Jump to content

System check removal


Recommended Posts

I am running XP on my system. I followed directions tp ran a dds scan, however, when can completes, the computer freezes and I do not receive the scan log that I need to post. I cannot run a scan using malwarebytes and all icons are hidden. I am also experiencing redirects.

Please advise on where to begin to remove this problem,.

Link to post
Share on other sites

Hello wodeson! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Please start with these instructions here:

http://forums.malwarebytes.org/index.php?showtopic=85715

If they working, try again with DDS and post the log files.

If not, let me know what was going on there.

Link to post
Share on other sites

I was able to unhide my icons and run a quick scan using MB. However, when I run the DSS scan, the cursor turns to the hourglass after the scan is complete and no log is opened. While I am able to browse the net, the computer seems very slow. I did download TrojanKiller beofre I reached out to you. I ran the uninstall but the icon is still on my desktop. Is this another malicious program?

Here is the report from the MB quick scan:

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Database version: v2012.02.07.05

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)

Internet Explorer 8.0.6001.18702

Administrator :: ANONYMOUS [administrator]

2/7/2012 8:45:38 PM

mbam-log-2012-02-07 (20-45-38).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 166018

Time elapsed: 4 minute(s), 59 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|NGpTbpTyTEb.exe (Trojan.FakeAlert) -> Data: C:\Documents and Settings\All Users\Application Data\NGpTbpTyTEb.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 6

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowControlPanel (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowRun (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

Folders Detected: 0

(No malicious items detected)

Files Detected: 2

C:\Documents and Settings\All Users\Application Data\NGpTbpTyTEb.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Kvs8Fd5pUHx4R2.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

(end)

Link to post
Share on other sites

Can you post a link so I can download the DSS scan? I removed the previous version I had installed.

Here is log from MB when scan was peformed in normal mode:

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Database version: v2012.02.08.02

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Administrator :: ANONYMOUS [administrator]

2/8/2012 2:44:56 PM

mbam-log-2012-02-08 (14-44-56).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 167144

Time elapsed: 9 minute(s), 35 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

I downloaded and ran both options for the dss scan, but niether scan completed or posted a log after 10+ minutes. Each scan did freeze the computer and it had to be manually restarted. While the scan was in process, the screen seemed to flicker every 30 seconds or so.

The computer's performance is signifigantly slower, much like there are many processes happening at once.

Please let me know how to proceed. Thanks!!!

Link to post
Share on other sites

Step 1

Download the latest version of TDSSKiller from here and save it to your Desktop.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg
  7. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 2

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

In your next reply, please post the following log files:

  • TDSSKiller log
  • OTL log with Extras.txt

Link to post
Share on other sites

The OTL scan will not finish. It reads "scanning firefox settings" and does nothing further. I forced closed the program after scanning for 20 minutes each time.

Here is TDSSKILLER log:

20:11:45.0910 3652 TDSS rootkit removing tool 2.7.10.0 Feb 7 2012 15:14:46

20:11:46.0363 3652 ============================================================

20:11:46.0363 3652 Current date / time: 2012/02/08 20:11:46.0363

20:11:46.0363 3652 SystemInfo:

20:11:46.0363 3652

20:11:46.0363 3652 OS Version: 5.1.2600 ServicePack: 3.0

20:11:46.0363 3652 Product type: Workstation

20:11:46.0363 3652 ComputerName: ANONYMOUS

20:11:46.0363 3652 UserName: Administrator

20:11:46.0363 3652 Windows directory: C:\WINDOWS

20:11:46.0363 3652 System windows directory: C:\WINDOWS

20:11:46.0363 3652 Processor architecture: Intel x86

20:11:46.0363 3652 Number of processors: 1

20:11:46.0363 3652 Page size: 0x1000

20:11:46.0363 3652 Boot type: Normal boot

20:11:46.0363 3652 ============================================================

20:11:48.0878 3652 Drive \Device\Harddisk0\DR0 - Size: 0x950A60000 (37.26 Gb), SectorSize: 0x200, Cylinders: 0x1300, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

20:11:48.0878 3652 \Device\Harddisk0\DR0:

20:11:48.0878 3652 MBR used

20:11:48.0878 3652 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A81400

20:11:48.0910 3652 Initialize success

20:11:48.0910 3652 ============================================================

20:12:51.0519 3260 ============================================================

20:12:51.0519 3260 Scan started

20:12:51.0519 3260 Mode: Manual; SigCheck; TDLFS;

20:12:51.0519 3260 ============================================================

20:12:52.0035 3260 Abiosdsk - ok

20:12:52.0082 3260 abp480n5 - ok

20:12:52.0144 3260 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

20:12:54.0800 3260 ACPI - ok

20:12:54.0957 3260 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

20:12:55.0175 3260 ACPIEC - ok

20:12:55.0222 3260 adpu160m - ok

20:12:55.0285 3260 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

20:12:55.0472 3260 aec - ok

20:12:55.0550 3260 AFD (f6b7b1ecd7b41736bdb6ff4b092bcb79) C:\WINDOWS\System32\drivers\afd.sys

20:12:55.0613 3260 AFD - ok

20:12:55.0644 3260 Aha154x - ok

20:12:55.0675 3260 aic78u2 - ok

20:12:55.0707 3260 aic78xx - ok

20:12:55.0769 3260 AliIde - ok

20:12:55.0832 3260 amsint - ok

20:12:55.0925 3260 ApfiltrService (090880e9bf20f928bc341f96d27c019e) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys

20:12:55.0988 3260 ApfiltrService - ok

20:12:56.0160 3260 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

20:12:56.0441 3260 Arp1394 - ok

20:12:56.0550 3260 asc - ok

20:12:56.0566 3260 asc3350p - ok

20:12:56.0582 3260 asc3550 - ok

20:12:57.0425 3260 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

20:12:57.0597 3260 AsyncMac - ok

20:12:57.0644 3260 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

20:12:57.0832 3260 atapi - ok

20:12:57.0847 3260 Atdisk - ok

20:12:57.0894 3260 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

20:12:58.0050 3260 Atmarpc - ok

20:12:58.0082 3260 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

20:12:58.0269 3260 audstub - ok

20:12:58.0300 3260 bcm4sbxp (cd4646067cc7dcba1907fa0acf7e3966) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys

