 2011-08-16 10:41 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-20 11:59 . 2011-10-20 03:28 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe

2011-08-31 21:00 . 2009-11-22 23:55 22216 -c--a-w- c:\windows\system32\drivers\mbam.sys

.

.

((((((((((((((((((((((((((((( SnapShot_2011-10-21_02.27.19 )))))))))))))))))))))))))))))))))))))))))

.

+ 2006-06-21 02:07 . 2008-04-14 05:15 26368 c:\windows\system32\drivers\USBSTOR.SYS

- 2006-06-21 02:07 . 2008-04-14 04:15 26368 c:\windows\system32\drivers\usbstor.sys

+ 2002-08-29 12:00 . 2008-04-14 05:10 36352 c:\windows\system32\drivers\disk.sys

- 2002-08-29 12:00 . 2008-04-14 04:10 36352 c:\windows\system32\drivers\disk.sys

+ 2006-06-09 23:44 . 2011-11-19 09:18 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

- 2006-06-09 23:44 . 2011-10-20 03:41 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

+ 2006-06-09 23:44 . 2011-11-19 09:18 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

- 2006-06-09 23:44 . 2011-10-20 03:41 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

+ 2011-10-16 16:35 . 2011-11-19 09:18 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat

- 2011-10-16 16:35 . 2011-10-20 03:41 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat

- 2011-10-18 03:26 . 2010-07-05 13:15 26488 c:\windows\SoftwareDistribution\Download\ff0686f2f699fa07ed5ad0848fa3055b\update\spcustom.dll

- 2011-10-18 03:26 . 2010-07-05 13:15 17272 c:\windows\SoftwareDistribution\Download\ff0686f2f699fa07ed5ad0848fa3055b\spmsg.dll

- 2011-10-13 11:52 . 2007-11-30 12:39 26488 c:\windows\SoftwareDistribution\Download\fae8bc4d2da2adc1b9109ef4e6cecd1f\update\spcustom.dll

- 2011-10-13 11:52 . 2007-11-30 12:39 17272 c:\windows\SoftwareDistribution\Download\fae8bc4d2da2adc1b9109ef4e6cecd1f\spmsg.dll

- 2011-10-18 03:23 . 2009-05-26 11:40 26488 c:\windows\SoftwareDistribution\Download\f732943e48ae6ad004950fdcc657b6f7\update\spcustom.dll

- 2011-10-18 03:23 . 2009-05-26 11:40 17272 c:\windows\SoftwareDistribution\Download\f732943e48ae6ad004950fdcc657b6f7\spmsg.dll

- 2011-10-13 11:51 . 2007-11-30 12:39 26488 c:\windows\SoftwareDistribution\Download\f6ae6c01481096f08117233982ca37f9\update\spcustom.dll

- 2011-10-13 11:51 . 2007-11-30 12:39 17272 c:\windows\SoftwareDistribution\Download\f6ae6c01481096f08117233982ca37f9\spmsg.dll

- 2011-10-13 11:51 . 2009-05-26 11:40 26488 c:\windows\SoftwareDistribution\Download\f2adb0f8440e5dbd459aa6bfcaed1ba5\update\spcustom.dll

- 2011-10-13 11:51 . 2009-05-26 11:40 17272 c:\windows\SoftwareDistribution\Download\f2adb0f8440e5dbd459aa6bfcaed1ba5\spmsg.dll

- 2011-10-18 03:24 . 2009-05-26 11:40 26488 c:\windows\SoftwareDistribution\Download\f0fea42f69058000617da24986c3b109\update\spcustom.dll

- 2011-10-18 03:24 . 2009-05-26 11:40 17272 c:\windows\SoftwareDistribution\Download\f0fea42f69058000617da24986c3b109\spmsg.dll

- 2011-10-18 03:26 . 2010-07-05 13:15 26488 c:\windows\SoftwareDistribution\Download\ed4f302dcc552910bc5d521f28b9ef85\update\spcustom.dll

- 2011-10-18 03:26 . 2010-07-05 13:15 17272 c:\windows\SoftwareDistribution\Download\ed4f302dcc552910bc5d521f28b9ef85\spmsg.dll

- 2011-10-18 03:25 . 2010-02-22 14:23 26488 c:\windows\SoftwareDistribution\Download\e8252bbfa91fcf5afb38775b18691074\update\spcustom.dll

- 2011-10-18 03:25 . 2010-02-22 14:23 17272 c:\windows\SoftwareDistribution\Download\e8252bbfa91fcf5afb38775b18691074\spmsg.dll

- 2011-10-18 03:24 . 2009-05-26 09:01 26488 c:\windows\SoftwareDistribution\Download\e104dcd29adf1c6c473a5efad2d509be\update\spcustom.dll

- 2011-10-18 03:24 . 2009-05-26 09:01 17272 c:\windows\SoftwareDistribution\Download\e104dcd29adf1c6c473a5efad2d509be\spmsg.dll

- 2011-10-13 11:49 . 2008-07-08 13:02 26488 c:\windows\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944\update\spcustom.dll

- 2011-10-13 11:49 . 2008-07-08 13:02 17272 c:\windows\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944\spmsg.dll

- 2011-10-13 12:02 . 2007-11-30 12:39 26488 c:\windows\SoftwareDistribution\Download\dd6c2e7701be1a2e63281605463e5e51\update\spcustom.dll

- 2011-10-13 12:02 . 2007-11-30 12:39 17272 c:\windows\SoftwareDistribution\Download\dd6c2e7701be1a2e63281605463e5e51\spmsg.dll

- 2011-10-13 11:51 . 2009-05-26 11:40 26488 c:\windows\SoftwareDistribution\Download\da2a33b6770f970d7fe7262040f98a4f\update\spcustom.dll

- 2011-10-13 11:51 . 2009-05-26 11:40 17272 c:\windows\SoftwareDistribution\Download\da2a33b6770f970d7fe7262040f98a4f\spmsg.dll

- 2011-10-13 12:02 . 2008-07-08 13:02 26488 c:\windows\SoftwareDistribution\Download\d48a3b967ba5709df048e8f2a49cf8a6\update\spcustom.dll

- 2011-10-13 12:02 . 2008-07-08 13:02 17272 c:\windows\SoftwareDistribution\Download\d48a3b967ba5709df048e8f2a49cf8a6\spmsg.dll

- 2011-10-13 12:02 . 2008-07-08 13:02 26488 c:\windows\SoftwareDistribution\Download\d3767eab8f4479a8d252b47e8ec225c8\update\spcustom.dll

- 2011-10-13 12:02 . 2008-07-08 13:02 17272 c:\windows\SoftwareDistribution\Download\d3767eab8f4479a8d252b47e8ec225c8\spmsg.dll

- 2011-10-18 03:25 . 2008-07-08 13:02 26488 c:\windows\SoftwareDistribution\Download\cedca0128a48437390192d906f83a717\update\spcustom.dll

- 2011-10-18 03:25 . 2008-07-08 13:02 17272 c:\windows\SoftwareDistribution\Download\cedca0128a48437390192d906f83a717\spmsg.dll

- 2011-10-13 11:52 . 2009-05-26 11:40 26488 c:\windows\SoftwareDistribution\Download\c0c52c03306062533f7dcb087bfcfa6b\update\spcustom.dll

- 2011-10-13 11:52 . 2009-05-26 11:40 17272 c:\windows\SoftwareDistribution\Download\c0c52c03306062533f7dcb087bfcfa6b\spmsg.dll

- 2011-10-18 03:26 . 2010-07-05 13:15 26488 c:\windows\SoftwareDistribution\Download\bc8ea6c22fd142de8dd67336d23310cf\update\spcustom.dll

- 2011-10-18 03:26 . 2010-07-05 13:15 17272 c:\windows\SoftwareDistribution\Download\bc8ea6c22fd142de8dd67336d23310cf\spmsg.dll

- 2011-10-18 03:25 . 2010-07-05 13:15 26488 c:\windows\SoftwareDistribution\Download\bc529fa49cb2cb097fdf1e22d25872da\update\spcustom.dll

- 2011-10-18 03:25 . 2010-07-05 13:15 17272 c:\windows\SoftwareDistribution\Download\bc529fa49cb2cb097fdf1e22d25872da\spmsg.dll

- 2011-10-13 11:52 . 2009-05-26 11:40 26488 c:\windows\SoftwareDistribution\Download\b7f0b2892b21211a5630518d058f48d9\update\spcustom.dll

- 2011-10-13 11:52 . 2009-05-26 11:40 17272 c:\windows\SoftwareDistribution\Download\b7f0b2892b21211a5630518d058f48d9\spmsg.dll