20:12:58.0332 3260 bcm4sbxp - ok

20:12:58.0378 3260 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

20:12:58.0566 3260 Beep - ok

20:12:58.0613 3260 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

20:12:58.0785 3260 cbidf2k - ok

20:12:58.0800 3260 cd20xrnt - ok

20:12:58.0832 3260 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

20:12:58.0988 3260 Cdaudio - ok

20:12:59.0003 3260 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

20:12:59.0207 3260 Cdfs - ok

20:12:59.0222 3260 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys

20:12:59.0269 3260 Cdrom - ok

20:12:59.0285 3260 Changer - ok

20:12:59.0316 3260 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

20:12:59.0472 3260 CmBatt - ok

20:12:59.0488 3260 CmdIde - ok

20:12:59.0503 3260 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

20:12:59.0675 3260 Compbatt - ok

20:12:59.0691 3260 Cpqarray - ok

20:12:59.0707 3260 dac2w2k - ok

20:12:59.0722 3260 dac960nt - ok

20:12:59.0769 3260 Disk (47b6aaec570f2c11d8bad80a064d8ed1) C:\WINDOWS\system32\DRIVERS\disk.sys

20:12:59.0832 3260 Disk - ok

20:12:59.0894 3260 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

20:13:00.0144 3260 dmboot - ok

20:13:00.0300 3260 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

20:13:00.0457 3260 dmio - ok

20:13:00.0503 3260 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

20:13:00.0675 3260 dmload - ok

20:13:00.0722 3260 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

20:13:00.0878 3260 DMusic - ok

20:13:00.0910 3260 dpti2o - ok

20:13:00.0957 3260 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

20:13:01.0144 3260 drmkaud - ok

20:13:01.0207 3260 exFat (4d893323dae445e34a4c9038b0551bc9) C:\WINDOWS\system32\drivers\exFat.sys

20:13:01.0253 3260 exFat - ok

20:13:01.0316 3260 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

20:13:01.0472 3260 Fastfat - ok

20:13:01.0488 3260 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

20:13:01.0660 3260 Fdc - ok

20:13:01.0707 3260 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

20:13:01.0894 3260 Fips - ok

20:13:01.0925 3260 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

20:13:02.0082 3260 Flpydisk - ok

20:13:02.0128 3260 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

20:13:02.0285 3260 FltMgr - ok

20:13:02.0316 3260 Fs_Rec (30d42943a54704ef13e2562911dbfcea) C:\WINDOWS\system32\drivers\Fs_Rec.sys

20:13:02.0347 3260 Fs_Rec - ok

20:13:02.0394 3260 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

20:13:02.0582 3260 Ftdisk - ok

20:13:02.0691 3260 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

20:13:02.0707 3260 GEARAspiWDM - ok

20:13:02.0753 3260 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

20:13:02.0941 3260 Gpc - ok

20:13:03.0003 3260 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

20:13:03.0160 3260 HidUsb - ok

20:13:03.0175 3260 hpn - ok

20:13:03.0253 3260 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

20:13:03.0300 3260 HTTP - ok

20:13:03.0316 3260 i2omgmt - ok

20:13:03.0332 3260 i2omp - ok

20:13:03.0378 3260 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

20:13:03.0972 3260 i8042prt - ok

20:13:04.0003 3260 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

20:13:04.0238 3260 Imapi - ok

20:13:04.0269 3260 ini910u - ok

20:13:04.0285 3260 IntelIde - ok

20:13:04.0316 3260 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

20:13:04.0472 3260 intelppm - ok

20:13:04.0503 3260 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

20:13:04.0675 3260 Ip6Fw - ok

20:13:04.0722 3260 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

20:13:04.0878 3260 IpFilterDriver - ok

20:13:04.0894 3260 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

20:13:05.0066 3260 IpInIp - ok

20:13:05.0113 3260 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

20:13:05.0285 3260 IpNat - ok

20:13:05.0332 3260 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

20:13:05.0503 3260 IPSec - ok

20:13:05.0550 3260 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

20:13:05.0613 3260 IRENUM - ok

20:13:05.0660 3260 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

20:13:06.0644 3260 isapnp - ok

20:13:06.0753 3260 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

20:13:06.0957 3260 Kbdclass - ok

20:13:06.0988 3260 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

20:13:07.0160 3260 kbdhid - ok

20:13:07.0222 3260 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

20:13:07.0394 3260 kmixer - ok

20:13:07.0425 3260 KSecDD (c6ebf1d6ad71df30db49b8d3287e1368) C:\WINDOWS\system32\drivers\KSecDD.sys

20:13:07.0519 3260 KSecDD - ok

20:13:07.0535 3260 lbrtfdc - ok

20:13:07.0582 3260 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

20:13:07.0753 3260 Modem - ok

20:13:07.0800 3260 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

20:13:07.0957 3260 Mouclass - ok

20:13:08.0019 3260 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

20:13:08.0207 3260 mouhid - ok

20:13:08.0222 3260 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

20:13:08.0363 3260 MountMgr - ok

20:13:08.0378 3260 mraid35x - ok

20:13:08.0441 3260 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS

20:13:08.0457 3260 MREMP50 ( UnsignedFile.Multi.Generic ) - warning

20:13:08.0457 3260 MREMP50 - detected UnsignedFile.Multi.Generic (1)

20:13:08.0472 3260 MREMP50a64 - ok

20:13:08.0503 3260 MREMPR5 - ok

20:13:08.0503 3260 MRENDIS5 - ok

20:13:08.0535 3260 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS

20:13:08.0550 3260 MRESP50 ( UnsignedFile.Multi.Generic ) - warning

20:13:08.0550 3260 MRESP50 - detected UnsignedFile.Multi.Generic (1)

20:13:08.0550 3260 MRESP50a64 - ok

20:13:08.0613 3260 MRxDAV (65e818c473e220b6ab762e1966296fd1) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

20:13:08.0660 3260 MRxDAV - ok

20:13:08.0816 3260 MRxSmb (fb2fccc70f7174c7bf64f48e96d3adf4) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

20:13:08.0894 3260 MRxSmb - ok

20:13:08.0925 3260 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

20:13:09.0113 3260 Msfs - ok

20:13:09.0175 3260 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

20:13:09.0347 3260 MSKSSRV - ok

20:13:09.0378 3260 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

20:13:09.0550 3260 MSPCLOCK - ok

20:13:09.0566 3260 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

20:13:09.0738 3260 MSPQM - ok

20:13:09.0769 3260 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

20:13:09.0957 3260 mssmbios - ok

20:13:09.0988 3260 Mup (f7b1ad991491f02af6da70b00b8bf114) C:\WINDOWS\system32\drivers\Mup.sys

20:13:10.0050 3260 Mup - ok

20:13:10.0066 3260 NDIS (b5b1080d35974c0e718d64280761bcd5) C:\WINDOWS\system32\drivers\NDIS.sys

20:13:10.0160 3260 NDIS - ok

20:13:10.0222 3260 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

20:13:10.0269 3260 NdisTapi - ok

20:13:10.0316 3260 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

20:13:10.0519 3260 Ndisuio - ok

20:13:10.0582 3260 NdisWan (b053a8411045fd0664b389a090cb2bbc) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

20:13:10.0597 3260 NdisWan - ok

20:13:10.0753 3260 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

20:13:10.0800 3260 NDProxy - ok

20:13:10.0832 3260 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

20:13:10.0988 3260 NetBIOS - ok

20:13:11.0019 3260 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

20:13:11.0238 3260 NetBT - ok

20:13:11.0285 3260 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

20:13:11.0457 3260 NIC1394 - ok

20:13:11.0472 3260 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

20:13:11.0644 3260 Npfs - ok

20:13:11.0707 3260 Ntfs (4c51d5275ae8a16999edfe7e647d00de) C:\WINDOWS\system32\drivers\Ntfs.sys

20:13:11.0800 3260 Ntfs - ok

20:13:11.0832 3260 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

20:13:11.0988 3260 Null - ok

20:13:12.0019 3260 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

20:13:12.0207 3260 NwlnkFlt - ok

20:13:12.0222 3260 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

20:13:12.0378 3260 NwlnkFwd - ok

20:13:12.0394 3260 ohci1394 (2553f7c60b8d291b5a812245e6d4da6e) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

20:13:12.0472 3260 ohci1394 - ok

20:13:12.0503 3260 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

20:13:12.0675 3260 Parport - ok

20:13:12.0691 3260 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

20:13:12.0847 3260 PartMgr - ok

20:13:12.0878 3260 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

20:13:13.0066 3260 ParVdm - ok

20:13:13.0082 3260 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

20:13:13.0253 3260 PCI - ok

20:13:13.0269 3260 PCIDump - ok

20:13:13.0285 3260 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

20:13:13.0441 3260 PCIIde - ok

20:13:13.0488 3260 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

20:13:13.0675 3260 Pcmcia - ok

20:13:13.0769 3260 PDCOMP - ok

20:13:13.0785 3260 PDFRAME - ok

20:13:13.0800 3260 PDRELI - ok

20:13:13.0816 3260 PDRFRAME - ok

20:13:13.0832 3260 perc2 - ok

20:13:13.0847 3260 perc2hib - ok

20:13:13.0894 3260 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

20:13:14.0082 3260 PptpMiniport - ok

20:13:14.0097 3260 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

20:13:14.0269 3260 PSched - ok

20:13:14.0300 3260 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

20:13:14.0488 3260 Ptilink - ok

20:13:14.0503 3260 ql1080 - ok

20:13:14.0519 3260 Ql10wnt - ok

20:13:14.0535 3260 ql12160 - ok

20:13:14.0550 3260 ql1240 - ok

20:13:14.0566 3260 ql1280 - ok

20:13:14.0582 3260 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

20:13:14.0753 3260 RasAcd - ok

20:13:14.0769 3260 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

20:13:14.0941 3260 Rasl2tp - ok

20:13:14.0972 3260 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

20:13:15.0160 3260 RasPppoe - ok

20:13:15.0175 3260 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

20:13:15.0363 3260 Raspti - ok

20:13:15.0410 3260 Rdbss (77050c6615f6eb5402f832b27fd695e0) C:\WINDOWS\system32\DRIVERS\rdbss.sys

20:13:15.0441 3260 Rdbss - ok

20:13:15.0457 3260 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

20:13:15.0613 3260 RDPCDD - ok

20:13:15.0660 3260 rdpdr (c694a927eb7c354f7ae97955043a9641) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

20:13:15.0691 3260 rdpdr - ok

20:13:15.0738 3260 RDPWD (3348e61a78ba4f79c795aad6565d3b6f) C:\WINDOWS\system32\drivers\RDPWD.sys

20:13:15.0785 3260 RDPWD - ok

20:13:15.0816 3260 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

20:13:15.0972 3260 redbook - ok

20:13:16.0050 3260 rspndr (743d7d59767073a617b1dcc6c546f234) C:\WINDOWS\system32\DRIVERS\rspndr.sys

20:13:16.0082 3260 rspndr - ok

20:13:16.0128 3260 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys

20:13:16.0722 3260 sdbus - ok

20:13:16.0769 3260 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

20:13:16.0832 3260 Secdrv - ok

20:13:16.0925 3260 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

20:13:17.0097 3260 Serial - ok

20:13:17.0160 3260 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

20:13:17.0316 3260 Sfloppy - ok

20:13:17.0363 3260 Simbad - ok

20:13:17.0378 3260 Sparrow - ok

20:13:17.0425 3260 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

20:13:17.0582 3260 splitter - ok

20:13:17.0644 3260 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

20:13:17.0707 3260 sr - ok

20:13:17.0785 3260 Srv (9b390283569ea58d43d2586032b892f5) C:\WINDOWS\system32\DRIVERS\srv.sys

20:13:17.0863 3260 Srv - ok

20:13:17.0894 3260 STAC97 (305cc42945a713347f978d78566113f3) C:\WINDOWS\system32\drivers\STAC97.sys

20:13:17.0957 3260 STAC97 - ok

20:13:17.0972 3260 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

20:13:18.0144 3260 swenum - ok

20:13:18.0191 3260 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

20:13:18.0363 3260 swmidi - ok

20:13:18.0394 3260 symc810 - ok

20:13:18.0410 3260 symc8xx - ok

20:13:18.0425 3260 sym_hi - ok

20:13:18.0441 3260 sym_u3 - ok

20:13:18.0472 3260 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

20:13:18.0644 3260 sysaudio - ok

20:13:18.0894 3260 Tcpip (ba8c046d98345129723e6bcaa1e8ab99) C:\WINDOWS\system32\DRIVERS\tcpip.sys

20:13:19.0347 3260 Tcpip ( UnsignedFile.Multi.Generic ) - warning

20:13:19.0347 3260 Tcpip - detected UnsignedFile.Multi.Generic (1)

20:13:19.0441 3260 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

20:13:19.0613 3260 TDPIPE - ok

20:13:19.0644 3260 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

20:13:19.0800 3260 TDTCP - ok

20:13:19.0878 3260 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

20:13:20.0019 3260 TermDD - ok

20:13:20.0050 3260 TosIde - ok

20:13:20.0097 3260 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

20:13:20.0300 3260 Udfs - ok

20:13:20.0316 3260 ultra - ok

20:13:20.0378 3260 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

20:13:20.0535 3260 Update - ok

20:13:20.0582 3260 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys

20:13:20.0628 3260 USBAAPL - ok

20:13:20.0675 3260 usbccgp (c18d6c74953621346df6b0a11f80c1cc) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