- 2011-10-18 03:25 . 2010-07-05 13:15 26488 c:\windows\SoftwareDistribution\Download\b5f880834ad67f3d383ffff5f2fa46bd\update\spcustom.dll

- 2011-10-18 03:25 . 2010-07-05 13:15 17272 c:\windows\SoftwareDistribution\Download\b5f880834ad67f3d383ffff5f2fa46bd\spmsg.dll

- 2011-10-18 03:23 . 2010-02-22 14:23 26488 c:\windows\SoftwareDistribution\Download\b32129dfa4870d4292d84648b08ecb81\update\spcustom.dll

- 2011-10-18 03:23 . 2010-02-22 14:23 17272 c:\windows\SoftwareDistribution\Download\b32129dfa4870d4292d84648b08ecb81\spmsg.dll

- 2011-10-18 03:25 . 2010-07-05 13:15 26488 c:\windows\SoftwareDistribution\Download\abaf10b7d55d3716fbb63e0b568cb4b6\update\spcustom.dll

- 2011-10-18 03:25 . 2010-07-05 13:15 17272 c:\windows\SoftwareDistribution\Download\abaf10b7d55d3716fbb63e0b568cb4b6\spmsg.dll

- 2011-10-13 11:52 . 2009-05-26 11:40 26488 c:\windows\SoftwareDistribution\Download\9868363812bbe4a0a4d814b7943ba906\update\spcustom.dll

- 2011-10-13 11:52 . 2009-05-26 11:40 17272 c:\windows\SoftwareDistribution\Download\9868363812bbe4a0a4d814b7943ba906\spmsg.dll

- 2011-10-18 03:24 . 2009-05-26 11:40 26488 c:\windows\SoftwareDistribution\Download\9460002f6d8231358fc1eb590f9b1dce\update\spcustom.dll

- 2011-10-18 03:24 . 2009-05-26 11:40 17272 c:\windows\SoftwareDistribution\Download\9460002f6d8231358fc1eb590f9b1dce\spmsg.dll

- 2011-10-18 03:26 . 2010-07-05 13:15 26488 c:\windows\SoftwareDistribution\Download\91bb70b5a1849f810c5f176944405927\update\spcustom.dll

- 2011-10-18 03:26 . 2010-07-05 13:15 17272 c:\windows\SoftwareDistribution\Download\91bb70b5a1849f810c5f176944405927\spmsg.dll

- 2011-10-18 03:24 . 2009-05-26 11:40 26488 c:\windows\SoftwareDistribution\Download\906245b7f0992255b054322b77475594\update\spcustom.dll

- 2011-10-18 03:24 . 2009-05-26 11:40 17272 c:\windows\SoftwareDistribution\Download\906245b7f0992255b054322b77475594\spmsg.dll

- 2011-10-13 12:02 . 2007-11-30 12:39 26488 c:\windows\SoftwareDistribution\Download\8cac00e8efc87d728c0261686f85c975\update\spcustom.dll

- 2011-10-13 12:02 . 2007-11-30 12:39 17272 c:\windows\SoftwareDistribution\Download\8cac00e8efc87d728c0261686f85c975\spmsg.dll

- 2011-10-18 03:26 . 2010-07-05 13:15 26488 c:\windows\SoftwareDistribution\Download\86e02b9df514f7fcd2b873c29d592eb3\update\spcustom.dll

- 2011-10-18 03:26 . 2010-07-05 13:15 17272 c:\windows\SoftwareDistribution\Download\86e02b9df514f7fcd2b873c29d592eb3\spmsg.dll

- 2011-10-13 12:01 . 2009-05-26 11:40 26488 c:\windows\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\update\spcustom.dll

- 2011-10-13 12:01 . 2009-05-26 11:40 17272 c:\windows\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\spmsg.dll

- 2011-10-13 11:49 . 2008-07-08 13:02 26488 c:\windows\SoftwareDistribution\Download\78cf8552430e25a8f24bc1e4dfb1970e\update\spcustom.dll

- 2011-10-13 11:49 . 2008-07-08 13:02 17272 c:\windows\SoftwareDistribution\Download\78cf8552430e25a8f24bc1e4dfb1970e\spmsg.dll

- 2011-10-13 12:02 . 2009-05-26 11:40 26488 c:\windows\SoftwareDistribution\Download\6a410a1bd174bc123056d235ac4829af\update\spcustom.dll

- 2011-10-13 12:02 . 2009-05-26 11:40 17272 c:\windows\SoftwareDistribution\Download\6a410a1bd174bc123056d235ac4829af\spmsg.dll

- 2011-10-18 03:26 . 2010-07-05 13:15 26488 c:\windows\SoftwareDistribution\Download\6870f168611996e69348307ffc62e858\update\spcustom.dll

- 2011-10-18 03:26 . 2010-07-05 13:15 17272 c:\windows\SoftwareDistribution\Download\6870f168611996e69348307ffc62e858\spmsg.dll

- 2011-10-13 12:01 . 2008-07-09 07:38 26488 c:\windows\SoftwareDistribution\Download\64cc77a1a7652da2d7ace79940460770\update\spcustom.dll

- 2011-10-13 12:01 . 2008-07-09 07:38 17272 c:\windows\SoftwareDistribution\Download\64cc77a1a7652da2d7ace79940460770\spmsg.dll

- 2011-10-18 03:25 . 2010-02-22 14:23 26488 c:\windows\SoftwareDistribution\Download\6482b73e551a94e4c78c8d847c4bb10c\update\spcustom.dll

- 2011-10-18 03:25 . 2010-02-22 14:23 17272 c:\windows\SoftwareDistribution\Download\6482b73e551a94e4c78c8d847c4bb10c\spmsg.dll

- 2011-10-18 03:25 . 2010-07-05 13:15 26488 c:\windows\SoftwareDistribution\Download\6006b16c1fd02cf49cb91496eb5460a0\update\spcustom.dll

- 2011-10-18 03:25 . 2010-07-05 13:15 17272 c:\windows\SoftwareDistribution\Download\6006b16c1fd02cf49cb91496eb5460a0\spmsg.dll

- 2011-10-13 12:01 . 2009-05-26 11:40 26488 c:\windows\SoftwareDistribution\Download\5cfa09586faf6d9470f0c817d855bb6b\update\spcustom.dll

- 2011-10-13 12:01 . 2009-05-26 11:40 17272 c:\windows\SoftwareDistribution\Download\5cfa09586faf6d9470f0c817d855bb6b\spmsg.dll

- 2011-10-18 03:24 . 2009-05-26 11:40 26488 c:\windows\SoftwareDistribution\Download\50fe132a7570a44aa0493f01e4692d6e\update\spcustom.dll

- 2011-10-18 03:24 . 2009-05-26 11:40 17272 c:\windows\SoftwareDistribution\Download\50fe132a7570a44aa0493f01e4692d6e\spmsg.dll

- 2011-10-13 12:02 . 2009-05-26 11:40 26488 c:\windows\SoftwareDistribution\Download\50e2c72fd814d3841e776dd2c4918260\update\spcustom.dll

- 2011-10-13 12:02 . 2009-05-26 11:40 17272 c:\windows\SoftwareDistribution\Download\50e2c72fd814d3841e776dd2c4918260\spmsg.dll

- 2011-10-18 03:25 . 2010-07-05 13:15 26488 c:\windows\SoftwareDistribution\Download\3cc7b97fc7dac19eb2799b072f371e59\update\spcustom.dll

- 2011-10-18 03:25 . 2010-07-05 13:15 17272 c:\windows\SoftwareDistribution\Download\3cc7b97fc7dac19eb2799b072f371e59\spmsg.dll

- 2011-10-18 03:22 . 2007-11-30 12:39 26488 c:\windows\SoftwareDistribution\Download\37ea7d9587e54acc7afa27dc26096f4f\update\spcustom.dll

- 2011-10-18 03:22 . 2007-11-30 12:39 17272 c:\windows\SoftwareDistribution\Download\37ea7d9587e54acc7afa27dc26096f4f\spmsg.dll

- 2011-10-13 11:50 . 2008-07-08 13:02 26488 c:\windows\SoftwareDistribution\Download\3361704fe1a0367fcfe17758efab6972\update\spcustom.dll

- 2011-10-13 11:50 . 2008-07-08 13:02 17272 c:\windows\SoftwareDistribution\Download\3361704fe1a0367fcfe17758efab6972\spmsg.dll

- 2011-10-13 12:02 . 2009-05-26 11:40 26488 c:\windows\SoftwareDistribution\Download\2e6b16219034e135b4f869efb7a10fee\update\spcustom.dll

- 2011-10-13 12:02 . 2009-05-26 11:40 17272 c:\windows\SoftwareDistribution\Download\2e6b16219034e135b4f869efb7a10fee\spmsg.dll

- 2011-10-18 03:26 . 2010-07-05 13:15 26488 c:\windows\SoftwareDistribution\Download\299840a657dd26ca3bbf3cee3ec999ba\update\spcustom.dll

- 2011-10-18 03:26 . 2010-07-05 13:15 17272 c:\windows\SoftwareDistribution\Download\299840a657dd26ca3bbf3cee3ec999ba\spmsg.dll

- 2011-10-18 03:25 . 2010-07-05 13:15 26488 c:\windows\SoftwareDistribution\Download\27348dbc9e5f0706cbb7e62b9f41ae6e\update\spcustom.dll

- 2011-10-18 03:25 . 2010-07-05 13:15 17272 c:\windows\SoftwareDistribution\Download\27348dbc9e5f0706cbb7e62b9f41ae6e\spmsg.dll

- 2011-10-13 11:52 . 2009-05-26 11:40 26488 c:\windows\SoftwareDistribution\Download\269630a60abe4177f0ba214686d6ebda\update\spcustom.dll

- 2011-10-13 11:52 . 2009-05-26 11:40 17272 c:\windows\SoftwareDistribution\Download\269630a60abe4177f0ba214686d6ebda\spmsg.dll

- 2011-10-13 11:52 . 2009-05-26 11:40 26488 c:\windows\SoftwareDistribution\Download\23e79e5fb28793d8cb1c2055b0d8dcb9\update\spcustom.dll

- 2011-10-13 11:52 . 2009-05-26 11:40 17272 c:\windows\SoftwareDistribution\Download\23e79e5fb28793d8cb1c2055b0d8dcb9\spmsg.dll

- 2011-10-13 11:48 . 2008-07-08 13:02 26488 c:\windows\SoftwareDistribution\Download\22f1a1e628f2ceada1948d2c604b5154\update\spcustom.dll

- 2011-10-13 11:48 . 2008-07-08 13:02 17272 c:\windows\SoftwareDistribution\Download\22f1a1e628f2ceada1948d2c604b5154\spmsg.dll

- 2011-10-18 03:22 . 2007-11-30 12:39 26488 c:\windows\SoftwareDistribution\Download\1201b6f74bae1015eceeea43baed9814\update\spcustom.dll

- 2011-10-18 03:22 . 2007-11-30 12:39 17272 c:\windows\SoftwareDistribution\Download\1201b6f74bae1015eceeea43baed9814\spmsg.dll

- 2011-10-13 11:51 . 2008-07-08 13:02 26488 c:\windows\SoftwareDistribution\Download\0fa2ac15b3f3d16ecfc880648002b82e\update\spcustom.dll

- 2011-10-13 11:51 . 2008-07-08 13:02 17272 c:\windows\SoftwareDistribution\Download\0fa2ac15b3f3d16ecfc880648002b82e\spmsg.dll

- 2011-10-13 11:51 . 2009-05-26 11:40 26488 c:\windows\SoftwareDistribution\Download\0dd0244816ffb4b094c1caba4c3b1178\update\spcustom.dll

- 2011-10-13 11:51 . 2009-05-26 11:40 17272 c:\windows\SoftwareDistribution\Download\0dd0244816ffb4b094c1caba4c3b1178\spmsg.dll

- 2011-10-13 12:02 . 2008-07-08 13:02 26488 c:\windows\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\update\spcustom.dll

- 2011-10-13 12:02 . 2008-07-08 13:02 17272 c:\windows\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\spmsg.dll

- 2011-10-18 03:24 . 2009-05-26 11:40 26488 c:\windows\SoftwareDistribution\Download\02436769f1bb08660087299442ccda82\update\spcustom.dll

- 2011-10-18 03:24 . 2009-05-26 11:40 17272 c:\windows\SoftwareDistribution\Download\02436769f1bb08660087299442ccda82\spmsg.dll

- 2011-10-13 12:02 . 2007-11-30 12:39 26488 c:\windows\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\update\spcustom.dll

- 2011-10-13 12:02 . 2007-11-30 12:39 17272 c:\windows\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\spmsg.dll

- 2011-10-13 11:48 . 2008-07-08 13:02 26488 c:\windows\SoftwareDistribution\Download\01229cf5dcf0df67992cac35a2ba0b3f\update\spcustom.dll

- 2011-10-13 11:48 . 2008-07-08 13:02 17272 c:\windows\SoftwareDistribution\Download\01229cf5dcf0df67992cac35a2ba0b3f\spmsg.dll

- 2011-10-13 11:51 . 2009-05-26 11:40 26488 c:\windows\SoftwareDistribution\Download\0034610052cb298a78a7ba8a4f6282e6\update\spcustom.dll

- 2011-10-13 11:51 . 2009-05-26 11:40 17272 c:\windows\SoftwareDistribution\Download\0034610052cb298a78a7ba8a4f6282e6\spmsg.dll

+ 2002-08-29 12:00 . 2008-04-14 09:41 157225 c:\windows\system32\vrcrs.dll

+ 2004-08-04 07:56 . 2004-08-04 07:56 151552 c:\windows\system32\scrrun.dll

+ 2011-11-18 11:55 . 2011-11-18 11:55 247968 c:\windows\system32\Macromed\Flash\FlashUtil11e_Plugin.exe

+ 2006-06-09 19:30 . 2011-10-22 02:14 126912 c:\windows\system32\FNTCACHE.DAT

+ 2004-08-04 07:56 . 2004-08-04 07:56 151552 c:\windows\system32\dllcache\scrrun.dll

- 2011-10-18 03:26 . 2010-07-05 13:16 382840 c:\windows\SoftwareDistribution\Download\ff0686f2f699fa07ed5ad0848fa3055b\update\updspapi.dll

- 2011-10-18 03:26 . 2010-07-05 13:15 755576 c:\windows\SoftwareDistribution\Download\ff0686f2f699fa07ed5ad0848fa3055b\update\update.exe

- 2011-10-18 03:26 . 2010-07-05 13:15 231288 c:\windows\SoftwareDistribution\Download\ff0686f2f699fa07ed5ad0848fa3055b\spuninst.exe

- 2011-10-13 11:52 . 2007-11-30 12:39 382840 c:\windows\SoftwareDistribution\Download\fae8bc4d2da2adc1b9109ef4e6cecd1f\update\updspapi.dll

- 2011-10-13 11:52 . 2007-11-30 12:39 755576 c:\windows\SoftwareDistribution\Download\fae8bc4d2da2adc1b9109ef4e6cecd1f\update\update.exe

- 2011-10-13 11:52 . 2007-11-30 12:39 231288 c:\windows\SoftwareDistribution\Download\fae8bc4d2da2adc1b9109ef4e6cecd1f\spuninst.exe

- 2011-10-18 03:23 . 2009-05-26 11:40 382840 c:\windows\SoftwareDistribution\Download\f732943e48ae6ad004950fdcc657b6f7\update\updspapi.dll

- 2011-10-18 03:23 . 2009-05-26 11:40 755576 c:\windows\SoftwareDistribution\Download\f732943e48ae6ad004950fdcc657b6f7\update\update.exe

- 2011-10-18 03:23 . 2009-05-26 11:40 231288 c:\windows\SoftwareDistribution\Download\f732943e48ae6ad004950fdcc657b6f7\spuninst.exe

- 2011-10-13 11:51 . 2007-11-30 12:39 382840 c:\windows\SoftwareDistribution\Download\f6ae6c01481096f08117233982ca37f9\update\updspapi.dll

- 2011-10-13 11:51 . 2007-11-30 12:39 755576 c:\windows\SoftwareDistribution\Download\f6ae6c01481096f08117233982ca37f9\update\update.exe

- 2011-10-13 11:51 . 2007-11-30 12:39 231288 c:\windows\SoftwareDistribution\Download\f6ae6c01481096f08117233982ca37f9\spuninst.exe

- 2011-10-13 11:51 . 2009-05-26 11:40 382840 c:\windows\SoftwareDistribution\Download\f2adb0f8440e5dbd459aa6bfcaed1ba5\update\updspapi.dll

- 2011-10-13 11:51 . 2009-05-26 11:40 755576 c:\windows\SoftwareDistribution\Download\f2adb0f8440e5dbd459aa6bfcaed1ba5\update\update.exe

- 2011-10-13 11:51 . 2009-05-26 11:40 231288 c:\windows\SoftwareDistribution\Download\f2adb0f8440e5dbd459aa6bfcaed1ba5\spuninst.exe