20:13:20.0722 3260 usbccgp - ok

20:13:20.0753 3260 usbehci (152ee0baa614388273a0b9ae9c9fd5a0) C:\WINDOWS\system32\DRIVERS\usbehci.sys

20:13:20.0785 3260 usbehci - ok

20:13:20.0816 3260 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

20:13:21.0003 3260 usbhub - ok

20:13:21.0035 3260 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

20:13:21.0222 3260 usbprint - ok

20:13:21.0285 3260 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

20:13:21.0457 3260 usbscan - ok

20:13:21.0488 3260 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

20:13:21.0644 3260 USBSTOR - ok

20:13:21.0722 3260 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

20:13:21.0863 3260 usbuhci - ok

20:13:21.0925 3260 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

20:13:22.0082 3260 VgaSave - ok

20:13:22.0113 3260 ViaIde - ok

20:13:22.0128 3260 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

20:13:22.0316 3260 VolSnap - ok

20:13:22.0472 3260 w29n51 (f0608f3b5b6d16f4870e867f9d069b6b) C:\WINDOWS\system32\DRIVERS\w29n51.sys

20:13:22.0675 3260 w29n51 - ok

20:13:22.0738 3260 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

20:13:22.0910 3260 Wanarp - ok

20:13:22.0957 3260 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys

20:13:23.0035 3260 WDC_SAM - ok

20:13:23.0050 3260 WDICA - ok

20:13:23.0097 3260 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

20:13:23.0269 3260 wdmaud - ok

20:13:23.0425 3260 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

20:13:23.0597 3260 WS2IFSL - ok

20:13:23.0628 3260 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

20:13:23.0675 3260 WudfPf - ok

20:13:23.0707 3260 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

20:13:23.0722 3260 WudfRd - ok

20:13:23.0753 3260 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

20:13:23.0800 3260 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected

20:13:23.0800 3260 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)

20:13:23.0863 3260 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

20:13:23.0863 3260 \Device\Harddisk0\DR0 - detected TDSS File System (1)

20:13:23.0863 3260 Boot (0x1200) (b2eea4a9c5c21d39f7602c54d53507b3) \Device\Harddisk0\DR0\Partition0

20:13:23.0863 3260 \Device\Harddisk0\DR0\Partition0 - ok

20:13:23.0863 3260 ============================================================

20:13:23.0863 3260 Scan finished

20:13:23.0863 3260 ============================================================

20:13:23.0988 1772 Detected object count: 5

20:13:23.0988 1772 Actual detected object count: 5

20:13:50.0050 1772 MREMP50 ( UnsignedFile.Multi.Generic ) - skipped by user

20:13:50.0050 1772 MREMP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip

20:13:50.0050 1772 MRESP50 ( UnsignedFile.Multi.Generic ) - skipped by user

20:13:50.0050 1772 MRESP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip

20:13:50.0050 1772 Tcpip ( UnsignedFile.Multi.Generic ) - skipped by user

20:13:50.0050 1772 Tcpip ( UnsignedFile.Multi.Generic ) - User select action: Skip

20:13:50.0800 1772 \Device\Harddisk0\DR0\# - copied to quarantine

20:13:50.0800 1772 \Device\Harddisk0\DR0 - copied to quarantine

20:13:50.0957 1772 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine

20:13:51.0050 1772 \Device\Harddisk0\DR0\TDLFS\vbr - copied to quarantine

20:13:51.0128 1772 \Device\Harddisk0\DR0\TDLFS\bid - copied to quarantine

20:13:51.0128 1772 \Device\Harddisk0\DR0\TDLFS\affid - copied to quarantine

20:13:51.0128 1772 \Device\Harddisk0\DR0\TDLFS\boot - copied to quarantine

20:13:51.0160 1772 \Device\Harddisk0\DR0\TDLFS\cmd32 - copied to quarantine

20:13:51.0160 1772 \Device\Harddisk0\DR0\TDLFS\cmd64 - copied to quarantine

20:13:51.0175 1772 \Device\Harddisk0\DR0\TDLFS\dbg32 - copied to quarantine

20:13:51.0175 1772 \Device\Harddisk0\DR0\TDLFS\dbg64 - copied to quarantine

20:13:51.0207 1772 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine

20:13:51.0410 1772 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine

20:13:51.0457 1772 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine

20:13:51.0457 1772 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine

20:13:51.0457 1772 \Device\Harddisk0\DR0\TDLFS\main - copied to quarantine

20:13:51.0457 1772 \Device\Harddisk0\DR0\TDLFS\subid - copied to quarantine

20:13:51.0472 1772 \Device\Harddisk0\DR0\TDLFS\info - copied to quarantine

20:13:51.0472 1772 \Device\Harddisk0\DR0\TDLFS\mainfb.script - copied to quarantine

20:13:51.0519 1772 \Device\Harddisk0\DR0\TDLFS\com32 - copied to quarantine

20:13:51.0535 1772 \Device\Harddisk0\DR0\TDLFS\bbr232 - copied to quarantine

20:13:51.0660 1772 \Device\Harddisk0\DR0\TDLFS\bbr_conf - copied to quarantine

20:13:51.0738 1772 \Device\Harddisk0\DR0\TDLFS\serf332 - copied to quarantine

20:13:52.0394 1772 \Device\Harddisk0\DR0\TDLFS\sant32 - copied to quarantine

20:13:52.0597 1772 \Device\Harddisk0\DR0\TDLFS\serf_conf - copied to quarantine

20:13:52.0597 1772 \Device\Harddisk0\DR0\TDLFS\time.txt - copied to quarantine

20:13:52.0660 1772 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot

20:13:52.0660 1772 \Device\Harddisk0\DR0 - ok

20:13:52.0660 1772 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure

20:13:52.0675 1772 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

20:13:52.0675 1772 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Link to post
Share on other sites

Combofix log

ComboFix 12-02-08.02 - Administrator 02/08/2012 22:54:16.1.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.68 [GMT 1:00]

Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\~Kvs8Fd5pUHx4R2

c:\documents and settings\All Users\Application Data\~Kvs8Fd5pUHx4R2r

c:\documents and settings\All Users\Application Data\Kvs8Fd5pUHx4R2

c:\documents and settings\All Users\Application Data\TEMP

c:\program files\CouponAlert_2pEI

.

.

((((((((((((((((((((((((( Files Created from 2012-01-08 to 2012-02-08 )))))))))))))))))))))))))))))))

.