- 2011-10-18 03:24 . 2009-05-26 11:40 382840 c:\windows\SoftwareDistribution\Download\f0fea42f69058000617da24986c3b109\update\updspapi.dll

- 2011-10-18 03:24 . 2009-05-26 11:40 755576 c:\windows\SoftwareDistribution\Download\f0fea42f69058000617da24986c3b109\update\update.exe

- 2011-10-18 03:24 . 2009-05-26 11:40 231288 c:\windows\SoftwareDistribution\Download\f0fea42f69058000617da24986c3b109\spuninst.exe

- 2011-10-18 03:26 . 2010-07-05 13:16 382840 c:\windows\SoftwareDistribution\Download\ed4f302dcc552910bc5d521f28b9ef85\update\updspapi.dll

- 2011-10-18 03:26 . 2010-07-05 13:15 755576 c:\windows\SoftwareDistribution\Download\ed4f302dcc552910bc5d521f28b9ef85\update\update.exe

- 2011-10-18 03:26 . 2010-07-05 13:15 231288 c:\windows\SoftwareDistribution\Download\ed4f302dcc552910bc5d521f28b9ef85\spuninst.exe

- 2011-10-18 03:25 . 2010-02-22 14:23 382840 c:\windows\SoftwareDistribution\Download\e8252bbfa91fcf5afb38775b18691074\update\updspapi.dll

- 2011-10-18 03:25 . 2010-02-22 14:23 755576 c:\windows\SoftwareDistribution\Download\e8252bbfa91fcf5afb38775b18691074\update\update.exe

- 2011-10-18 03:25 . 2010-02-22 14:23 231288 c:\windows\SoftwareDistribution\Download\e8252bbfa91fcf5afb38775b18691074\spuninst.exe

- 2011-10-18 03:24 . 2009-05-26 11:40 382840 c:\windows\SoftwareDistribution\Download\e104dcd29adf1c6c473a5efad2d509be\update\updspapi.dll

- 2011-10-18 03:24 . 2009-05-26 11:40 755576 c:\windows\SoftwareDistribution\Download\e104dcd29adf1c6c473a5efad2d509be\update\update.exe

- 2011-10-18 03:24 . 2009-05-26 09:01 231288 c:\windows\SoftwareDistribution\Download\e104dcd29adf1c6c473a5efad2d509be\spuninst.exe

- 2011-10-13 11:49 . 2009-05-26 11:40 382840 c:\windows\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944\update\updspapi.dll

- 2011-10-13 11:49 . 2009-05-26 11:40 755576 c:\windows\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944\update\update.exe

- 2011-10-13 11:49 . 2008-07-08 13:02 231288 c:\windows\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944\spuninst.exe

- 2011-10-13 12:02 . 2007-11-30 12:39 382840 c:\windows\SoftwareDistribution\Download\dd6c2e7701be1a2e63281605463e5e51\update\updspapi.dll

- 2011-10-13 12:02 . 2007-11-30 12:39 755576 c:\windows\SoftwareDistribution\Download\dd6c2e7701be1a2e63281605463e5e51\update\update.exe

- 2011-10-13 12:02 . 2007-11-30 12:39 231288 c:\windows\SoftwareDistribution\Download\dd6c2e7701be1a2e63281605463e5e51\spuninst.exe

- 2011-10-13 11:51 . 2009-05-26 11:40 382840 c:\windows\SoftwareDistribution\Download\da2a33b6770f970d7fe7262040f98a4f\update\updspapi.dll

- 2011-10-13 11:51 . 2009-05-26 11:40 755576 c:\windows\SoftwareDistribution\Download\da2a33b6770f970d7fe7262040f98a4f\update\update.exe

- 2011-10-13 11:51 . 2009-05-26 11:40 231288 c:\windows\SoftwareDistribution\Download\da2a33b6770f970d7fe7262040f98a4f\spuninst.exe

- 2011-10-13 12:02 . 2009-05-26 11:40 382840 c:\windows\SoftwareDistribution\Download\d48a3b967ba5709df048e8f2a49cf8a6\update\updspapi.dll

- 2011-10-13 12:02 . 2009-05-26 11:40 755576 c:\windows\SoftwareDistribution\Download\d48a3b967ba5709df048e8f2a49cf8a6\update\update.exe

- 2011-10-13 12:02 . 2008-07-08 13:02 231288 c:\windows\SoftwareDistribution\Download\d48a3b967ba5709df048e8f2a49cf8a6\spuninst.exe

- 2011-10-13 12:02 . 2009-05-26 11:40 382840 c:\windows\SoftwareDistribution\Download\d3767eab8f4479a8d252b47e8ec225c8\update\updspapi.dll

- 2011-10-13 12:02 . 2009-05-26 11:40 755576 c:\windows\SoftwareDistribution\Download\d3767eab8f4479a8d252b47e8ec225c8\update\update.exe

- 2011-10-13 12:02 . 2008-07-08 13:02 231288 c:\windows\SoftwareDistribution\Download\d3767eab8f4479a8d252b47e8ec225c8\spuninst.exe

- 2011-10-18 03:25 . 2009-05-26 11:40 382840 c:\windows\SoftwareDistribution\Download\cedca0128a48437390192d906f83a717\update\updspapi.dll

- 2011-10-18 03:25 . 2009-05-26 11:40 755576 c:\windows\SoftwareDistribution\Download\cedca0128a48437390192d906f83a717\update\update.exe

- 2011-10-18 03:25 . 2008-07-08 13:02 231288 c:\windows\SoftwareDistribution\Download\cedca0128a48437390192d906f83a717\spuninst.exe

- 2011-10-13 11:52 . 2009-05-26 11:40 382840 c:\windows\SoftwareDistribution\Download\c0c52c03306062533f7dcb087bfcfa6b\update\updspapi.dll

- 2011-10-13 11:52 . 2009-05-26 11:40 755576 c:\windows\SoftwareDistribution\Download\c0c52c03306062533f7dcb087bfcfa6b\update\update.exe

- 2011-10-13 11:52 . 2009-05-26 11:40 231288 c:\windows\SoftwareDistribution\Download\c0c52c03306062533f7dcb087bfcfa6b\spuninst.exe

- 2011-10-18 03:26 . 2010-07-05 13:16 382840 c:\windows\SoftwareDistribution\Download\bc8ea6c22fd142de8dd67336d23310cf\update\updspapi.dll

- 2011-10-18 03:26 . 2010-07-05 13:15 755576 c:\windows\SoftwareDistribution\Download\bc8ea6c22fd142de8dd67336d23310cf\update\update.exe

- 2011-10-18 03:26 . 2010-07-05 13:15 231288 c:\windows\SoftwareDistribution\Download\bc8ea6c22fd142de8dd67336d23310cf\spuninst.exe

- 2011-10-18 03:25 . 2010-07-05 13:16 382840 c:\windows\SoftwareDistribution\Download\bc529fa49cb2cb097fdf1e22d25872da\update\updspapi.dll

- 2011-10-18 03:25 . 2010-07-05 13:15 755576 c:\windows\SoftwareDistribution\Download\bc529fa49cb2cb097fdf1e22d25872da\update\update.exe

- 2011-10-18 03:25 . 2010-07-05 13:15 231288 c:\windows\SoftwareDistribution\Download\bc529fa49cb2cb097fdf1e22d25872da\spuninst.exe

- 2011-10-13 11:52 . 2009-05-26 11:40 382840 c:\windows\SoftwareDistribution\Download\b7f0b2892b21211a5630518d058f48d9\update\updspapi.dll

- 2011-10-13 11:52 . 2009-05-26 11:40 755576 c:\windows\SoftwareDistribution\Download\b7f0b2892b21211a5630518d058f48d9\update\update.exe

- 2011-10-13 11:52 . 2009-05-26 11:40 231288 c:\windows\SoftwareDistribution\Download\b7f0b2892b21211a5630518d058f48d9\spuninst.exe

- 2011-10-18 03:25 . 2010-07-05 13:16 382840 c:\windows\SoftwareDistribution\Download\b5f880834ad67f3d383ffff5f2fa46bd\update\updspapi.dll

- 2011-10-18 03:25 . 2010-07-05 13:15 755576 c:\windows\SoftwareDistribution\Download\b5f880834ad67f3d383ffff5f2fa46bd\update\update.exe

- 2011-10-18 03:25 . 2010-07-05 13:15 231288 c:\windows\SoftwareDistribution\Download\b5f880834ad67f3d383ffff5f2fa46bd\spuninst.exe

- 2011-10-18 03:23 . 2010-02-22 14:23 382840 c:\windows\SoftwareDistribution\Download\b32129dfa4870d4292d84648b08ecb81\update\updspapi.dll