.

2012-02-08 19:13 . 2012-02-08 19:13 -------- d-----w- C:\TDSSKiller_Quarantine

2012-02-08 13:28 . 2012-02-08 13:28 -------- d-----w- c:\windows\system32\wbem\Repository

2012-02-08 13:24 . 2012-02-08 13:24 -------- d-----w- c:\windows\LastGood(2)

2012-02-02 14:07 . 2012-02-07 20:01 -------- d-----w- c:\program files\GridinSoft Trojan Killer

2012-01-14 15:59 . 2012-01-14 16:51 -------- d-----w- c:\program files\PC Tools Security

2012-01-11 18:37 . 2011-11-03 15:27 386048 ------w- c:\windows\system32\dllcache\qdvd.dll

2012-01-11 18:37 . 2011-10-14 14:47 23040 ------w- c:\windows\system32\dllcache\mciseq.dll

2012-01-11 18:37 . 2011-10-14 14:47 176128 ------w- c:\windows\system32\dllcache\winmm.dll

2012-01-11 18:37 . 2011-11-18 12:35 60416 ------w- c:\windows\system32\dllcache\packager.exe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-10 14:24 . 2011-11-21 20:35 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-25 21:56 . 2009-02-13 06:27 293376 ----a-w- c:\windows\system32\winsrv.dll

2011-11-23 13:29 . 2009-02-13 06:27 1868544 ----a-w- c:\windows\system32\win32k.sys

2011-11-18 12:35 . 2008-04-14 11:00 60416 ----a-w- c:\windows\system32\packager.exe

2011-11-16 14:20 . 2009-02-13 06:26 152064 ----a-w- c:\windows\system32\schannel.dll

2011-11-16 14:20 . 2008-04-14 11:00 354816 ----a-w- c:\windows\system32\winhttp.dll

2011-11-11 03:40 . 2011-11-11 03:40 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-11-11 03:40 . 2011-11-11 03:40 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-11-11 00:56 . 2011-11-11 00:56 398760 ----a-r- c:\windows\system32\cpnprt2.cid

2012-01-08 15:29 . 2011-06-14 16:16 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2009-02-13 . BA8C046D98345129723E6BCAA1E8AB99 . 361600 . . [5.1.2600.5649] . . c:\windows\system32\drivers\tcpip.sys

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys

.

[-] 2009-02-13 . 2547D2CF090AC7636898F16957EBCEDC . 502272 . . [1.0626.6002.16497] . . c:\windows\system32\usp10.dll

.

.

c:\windows\System32\wscntfy.exe ... is missing !!

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]

"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"_nltide_3"="advpack.dll" [2009-03-08 128512]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-11-13 2057536]

WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-11-13 9117504]

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=

"c:\\Program Files\\Spotify\\spotify.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [11/13/2009 11:28 AM 110592]

R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [6/16/2009 8:58 AM 20480]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2/8/2010 10:47 PM 11520]

.

Contents of the 'Scheduled Tasks' folder

.

2012-01-27 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 10:34]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&ptnrS=CDxdm142YYus&ptb=44E34247-A62B-4CAA-845E-EC5154A3DDA4&si=101497_819fpc

uInternet Settings,ProxyOverride = *.local

TCP: DhcpNameServer = 205.152.111.23 205.152.144.23

FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3qr03o8i.default\

FF - prefs.js: browser.search.selectedEngine - My Web Search

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=44E34247-A62B-4CAA-845E-EC5154A3DDA4&n=77ecdb32&ind=2012011314&id=CDxdm142YYus&ptnrS=CDxdm142YYus&si=101497_819fpc&searchfor=

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-02-08 23:04

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-682003330-1326574676-1177238915-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ec,12,46,7c,1f,a3,b4,44,a7,27,63,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ba,54,44,e4,b5,6c,89,45,8f,c9,68,\

.

Completion time: 2012-02-08 23:07:46

ComboFix-quarantined-files.txt 2012-02-08 22:07

.

Pre-Run: 6,364,311,552 bytes free

Post-Run: 6,641,135,616 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

.

- - End Of File - - 5F7E281A9AB134E8A60BFC9F96F95127

Link to post
Share on other sites

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Mia::
c:\windows\System32\wscntfy.exe

SRPeek::
c:\windows\system32\usp10.dll

FCopy::
c:\windows\system32\dllcache\tcpip.sys | c:\windows\system32\drivers\tcpip.sys

DDS::
uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&ptnrS=CDxdm142YYus&ptb=44E34247-A62B-4CAA-845E-EC5154A3DDA4&si=101497_819fpc

FireFox::
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3qr03o8i.default\
FF - prefs.js: browser.search.selectedEngine - My Web Search
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=44E34247-A62B-4CAA-845E-EC5154A3DDA4&n=77ecdb32&ind=2012011314&id=CDxdm142YYus&ptnrS=CDxdm142YYus&si=101497_819fpc&searchfor=

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites

combofix lig:

ComboFix 12-02-08.02 - Administrator 02/10/2012 3:21.2.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.174 [GMT 1:00]

Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\System32\wscntfy.exe . . . is missing!!

.

.

--------------- FCopy ---------------

.

c:\windows\system32\dllcache\tcpip.sys --> c:\windows\system32\drivers\tcpip.sys

.

((((((((((((((((((((((((( Files Created from 2012-01-10 to 2012-02-10 )))))))))))))))))))))))))))))))

.

.

2012-02-08 19:13 . 2012-02-08 19:13 -------- d-----w- C:\TDSSKiller_Quarantine

2012-02-08 13:28 . 2012-02-08 13:28 -------- d-----w- c:\windows\system32\wbem\Repository

2012-02-08 13:24 . 2012-02-08 13:24 -------- d-----w- c:\windows\LastGood(2)

2012-02-02 14:07 . 2012-02-07 20:01 -------- d-----w- c:\program files\GridinSoft Trojan Killer

2012-01-14 15:59 . 2012-01-14 16:51 -------- d-----w- c:\program files\PC Tools Security

2012-01-11 18:37 . 2011-11-03 15:27 386048 ------w- c:\windows\system32\dllcache\qdvd.dll

2012-01-11 18:37 . 2011-10-14 14:47 23040 ------w- c:\windows\system32\dllcache\mciseq.dll

2012-01-11 18:37 . 2011-10-14 14:47 176128 ------w- c:\windows\system32\dllcache\winmm.dll

2012-01-11 18:37 . 2011-11-18 12:35 60416 ------w- c:\windows\system32\dllcache\packager.exe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-10 14:24 . 2011-11-21 20:35 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-25 21:56 . 2009-02-13 06:27 293376 ----a-w- c:\windows\system32\winsrv.dll

2011-11-23 13:29 . 2009-02-13 06:27 1868544 ----a-w- c:\windows\system32\win32k.sys

2011-11-18 12:35 . 2008-04-14 11:00 60416 ----a-w- c:\windows\system32\packager.exe

2011-11-16 14:20 . 2009-02-13 06:26 152064 ----a-w- c:\windows\system32\schannel.dll

2011-11-16 14:20 . 2008-04-14 11:00 354816 ----a-w- c:\windows\system32\winhttp.dll

2012-01-08 15:29 . 2011-06-14 16:16 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

(((((((((((((((((((((((((((((((((((((((((( SR_Search ))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2009-02-13 . 2547D2CF090AC7636898F16957EBCEDC . 502272 . . [1.0626.6002.16497] . . c:\windows\system32\usp10.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]

"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"_nltide_3"="advpack.dll" [2009-03-08 128512]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-11-13 2057536]

WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-11-13 9117504]

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=

"c:\\Program Files\\Spotify\\spotify.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [11/13/2009 11:28 AM 110592]

R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [6/16/2009 8:58 AM 20480]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2/8/2010 10:47 PM 11520]

.

Contents of the 'Scheduled Tasks' folder

.

2012-01-27 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 10:34]

.

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = *.local

TCP: DhcpNameServer = 205.152.111.23 205.152.144.23

FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3qr03o8i.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-02-10 03:29

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-682003330-1326574676-1177238915-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ec,12,46,7c,1f,a3,b4,44,a7,27,63,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ba,54,44,e4,b5,6c,89,45,8f,c9,68,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(1748)

c:\windows\system32\WININET.dll

c:\windows\system32\msi.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2012-02-10 03:31:35

ComboFix-quarantined-files.txt 2012-02-10 02:31

ComboFix2.txt 2012-02-08 22:07

.

Pre-Run: 6,645,919,744 bytes free

Post-Run: 6,637,801,472 bytes free

.

- - End Of File - - A4B2737AFE4E7FE3E7E127E165F466FC

Link to post
Share on other sites

ComboFix 12-02-13.01 - Administrator 02/13/2012 16:05:28.3.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.275 [GMT 1:00]

Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-01-13 to 2012-02-13 )))))))))))))))))))))))))))))))

.

.

2012-02-13 14:55 . 2001-08-17 11:52 23552 ----a-w- c:\windows\system32\dllcache\OLD24.tmp

2012-02-13 14:55 . 2008-04-13 22:16 48128 ----a-w- c:\windows\system32\dllcache\OLD20.tmp

2012-02-13 14:55 . 2008-04-13 22:10 12288 ----a-w- c:\windows\system32\dllcache\OLD1C.tmp

2012-02-13 14:54 . 2001-08-17 12:06 11264 ----a-w- c:\windows\system32\dllcache\OLD18.tmp

2012-02-13 14:54 . 2011-10-25 13:38 2148864 ----a-w- c:\windows\system32\dllcache\OLD14.tmp

2012-02-13 14:41 . 2001-08-17 11:52 23552 ----a-w- c:\windows\system32\dllcache\abp480n5.sys

2012-02-13 14:40 . 2008-04-13 22:16 48128 ----a-w- c:\windows\system32\dllcache\61883.sys

2012-02-13 14:40 . 2008-04-13 22:10 12288 ----a-w- c:\windows\system32\dllcache\4mmdat.sys

2012-02-13 14:40 . 2001-08-17 12:06 11264 ----a-w- c:\windows\system32\dllcache\1394vdbg.sys

2012-02-13 14:39 . 2012-02-13 14:55 -------- d-----w- c:\windows\LastGood

2012-02-13 14:39 . 2011-10-25 13:38 2148864 ----a-w- c:\windows\system32\dllcache\OLD4.tmp

2012-02-13 14:12 . 2012-02-13 14:12 -------- d-----w- c:\windows\system32\wbem\snmp

2012-02-13 14:11 . 2012-02-13 14:11 -------- d-----w- c:\windows\system32\xircom

2012-02-13 14:11 . 2012-02-13 14:11 -------- d-----w- c:\windows\system32\oobe

2012-02-13 14:11 . 2012-02-13 14:11 -------- d-----w- c:\program files\microsoft frontpage

2012-02-08 19:13 . 2012-02-08 19:13 -------- d-----w- C:\TDSSKiller_Quarantine

2012-02-08 13:28 . 2012-02-08 13:28 -------- d-----w- c:\windows\system32\wbem\Repository

2012-02-02 14:07 . 2012-02-07 20:01 -------- d-----w- c:\program files\GridinSoft Trojan Killer

2012-01-14 15:59 . 2012-01-14 16:51 -------- d-----w- c:\program files\PC Tools Security

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-10 14:24 . 2011-11-21 20:35 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-25 21:56 . 2009-02-13 06:27 293376 ----a-w- c:\windows\system32\winsrv.dll

2011-11-23 13:29 . 2009-02-13 06:27 1868544 ----a-w- c:\windows\system32\win32k.sys

2011-11-18 12:35 . 2008-04-14 11:00 60416 ----a-w- c:\windows\system32\packager.exe

2011-11-16 14:20 . 2009-02-13 06:26 152064 ----a-w- c:\windows\system32\schannel.dll

2011-11-16 14:20 . 2008-04-14 11:00 354816 ----a-w- c:\windows\system32\winhttp.dll

2012-01-08 15:29 . 2011-06-14 16:16 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2009-02-13 . 2547D2CF090AC7636898F16957EBCEDC . 502272 . . [1.0626.6002.16497] . . c:\windows\system32\usp10.dll

.