- 2011-10-18 03:23 . 2010-02-22 14:23 755576 c:\windows\SoftwareDistribution\Download\b32129dfa4870d4292d84648b08ecb81\update\update.exe

- 2011-10-18 03:23 . 2010-02-22 14:23 231288 c:\windows\SoftwareDistribution\Download\b32129dfa4870d4292d84648b08ecb81\spuninst.exe

- 2011-10-18 03:25 . 2010-07-05 13:16 382840 c:\windows\SoftwareDistribution\Download\abaf10b7d55d3716fbb63e0b568cb4b6\update\updspapi.dll

- 2011-10-18 03:25 . 2010-07-05 13:15 755576 c:\windows\SoftwareDistribution\Download\abaf10b7d55d3716fbb63e0b568cb4b6\update\update.exe

- 2011-10-18 03:25 . 2010-07-05 13:15 231288 c:\windows\SoftwareDistribution\Download\abaf10b7d55d3716fbb63e0b568cb4b6\spuninst.exe

- 2011-10-13 11:52 . 2009-05-26 11:40 382840 c:\windows\SoftwareDistribution\Download\9868363812bbe4a0a4d814b7943ba906\update\updspapi.dll

- 2011-10-13 11:52 . 2009-05-26 11:40 755576 c:\windows\SoftwareDistribution\Download\9868363812bbe4a0a4d814b7943ba906\update\update.exe

- 2011-10-13 11:52 . 2009-05-26 11:40 231288 c:\windows\SoftwareDistribution\Download\9868363812bbe4a0a4d814b7943ba906\spuninst.exe

- 2011-10-18 03:24 . 2009-05-26 11:40 382840 c:\windows\SoftwareDistribution\Download\9460002f6d8231358fc1eb590f9b1dce\update\updspapi.dll

- 2011-10-18 03:24 . 2009-05-26 11:40 755576 c:\windows\SoftwareDistribution\Download\9460002f6d8231358fc1eb590f9b1dce\update\update.exe

- 2011-10-18 03:24 . 2009-05-26 11:40 231288 c:\windows\SoftwareDistribution\Download\9460002f6d8231358fc1eb590f9b1dce\spuninst.exe

- 2011-10-18 03:26 . 2010-07-05 13:16 382840 c:\windows\SoftwareDistribution\Download\91bb70b5a1849f810c5f176944405927\update\updspapi.dll

- 2011-10-18 03:26 . 2010-07-05 13:15 755576 c:\windows\SoftwareDistribution\Download\91bb70b5a1849f810c5f176944405927\update\update.exe

- 2011-10-18 03:26 . 2010-07-05 13:15 231288 c:\windows\SoftwareDistribution\Download\91bb70b5a1849f810c5f176944405927\spuninst.exe

- 2011-10-18 03:24 . 2009-05-26 11:40 382840 c:\windows\SoftwareDistribution\Download\906245b7f0992255b054322b77475594\update\updspapi.dll

- 2011-10-18 03:24 . 2009-05-26 11:40 755576 c:\windows\SoftwareDistribution\Download\906245b7f0992255b054322b77475594\update\update.exe

- 2011-10-18 03:24 . 2009-05-26 11:40 231288 c:\windows\SoftwareDistribution\Download\906245b7f0992255b054322b77475594\spuninst.exe

- 2011-10-13 12:02 . 2007-11-30 12:39 382840 c:\windows\SoftwareDistribution\Download\8cac00e8efc87d728c0261686f85c975\update\updspapi.dll

- 2011-10-13 12:02 . 2007-11-30 12:39 755576 c:\windows\SoftwareDistribution\Download\8cac00e8efc87d728c0261686f85c975\update\update.exe

- 2011-10-13 12:02 . 2007-11-30 12:39 231288 c:\windows\SoftwareDistribution\Download\8cac00e8efc87d728c0261686f85c975\spuninst.exe

- 2011-10-18 03:26 . 2010-07-05 13:16 382840 c:\windows\SoftwareDistribution\Download\86e02b9df514f7fcd2b873c29d592eb3\update\updspapi.dll

- 2011-10-18 03:26 . 2010-07-05 13:15 755576 c:\windows\SoftwareDistribution\Download\86e02b9df514f7fcd2b873c29d592eb3\update\update.exe

- 2011-10-18 03:26 . 2010-07-05 13:15 231288 c:\windows\SoftwareDistribution\Download\86e02b9df514f7fcd2b873c29d592eb3\spuninst.exe

- 2011-10-13 12:01 . 2009-05-26 11:40 382840 c:\windows\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\update\updspapi.dll

- 2011-10-13 12:01 . 2009-05-26 11:40 755576 c:\windows\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\update\update.exe

- 2011-10-13 12:01 . 2009-05-26 11:40 231288 c:\windows\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\spuninst.exe

- 2011-10-13 11:49 . 2009-05-26 11:40 382840 c:\windows\SoftwareDistribution\Download\78cf8552430e25a8f24bc1e4dfb1970e\update\updspapi.dll

- 2011-10-13 11:49 . 2009-05-26 11:40 755576 c:\windows\SoftwareDistribution\Download\78cf8552430e25a8f24bc1e4dfb1970e\update\update.exe

- 2011-10-13 11:49 . 2008-07-08 13:02 231288 c:\windows\SoftwareDistribution\Download\78cf8552430e25a8f24bc1e4dfb1970e\spuninst.exe

- 2011-10-13 12:02 . 2009-05-26 11:40 382840 c:\windows\SoftwareDistribution\Download\6a410a1bd174bc123056d235ac4829af\update\updspapi.dll

- 2011-10-13 12:02 . 2009-05-26 11:40 755576 c:\windows\SoftwareDistribution\Download\6a410a1bd174bc123056d235ac4829af\update\update.exe

- 2011-10-13 12:02 . 2009-05-26 11:40 231288 c:\windows\SoftwareDistribution\Download\6a410a1bd174bc123056d235ac4829af\spuninst.exe

- 2011-10-18 03:26 . 2010-07-05 13:16 382840 c:\windows\SoftwareDistribution\Download\6870f168611996e69348307ffc62e858\update\updspapi.dll

- 2011-10-18 03:26 . 2010-07-05 13:15 755576 c:\windows\SoftwareDistribution\Download\6870f168611996e69348307ffc62e858\update\update.exe

- 2011-10-18 03:26 . 2010-07-05 13:15 231288 c:\windows\SoftwareDistribution\Download\6870f168611996e69348307ffc62e858\spuninst.exe

- 2011-10-13 12:01 . 2008-07-09 07:38 382840 c:\windows\SoftwareDistribution\Download\64cc77a1a7652da2d7ace79940460770\update\updspapi.dll

- 2011-10-13 12:01 . 2008-07-09 07:38 755576 c:\windows\SoftwareDistribution\Download\64cc77a1a7652da2d7ace79940460770\update\update.exe

- 2011-10-13 12:01 . 2008-07-09 07:38 231288 c:\windows\SoftwareDistribution\Download\64cc77a1a7652da2d7ace79940460770\spuninst.exe

- 2011-10-18 03:25 . 2010-02-22 14:23 382840 c:\windows\SoftwareDistribution\Download\6482b73e551a94e4c78c8d847c4bb10c\update\updspapi.dll

- 2011-10-18 03:25 . 2010-02-22 14:23 755576 c:\windows\SoftwareDistribution\Download\6482b73e551a94e4c78c8d847c4bb10c\update\update.exe

- 2011-10-18 03:25 . 2010-02-22 14:23 231288 c:\windows\SoftwareDistribution\Download\6482b73e551a94e4c78c8d847c4bb10c\spuninst.exe

- 2011-10-18 03:25 . 2010-07-05 13:16 382840 c:\windows\SoftwareDistribution\Download\6006b16c1fd02cf49cb91496eb5460a0\update\updspapi.dll

- 2011-10-18 03:25 . 2010-07-05 13:15 755576 c:\windows\SoftwareDistribution\Download\6006b16c1fd02cf49cb91496eb5460a0\update\update.exe

- 2011-10-18 03:25 . 2010-07-05 13:15 231288 c:\windows\SoftwareDistribution\Download\6006b16c1fd02cf49cb91496eb5460a0\spuninst.exe

- 2011-10-13 12:01 . 2009-05-26 11:40 382840 c:\windows\SoftwareDistribution\Download\5cfa09586faf6d9470f0c817d855bb6b\update\updspapi.dll

- 2011-10-13 12:01 . 2009-05-26 11:40 755576 c:\windows\SoftwareDistribution\Download\5cfa09586faf6d9470f0c817d855bb6b\update\update.exe

- 2011-10-13 12:01 . 2009-05-26 11:40 231288 c:\windows\SoftwareDistribution\Download\5cfa09586faf6d9470f0c817d855bb6b\spuninst.exe

- 2011-10-18 03:24 . 2009-05-26 11:40 382840 c:\windows\SoftwareDistribution\Download\50fe132a7570a44aa0493f01e4692d6e\update\updspapi.dll

- 2011-10-18 03:24 . 2009-05-26 11:40 755576 c:\windows\SoftwareDistribution\Download\50fe132a7570a44aa0493f01e4692d6e\update\update.exe

- 2011-10-18 03:24 . 2009-05-26 11:40 231288 c:\windows\SoftwareDistribution\Download\50fe132a7570a44aa0493f01e4692d6e\spuninst.exe

- 2011-10-13 12:02 . 2009-05-26 11:40 382840 c:\windows\SoftwareDistribution\Download\50e2c72fd814d3841e776dd2c4918260\update\updspapi.dll

- 2011-10-13 12:02 . 2009-05-26 11:40 755576 c:\windows\SoftwareDistribution\Download\50e2c72fd814d3841e776dd2c4918260\update\update.exe

- 2011-10-13 12:02 . 2009-05-26 11:40 231288 c:\windows\SoftwareDistribution\Download\50e2c72fd814d3841e776dd2c4918260\spuninst.exe

- 2011-10-18 03:25 . 2010-07-05 13:16 382840 c:\windows\SoftwareDistribution\Download\3cc7b97fc7dac19eb2799b072f371e59\update\updspapi.dll

- 2011-10-18 03:25 . 2010-07-05 13:15 755576 c:\windows\SoftwareDistribution\Download\3cc7b97fc7dac19eb2799b072f371e59\update\update.exe

- 2011-10-18 03:25 . 2010-07-05 13:15 231288 c:\windows\SoftwareDistribution\Download\3cc7b97fc7dac19eb2799b072f371e59\spuninst.exe

- 2011-10-18 03:22 . 2007-11-30 12:39 382840 c:\windows\SoftwareDistribution\Download\37ea7d9587e54acc7afa27dc26096f4f\update\updspapi.dll

- 2011-10-18 03:22 . 2007-11-30 12:39 755576 c:\windows\SoftwareDistribution\Download\37ea7d9587e54acc7afa27dc26096f4f\update\update.exe

- 2011-10-18 03:22 . 2007-11-30 12:39 231288 c:\windows\SoftwareDistribution\Download\37ea7d9587e54acc7afa27dc26096f4f\spuninst.exe

- 2011-10-13 11:50 . 2008-07-09 07:38 382840 c:\windows\SoftwareDistribution\Download\3361704fe1a0367fcfe17758efab6972\update\updspapi.dll

- 2011-10-13 11:50 . 2008-07-09 07:38 755576 c:\windows\SoftwareDistribution\Download\3361704fe1a0367fcfe17758efab6972\update\update.exe

- 2011-10-13 11:50 . 2008-07-08 13:02 231288 c:\windows\SoftwareDistribution\Download\3361704fe1a0367fcfe17758efab6972\spuninst.exe

- 2011-10-13 12:02 . 2009-05-26 11:40 382840 c:\windows\SoftwareDistribution\Download\2e6b16219034e135b4f869efb7a10fee\update\updspapi.dll

- 2011-10-13 12:02 . 2009-05-26 11:40 755576 c:\windows\SoftwareDistribution\Download\2e6b16219034e135b4f869efb7a10fee\update\update.exe

- 2011-10-13 12:02 . 2009-05-26 11:40 231288 c:\windows\SoftwareDistribution\Download\2e6b16219034e135b4f869efb7a10fee\spuninst.exe

- 2011-10-18 03:26 . 2010-07-05 13:16 382840 c:\windows\SoftwareDistribution\Download\299840a657dd26ca3bbf3cee3ec999ba\update\updspapi.dll

- 2011-10-18 03:26 . 2010-07-05 13:15 755576 c:\windows\SoftwareDistribution\Download\299840a657dd26ca3bbf3cee3ec999ba\update\update.exe

- 2011-10-18 03:26 . 2010-07-05 13:15 231288 c:\windows\SoftwareDistribution\Download\299840a657dd26ca3bbf3cee3ec999ba\spuninst.exe

- 2011-10-18 03:25 . 2010-07-05 13:16 382840 c:\windows\SoftwareDistribution\Download\27348dbc9e5f0706cbb7e62b9f41ae6e\update\updspapi.dll

- 2011-10-18 03:25 . 2010-07-05 13:15 755576 c:\windows\SoftwareDistribution\Download\27348dbc9e5f0706cbb7e62b9f41ae6e\update\update.exe

- 2011-10-18 03:25 . 2010-07-05 13:15 231288 c:\windows\SoftwareDistribution\Download\27348dbc9e5f0706cbb7e62b9f41ae6e\spuninst.exe

- 2011-10-13 11:52 . 2009-05-26 11:40 382840 c:\windows\SoftwareDistribution\Download\269630a60abe4177f0ba214686d6ebda\update\updspapi.dll

- 2011-10-13 11:52 . 2009-05-26 11:40 755576 c:\windows\SoftwareDistribution\Download\269630a60abe4177f0ba214686d6ebda\update\update.exe

- 2011-10-13 11:52 . 2009-05-26 11:40 231288 c:\windows\SoftwareDistribution\Download\269630a60abe4177f0ba214686d6ebda\spuninst.exe

- 2011-10-13 11:52 . 2009-05-26 11:40 382840 c:\windows\SoftwareDistribution\Download\23e79e5fb28793d8cb1c2055b0d8dcb9\update\updspapi.dll

- 2011-10-13 11:52 . 2009-05-26 11:40 755576 c:\windows\SoftwareDistribution\Download\23e79e5fb28793d8cb1c2055b0d8dcb9\update\update.exe

- 2011-10-13 11:52 . 2009-05-26 11:40 231288 c:\windows\SoftwareDistribution\Download\23e79e5fb28793d8cb1c2055b0d8dcb9\spuninst.exe

- 2011-10-13 11:48 . 2009-05-26 11:40 382840 c:\windows\SoftwareDistribution\Download\22f1a1e628f2ceada1948d2c604b5154\update\updspapi.dll

- 2011-10-13 11:48 . 2009-05-26 11:40 755576 c:\windows\SoftwareDistribution\Download\22f1a1e628f2ceada1948d2c604b5154\update\update.exe

- 2011-10-13 11:48 . 2008-07-08 13:02 231288 c:\windows\SoftwareDistribution\Download\22f1a1e628f2ceada1948d2c604b5154\spuninst.exe

- 2011-10-18 03:22 . 2007-11-30 12:39 382840 c:\windows\SoftwareDistribution\Download\1201b6f74bae1015eceeea43baed9814\update\updspapi.dll

- 2011-10-18 03:22 . 2007-11-30 12:39 755576 c:\windows\SoftwareDistribution\Download\1201b6f74bae1015eceeea43baed9814\update\update.exe

- 2011-10-18 03:22 . 2007-11-30 12:39 231288 c:\windows\SoftwareDistribution\Download\1201b6f74bae1015eceeea43baed9814\spuninst.exe

- 2011-10-13 11:51 . 2009-05-26 11:40 382840 c:\windows\SoftwareDistribution\Download\0fa2ac15b3f3d16ecfc880648002b82e\update\updspapi.dll

- 2011-10-13 11:51 . 2009-05-26 11:40 755576 c:\windows\SoftwareDistribution\Download\0fa2ac15b3f3d16ecfc880648002b82e\update\update.exe

- 2011-10-13 11:51 . 2008-07-08 13:02 231288 c:\windows\SoftwareDistribution\Download\0fa2ac15b3f3d16ecfc880648002b82e\spuninst.exe

- 2011-10-13 11:51 . 2009-05-26 11:40 382840 c:\windows\SoftwareDistribution\Download\0dd0244816ffb4b094c1caba4c3b1178\update\updspapi.dll

- 2011-10-13 11:51 . 2009-05-26 11:40 755576 c:\windows\SoftwareDistribution\Download\0dd0244816ffb4b094c1caba4c3b1178\update\update.exe

- 2011-10-13 11:51 . 2009-05-26 11:40 231288 c:\windows\SoftwareDistribution\Download\0dd0244816ffb4b094c1caba4c3b1178\spuninst.exe

- 2011-10-13 12:02 . 2009-05-26 11:40 382840 c:\windows\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\update\updspapi.dll

- 2011-10-13 12:02 . 2009-05-26 11:40 755576 c:\windows\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\update\update.exe