((((((((((((((((((((((((((((( SnapShot@2012-02-08_22.04.35 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-04-18 21:51 . 2011-04-18 21:51 51024 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_4ddc769f\vcomp90.dll

+ 2011-04-18 21:51 . 2011-04-18 21:51 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90rus.dll

+ 2011-04-18 21:51 . 2011-04-18 21:51 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90kor.dll

+ 2011-04-18 21:51 . 2011-04-18 21:51 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90jpn.dll

+ 2011-04-18 21:51 . 2011-04-18 21:51 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90ita.dll

+ 2011-04-18 21:51 . 2011-04-18 21:51 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90fra.dll

+ 2011-04-18 21:51 . 2011-04-18 21:51 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90esp.dll

+ 2011-04-18 21:51 . 2011-04-18 21:51 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90esn.dll

+ 2011-04-18 21:51 . 2011-04-18 21:51 53584 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90enu.dll

+ 2011-04-18 21:51 . 2011-04-18 21:51 63312 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90deu.dll

+ 2011-04-18 21:51 . 2011-04-18 21:51 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90cht.dll

+ 2011-04-18 21:51 . 2011-04-18 21:51 35664 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90chs.dll

+ 2011-04-18 21:51 . 2011-04-18 21:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfcm90u.dll

+ 2011-04-18 21:51 . 2011-04-18 21:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfcm90.dll

+ 2012-02-13 14:12 . 2012-02-13 14:12 16384 c:\windows\Temp\Perflib_Perfdata_6a0.dat

+ 2008-04-14 11:00 . 2008-04-14 11:00 30749 c:\windows\system32\dllcache\vbajet32.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 25600 c:\windows\system32\dllcache\twunk_32.exe

+ 2008-04-14 11:00 . 2008-04-14 11:00 49680 c:\windows\system32\dllcache\twunk_16.exe

+ 2008-04-14 11:00 . 2008-04-14 11:00 25088 c:\windows\system32\dllcache\slayerxp.dll

+ 2009-02-13 06:26 . 2009-02-13 06:26 66048 c:\windows\system32\dllcache\shimeng.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 77312 c:\windows\system32\dllcache\sdbinst.exe

+ 2008-04-14 11:00 . 2008-04-14 11:00 64000 c:\windows\system32\dllcache\samlib.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 84992 c:\windows\system32\dllcache\olepro32.dll

+ 2009-09-25 21:36 . 2008-04-14 11:00 65536 c:\windows\system32\dllcache\oledb32r.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 20511 c:\windows\system32\dllcache\odtext32.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 20510 c:\windows\system32\dllcache\odpdx32.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 20510 c:\windows\system32\dllcache\odfox32.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 20510 c:\windows\system32\dllcache\odexl32.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 20511 c:\windows\system32\dllcache\oddbse32.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 53279 c:\windows\system32\dllcache\odbcji32.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 94208 c:\windows\system32\dllcache\odbcint.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 65536 c:\windows\system32\dllcache\odbccu32.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 65536 c:\windows\system32\dllcache\odbccr32.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 69632 c:\windows\system32\dllcache\odbcconf.exe

+ 2008-04-14 11:00 . 2008-04-14 11:00 32768 c:\windows\system32\dllcache\odbcad32.exe

+ 2008-04-14 11:00 . 2008-04-14 11:00 16384 c:\windows\system32\dllcache\odbc32gt.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 67584 c:\windows\system32\dllcache\ocmanage.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 64000 c:\windows\system32\dllcache\nwapi32.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 17408 c:\windows\system32\dllcache\nwapi16.dll

+ 2009-09-25 21:36 . 2008-04-14 11:00 10240 c:\windows\system32\dllcache\npwmsdrm.dll

+ 2009-02-13 06:26 . 2009-02-13 06:26 91776 c:\windows\system32\dllcache\ndiswan.sys

+ 2009-09-25 21:36 . 2008-04-14 11:00 24576 c:\windows\system32\dllcache\msxactps.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 61440 c:\windows\system32\dllcache\msvcrt40.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 60192 c:\windows\system32\dllcache\msjter40.dll

+ 2009-09-25 21:36 . 2008-04-14 11:00 36864 c:\windows\system32\dllcache\msdfmap.dll

+ 2009-09-25 21:36 . 2008-04-14 11:00 20480 c:\windows\system32\dllcache\msdatt.dll

+ 2009-09-25 21:36 . 2008-04-14 11:00 16384 c:\windows\system32\dllcache\msdasqlr.dll

+ 2009-09-25 21:36 . 2008-04-14 11:00 16384 c:\windows\system32\dllcache\msdaremr.dll

+ 2009-09-25 21:36 . 2008-04-14 11:00 16384 c:\windows\system32\dllcache\msdaprsr.dll

+ 2009-09-25 21:36 . 2008-04-14 11:00 77824 c:\windows\system32\dllcache\msdaosp.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 36864 c:\windows\system32\dllcache\mscpxl32.dll

+ 2009-09-25 21:36 . 2008-04-14 11:00 57344 c:\windows\system32\dllcache\msadrh15.dll

+ 2009-09-25 21:36 . 2008-04-14 11:00 57344 c:\windows\system32\dllcache\msador15.dll

+ 2009-09-25 21:36 . 2008-04-14 11:00 24576 c:\windows\system32\dllcache\msader15.dll

+ 2009-09-25 21:36 . 2008-04-14 11:00 24576 c:\windows\system32\dllcache\msaddsr.dll

+ 2009-09-25 21:36 . 2008-04-14 11:00 53248 c:\windows\system32\dllcache\msadcs.dll

+ 2009-09-25 21:36 . 2008-04-14 11:00 16384 c:\windows\system32\dllcache\msadcor.dll

+ 2009-09-25 21:36 . 2008-04-14 11:00 16384 c:\windows\system32\dllcache\msadcfr.dll

+ 2009-09-25 21:36 . 2008-04-14 11:00 61440 c:\windows\system32\dllcache\msadcf.dll

+ 2009-09-25 21:36 . 2008-04-14 11:00 20480 c:\windows\system32\dllcache\msadcer.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 22528 c:\windows\system32\dllcache\mfcsubs.dll

+ 2009-02-13 06:25 . 2009-02-13 06:25 11264 c:\windows\system32\dllcache\laprxy.dll

- 2010-04-06 22:43 . 2011-11-04 19:20 25600 c:\windows\system32\dllcache\jsproxy.dll

+ 2009-02-13 06:25 . 2011-11-04 19:20 25600 c:\windows\system32\dllcache\jsproxy.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 75264 c:\windows\system32\dllcache\ipsec.sys

+ 2008-04-14 11:00 . 2008-04-14 11:00 36921 c:\windows\system32\dllcache\imeshare.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 16384 c:\windows\system32\dllcache\ds32gt.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 87040 c:\windows\system32\dllcache\drmstor.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 32768 c:\windows\system32\dllcache\dispex.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 39936 c:\windows\system32\dllcache\dimsroam.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 19456 c:\windows\system32\dllcache\dimsntfy.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 27136 c:\windows\system32\dllcache\ctl3d32.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 62464 c:\windows\system32\dllcache\cryptsvc.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 64512 c:\windows\system32\dllcache\cryptnet.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 53760 c:\windows\system32\dllcache\cryptext.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 33280 c:\windows\system32\dllcache\cryptdll.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 74752 c:\windows\system32\dllcache\cryptdlg.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 16896 c:\windows\system32\dllcache\cfgmgr32.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 62464 c:\windows\system32\dllcache\authz.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 14336 c:\windows\system32\dllcache\auditusr.exe