- 2011-10-13 12:02 . 2008-07-08 13:02 231288 c:\windows\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\spuninst.exe

- 2011-10-18 03:24 . 2009-05-26 11:40 382840 c:\windows\SoftwareDistribution\Download\02436769f1bb08660087299442ccda82\update\updspapi.dll

- 2011-10-18 03:24 . 2009-05-26 11:40 755576 c:\windows\SoftwareDistribution\Download\02436769f1bb08660087299442ccda82\update\update.exe

- 2011-10-18 03:24 . 2009-05-26 11:40 231288 c:\windows\SoftwareDistribution\Download\02436769f1bb08660087299442ccda82\spuninst.exe

- 2011-10-13 12:02 . 2007-11-30 12:39 382840 c:\windows\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\update\updspapi.dll

- 2011-10-13 12:02 . 2007-11-30 12:39 755576 c:\windows\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\update\update.exe

- 2011-10-13 12:02 . 2007-11-30 12:39 231288 c:\windows\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\spuninst.exe

- 2011-10-13 11:48 . 2009-05-26 11:40 382840 c:\windows\SoftwareDistribution\Download\01229cf5dcf0df67992cac35a2ba0b3f\update\updspapi.dll

- 2011-10-13 11:48 . 2009-05-26 11:40 755576 c:\windows\SoftwareDistribution\Download\01229cf5dcf0df67992cac35a2ba0b3f\update\update.exe

- 2011-10-13 11:48 . 2008-07-08 13:02 231288 c:\windows\SoftwareDistribution\Download\01229cf5dcf0df67992cac35a2ba0b3f\spuninst.exe

- 2011-10-13 11:51 . 2009-05-26 11:40 382840 c:\windows\SoftwareDistribution\Download\0034610052cb298a78a7ba8a4f6282e6\update\updspapi.dll

- 2011-10-13 11:51 . 2009-05-26 11:40 755576 c:\windows\SoftwareDistribution\Download\0034610052cb298a78a7ba8a4f6282e6\update\update.exe

- 2011-10-13 11:51 . 2009-05-26 11:40 231288 c:\windows\SoftwareDistribution\Download\0034610052cb298a78a7ba8a4f6282e6\spuninst.exe

+ 2011-11-19 15:44 . 2011-11-19 15:44 301056 c:\windows\Installer\62a5ef.msi

+ 2004-02-23 08:00 . 2004-02-23 08:00 1386496 c:\windows\system32\msvbvm60.dll

+ 2010-01-27 01:07 . 2011-11-18 11:55 8527008 c:\windows\system32\Macromed\Flash\NPSWF32.dll

+ 2007-05-05 00:40 . 2011-11-19 06:05 15411796 c:\windows\system32\Restore\rstrlog.dat

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]

c:\windows\system32\dumprep 0 -u [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]

2011-09-30 11:35 5361272 ----a-w- c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2001-07-09 15:50 155648 -c--a-w- c:\windows\system32\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2007-02-10 01:56 98304 ----a-w- c:\program files\QuickTime\qttask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

2009-03-05 20:07 2260480 -c----w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]

2003-05-07 20:32 36864 -c--a-r- c:\windows\system32\VTTimer.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"Messenger"=2 (0x2)

"McciCMService"=2 (0x2)

"gusvc"=3 (0x3)

"wuauserv"=2 (0x2)

"wscsvc"=2 (0x2)

"TrkWks"=2 (0x2)

"Themes"=2 (0x2)

"TapiSrv"=3 (0x3)

"SysmonLog"=3 (0x3)

"Schedule"=2 (0x2)

"SCardSvr"=3 (0x3)

"FastUserSwitchingCompatibility"=3 (0x3)

"Eventlog"=2 (0x2)

"ERSvc"=2 (0x2)

"idsvc"=3 (0x3)

"AMDFusionSVC"=2 (0x2)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"ctfmon.exe"=c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

"VTTimer"=VTTimer.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"6027:TCP"= 6027:TCP:rcntsjph

.

R2 druudwilx;Driver Center;c:\windows\system32\svchost.exe [2008-04-14 14336]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]

R4 MaxSch2Svc;Maxtor Scheduler2 Service;c:\program files\Common Files\Maxtor\Schedule2\schedul2.exe [x]

S3 DCamUSBNW802;PC Camera Capture;c:\windows\system32\DRIVERS\pcam.sys [2006-09-25 269480]

.

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

druudwilx

.

Contents of the 'Scheduled Tasks' folder

.

2011-10-16 c:\windows\Tasks\WGASetup.job

- c:\windows\system32\KB905474\wgasetup.exe [2011-10-15 02:18]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

Trusted Zone: rexplorer.net

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\Sonia Evans\Application Data\Mozilla\Firefox\Profiles\axuvh315.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - user.js: yahoo.homepage.dontask - true

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-11-21 00:06

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\druudwilx]

"ServiceDll"="c:\windows\system32\vrcrs.dll"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(344)

c:\windows\system32\webcheck.dll

c:\windows\system32\IEFRAME.dll

c:\windows\system32\msls31.dll

c:\windows\system32\OneX.DLL

c:\windows\system32\eappprxy.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\msiexec.exe

c:\windows\System32\locator.exe

c:\windows\system32\wdfmgr.exe

.

**************************************************************************

.

Completion time: 2011-11-21 00:10:35 - machine was rebooted

ComboFix-quarantined-files.txt 2011-11-21 05:10

ComboFix2.txt 2011-11-19 14:33

ComboFix3.txt 2011-10-21 02:31

ComboFix4.txt 2011-10-14 04:37

ComboFix5.txt 2011-11-21 04:57

.

Pre-Run: 65,964,105,728 bytes free

Post-Run: 65,953,120,256 bytes free

.

- - End Of File - - E9011B5AF3E9766510D54357228C2DED

Link to post
Share on other sites

I feel like there is still something going on, I am too tired to look around in this computer for the moment, but that screen "reload" tell me that things are still doing too much. Thanks you for your help so far, as my computer is working much better. My keyboard is not stalling out and I can type as fast as possible and it is not missing any keystrokes!!! So, I know it is working much better. But, closing down the browser or making it small has the screen still doing the real slow "reload". It takes about 4-5 writes to build the whole wallpaper pic.

Link to post
Share on other sites

Copy/paste the text in the Codebox below into notepad:

Here's how to do that:

Click Start > Run type Notepad click OK.

This will open an empty notepad file:

Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text.

KillAll::

File::
c:\windows\system32\vrcrs.dll

NetSvc::
druudwilx

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6027:TCP"=-
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\druudwilx]

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;

2.Click Save As... Change the directory to your desktop;

3.Change the Save as type to "All Files";

4.Type in the file name: CFScript

5.Click Save ...

CFScriptB-4.gif

Drag CFScript.txt into ComboFix.exe

Then post the results log using Copy / Paste

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

LDTate, ok here is the new combofix txt. Then in the following thread I will post what I got today from AT&T in email. As i type this my keyboard is hanging up again and all my symptoms have returned! I keep having to dnsflush to get back to this website?!

ComboFix 11-11-20.02 - Sonia Evans 11/21/2011 23:22:06.8.1 - x86

Running from: c:\internet downloads\ComboFix.exe

Command switches used :: c:\documents and settings\All Users\Documents\CFScript.txt

* Created a new restore point

.

FILE ::

"c:\windows\system32\vrcrs.dll"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

c:\windows\system32\vrcrs.dll

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_druudwilx

-------\Service_druudwilx

.

.

((((((((((((((((((((((((( Files Created from 2011-10-22 to 2011-11-22 )))))))))))))))))))))))))))))))

.

.

2011-11-21 04:12 . 2011-11-21 04:12 -------- d-sh--w- c:\documents and settings\Sonia Evans\IECompatCache

2011-11-19 15:52 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-11-13 18:41 . 2011-11-13 18:42 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-18 11:55 . 2011-08-16 10:41 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-20 11:59 . 2011-10-20 03:28 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe

2011-08-31 21:00 . 2009-11-22 23:55 22216 -c--a-w- c:\windows\system32\drivers\mbam.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]

c:\windows\system32\dumprep 0 -u [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]

2011-09-30 11:35 5361272 ----a-w- c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2001-07-09 15:50 155648 -c--a-w- c:\windows\system32\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2007-02-10 01:56 98304 ----a-w- c:\program files\QuickTime\qttask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

2009-03-05 20:07 2260480 -c----w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]

2003-05-07 20:32 36864 -c--a-r- c:\windows\system32\VTTimer.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"Messenger"=2 (0x2)

"McciCMService"=2 (0x2)

"gusvc"=3 (0x3)

"wuauserv"=2 (0x2)

"wscsvc"=2 (0x2)

"TrkWks"=2 (0x2)

"Themes"=2 (0x2)

"TapiSrv"=3 (0x3)

"SysmonLog"=3 (0x3)

"Schedule"=2 (0x2)

"SCardSvr"=3 (0x3)

"FastUserSwitchingCompatibility"=3 (0x3)

"Eventlog"=2 (0x2)

"ERSvc"=2 (0x2)

"idsvc"=3 (0x3)

"AMDFusionSVC"=2 (0x2)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"ctfmon.exe"=c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

"VTTimer"=VTTimer.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

.

R2 druudwilx;Driver Center;c:\windows\system32\svchost.exe [2008-04-14 14336]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]

R4 MaxSch2Svc;Maxtor Scheduler2 Service;c:\program files\Common Files\Maxtor\Schedule2\schedul2.exe [x]

S3 DCamUSBNW802;PC Camera Capture;c:\windows\system32\DRIVERS\pcam.sys [2006-09-25 269480]

.

.

Contents of the 'Scheduled Tasks' folder

.

2011-10-16 c:\windows\Tasks\WGASetup.job

- c:\windows\system32\KB905474\wgasetup.exe [2011-10-15 02:18]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

Trusted Zone: rexplorer.net

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\Sonia Evans\Application Data\Mozilla\Firefox\Profiles\axuvh315.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - user.js: yahoo.homepage.dontask - true

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-11-22 02:17

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\druudwilx]

"ServiceDll"="c:\windows\system32\vrcrs.dll"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(224)

c:\windows\system32\webcheck.dll

c:\windows\system32\IEFRAME.dll

c:\windows\system32\msls31.dll

c:\windows\system32\OneX.DLL

c:\windows\system32\eappprxy.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\System32\locator.exe

c:\windows\system32\wdfmgr.exe

.

**************************************************************************

.

Completion time: 2011-11-22 02:21:44 - machine was rebooted

ComboFix-quarantined-files.txt 2011-11-22 07:21

ComboFix2.txt 2011-11-21 05:10

ComboFix3.txt 2011-11-19 14:33

ComboFix4.txt 2011-10-21 02:31

ComboFix5.txt 2011-11-22 04:21

.

Pre-Run: 78,782,857,216 bytes free

Post-Run: 78,741,585,920 bytes free

.

- - End Of File - - 892E96542F3A3EA3FCDD01DDCFD803B5

Link to post
Share on other sites

THIS was from AT&T today!!!

-----Original Message-----

From: Bellsouth Internet Services Security Center [mailto:abuse@att.net]

Sent: 11/21/2011 3:17 PM

To: soniabevans@ymail.com; speedqueen@bellsouth.net

Subject: Warning! Your Bellsouth Member ID is: speedqueen@bellsouth.net IP:

74.184.171.119 (issue 8106)

***********************************************************

For the fastest response, please ensure that you retain the

subject line, and direct all replies to this warning letter

to abuse@att.net.

***********************************************************

IMPORTANT COMPUTER SAFETY NOTICE from AT&T Internet Services

Security Center -"Conficker Traffic Detected"

Sonia Brown,

Our investigation shows the following IP was assigned to your log-on

session at the indicated time and was being used to provide DNS

services to a zombie computer network, also known as a Botnet.

At Wed, 16 Nov 2011 10:26:29 +0000, your IP address was: 74.184.171.119

Type of infection (if known): downadup

Source Port: 2504

Destination IP: 149.20.56.33

Botnets are networks of compromised computers under the control of a

hacker or group of hackers. Botnets are often used to conduct various

attacks ranging from denial of service attacks on websites, to

spamming, click fraud, and distribution of malicious software.

Based on our data we believe the specific malware you are infected with

is known as "Conficker". We recommend you check your computer(s)

with the following link:

http://www.confickerworkinggroup.org/infection_test/cfeyechart.html

To address this problem we ask that you immediately take the following

steps to secure your network:

1. If your computer(s) are managed by an Information Technology (IT)

group at your place of work, then contact them immediately.

2. AT&T offers a free online scan tool PC Health Check that will scan

for virus/spyware activity. https://pccheck.att.com/index.aspx?RID=AG

3. If your computer(s) are personally owned, then update the security

software on your system (follow the instructions on your vendor's

website). You might also consider installing new security software such

as AT&T Security Suite. http://www.att.net/iss (You must be logged in

with the Master Account ID to download AT&T Security Suite).

4. If you are an advanced user, then consider reimaging your

computer(s) and installing the necessary software patches. For less

advanced users, this can be done by a third party such as AT&T Connect

Tech. https://remotesupport.att.com/index.aspx AT&T Computer

consultants trained to clean infected machines might also be located in

your area (you can search at yp.com).

5. In all cases, please respond by forwarding this email to:

abuse@att.net with an acknowledgement of: "I am taking steps to address

this infection." When we receive such an acknowledgment, we can

maintain the high quality of service you expect from us. We welcome

feedback on what removal tools or method were used.

Although the activity is likely unintentional, it is still in violation

of AT&T's Acceptable Use Policy. To review the AT&T Acceptable Use

Policy, go to:

http://www.corp.att.com/aup/

Below are some additional sites you can visit for tools or information:

AT&T PC Health Check - Online virus, malware and spyware scan.

https://pccheck.att.com/index.aspx?RID=AG

Microsoft Systems Anti-virus:

http://www.microsoft.com/security_essentials/

Microsoft Safety Scanner:

http://www.microsoft.com/security/scanner/en-us/default.aspx

Apple Systems Anti-virus:

http://www.apple.com/downloads/macosx/networking_security/avastantivirusmace

dition.html

We also recommend you run anti-spyware application, like Malwarebytes

Anti-Malware or Spybot: http://malwarebytes.org/mbam.php

http://www.safer-networking.org/en/index.html

More Conficker specific links are listed below. Many of these sites

will be inaccessible from a Conficker infected system, so you might

have to download from another system and bring the tool to the infected

system. All of these tools, as far as we know are free to download and

use. They are listed in no specific order except alphabetical.

Vendor Link

Notes

ESET http://download.eset.com/special/EConfickerRemover.exe

(ESET's Threat Encyclopaedia -

http://www.eset.eu/encyclopaedia/conficker_aa_trojan_win32_agent_bbof_w32_do

wnadup_b_w32_conficker_worm_gen_a)

Kaspersky http://support.kaspersky.com/downloads/utils/kk.zip

(How to remove network worm Net-Worm.Win32.Kido -

http://support.kaspersky.com/faq/?qid=208279973)

McAfee http://vil.nai.com/vil/stinger/

(McAfee's Page on Protecting yourself from Conficker -

http://www.mcafee.com/us/threat_center/conficker.html)

Sunbelt Software http://www.sunbeltsecurity.com/DownLoads.aspx

(Sunbelt Threat Advisory - http://www.sunbeltsecurity.com/advisory.aspx)

Symantec

http://www.symantec.com/content/en/us/global/removal_tool/threat_writeups/D.

exe (W32.Downadup - Removal -

http://www.symantec.com/security_response/writeup.jsp?docid=2008-112203-2408

-99&tabid=3)

Trend Micro

http://www.trendmicro.com/ftp/products/pattern/spyware/fixtool/SysClean-WORM

_DOWNAD.zip (WORM_DOWNAD.E -

http://threatinfo.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_

DOWNAD.E&VSect=P)

Regards,

AT&T Internet Services Security Center

SAFETY NOTE: We have included links in this email as a convenience.

Please note that it is always safer to copy and paste URLs included in

email directly into your browser to reach the referenced site.

77geb48dd0c599r86b6b1b5ed5482p

Link to post
Share on other sites

1. Very important: First disconnect your computer from the internet.

2. Router Reset: Next you must reset the router to its default configuration. This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).

3. Reset the IP/DNS settings of your interent connection:

  • Go to Start -> Control Panel -> Double click on Network Connections.
  • Right click on your default connection (usually Local Area Connection or Wireless Network Connection) and select Properties.
  • Select the General tab.
  • Double click on Internet Protocol (TCP/IP).
    • Under General tab:
      • Select "Obtain an IP address automatically".
      • Select "Obtain DNS server address automatically".

    [*]Click OK twice to save the settings.

    [*]Reboot if you had to change any setting.

4. Flush the DNS cache:

  • Click the Start logo in the bottom left corner of the screen
  • Click on Run
  • In the command window copy/paste the following:
    IPCONFIG /release 

    IPCONFIG /flushdns

    IPCONFIG /renew


  • Then hit enter.
  • Exit the command window.

5. Reconnect: Once you have followed all the above steps you can reconnect your computer to the internet.

Now run a new Combofix scan

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.