+ 2008-04-14 11:00 . 2008-04-14 11:00 42496 c:\windows\system32\dllcache\audiosrv.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 12288 c:\windows\system32\dllcache\attrib.exe

+ 2009-09-25 21:37 . 2008-04-14 11:00 11264 c:\windows\system32\dllcache\atrace.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 34816 c:\windows\system32\dllcache\atmpvcno.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 30208 c:\windows\system32\dllcache\atmlib.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 55808 c:\windows\system32\dllcache\atmlane.sys

+ 2008-04-14 11:00 . 2008-04-14 11:00 31360 c:\windows\system32\dllcache\atmepvc.sys

+ 2008-04-14 11:00 . 2008-04-14 11:00 59904 c:\windows\system32\dllcache\atmarpc.sys

+ 2008-04-14 11:00 . 2008-04-14 11:00 11264 c:\windows\system32\dllcache\atmadm.exe

+ 2008-04-14 11:00 . 2009-07-17 19:01 58880 c:\windows\system32\dllcache\atl.dll

- 2010-03-08 13:36 . 2009-07-17 19:01 58880 c:\windows\system32\dllcache\atl.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 13312 c:\windows\system32\dllcache\atkctrs.dll

+ 2008-04-14 11:00 . 2008-04-13 23:10 96512 c:\windows\system32\dllcache\atapi.sys

+ 2008-04-14 11:00 . 2008-04-14 11:00 25088 c:\windows\system32\dllcache\at.exe

+ 2008-04-14 11:00 . 2008-04-14 11:00 14336 c:\windows\system32\dllcache\asyncmac.sys

+ 2008-04-14 11:00 . 2010-03-05 14:37 65536 c:\windows\system32\dllcache\asycfilt.dll

- 2010-06-09 04:46 . 2010-03-05 14:37 65536 c:\windows\system32\dllcache\asycfilt.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 32768 c:\windows\system32\dllcache\asr_pfu.exe

+ 2008-04-14 11:00 . 2008-04-14 11:00 32256 c:\windows\system32\dllcache\asr_ldm.exe

+ 2008-04-14 11:00 . 2008-04-14 11:00 30208 c:\windows\system32\dllcache\asr_fmt.exe

+ 2012-02-13 14:56 . 2001-08-17 11:51 14848 c:\windows\system32\dllcache\asc3550.sys

+ 2012-02-13 14:56 . 2001-08-17 11:52 22400 c:\windows\system32\dllcache\asc3350p.sys

+ 2012-02-13 14:56 . 2001-08-17 11:52 26496 c:\windows\system32\dllcache\asc.sys

+ 2008-04-13 23:21 . 2009-02-13 06:38 60800 c:\windows\system32\dllcache\arp1394.sys

+ 2008-04-14 11:00 . 2008-04-14 11:00 19456 c:\windows\system32\dllcache\arp.exe

+ 2008-04-14 11:00 . 2008-04-14 11:00 12498 c:\windows\system32\dllcache\append.exe

+ 2008-04-14 11:00 . 2008-04-14 11:00 70656 c:\windows\system32\dllcache\amstream.dll

+ 2012-02-13 14:56 . 2001-08-17 11:52 12032 c:\windows\system32\dllcache\amsint.sys

+ 2008-04-13 23:01 . 2009-02-13 06:38 37760 c:\windows\system32\dllcache\amdk7.sys

+ 2008-04-13 23:01 . 2009-02-13 06:38 37376 c:\windows\system32\dllcache\amdk6.sys

+ 2012-02-13 14:56 . 2008-04-13 22:06 43008 c:\windows\system32\dllcache\amdagp.sys

+ 2008-04-14 11:00 . 2008-04-14 11:00 17408 c:\windows\system32\dllcache\alrsvc.dll

+ 2012-02-13 14:56 . 2008-04-13 22:06 42752 c:\windows\system32\dllcache\alim1541.sys

+ 2012-02-13 14:56 . 2001-08-17 11:49 26624 c:\windows\system32\dllcache\alifir.sys

+ 2008-04-14 11:00 . 2008-04-14 11:00 44544 c:\windows\system32\dllcache\alg.exe

+ 2012-02-13 14:56 . 2001-08-17 12:07 56960 c:\windows\system32\dllcache\aic78xx.sys

+ 2012-02-13 14:56 . 2001-08-17 12:07 55168 c:\windows\system32\dllcache\aic78u2.sys

+ 2008-04-14 11:00 . 2008-04-14 11:00 98304 c:\windows\system32\dllcache\ahui.exe

+ 2012-02-13 14:56 . 2001-08-17 11:52 12800 c:\windows\system32\dllcache\aha154x.sys

+ 2008-04-14 11:00 . 2008-04-14 11:00 24064 c:\windows\system32\dllcache\agtintl.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 20480 c:\windows\system32\dllcache\agt0c0a.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 20992 c:\windows\system32\dllcache\agt0816.dll

+ 2009-09-25 23:23 . 2008-04-14 11:00 19456 c:\windows\system32\dllcache\agt0804.dll

+ 2009-09-25 23:21 . 2008-04-14 11:00 19456 c:\windows\system32\dllcache\agt041f.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 19456 c:\windows\system32\dllcache\agt041d.dll

+ 2009-09-25 23:21 . 2008-04-14 11:00 19456 c:\windows\system32\dllcache\agt0419.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 20480 c:\windows\system32\dllcache\agt0416.dll

+ 2009-09-25 23:21 . 2008-04-14 11:00 19456 c:\windows\system32\dllcache\agt0415.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 19456 c:\windows\system32\dllcache\agt0414.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 20992 c:\windows\system32\dllcache\agt0413.dll

+ 2009-09-25 23:23 . 2008-04-14 11:00 19456 c:\windows\system32\dllcache\agt0412.dll

+ 2009-09-25 23:23 . 2008-04-14 11:00 19456 c:\windows\system32\dllcache\agt0411.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 20992 c:\windows\system32\dllcache\agt0410.dll

+ 2009-09-25 23:21 . 2008-04-14 11:00 19968 c:\windows\system32\dllcache\agt040e.dll

+ 2009-09-25 23:23 . 2008-04-14 11:00 19456 c:\windows\system32\dllcache\agt040d.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 21504 c:\windows\system32\dllcache\agt040c.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 19456 c:\windows\system32\dllcache\agt040b.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 19968 c:\windows\system32\dllcache\agt0409.dll

+ 2009-09-25 23:21 . 2008-04-14 11:00 22016 c:\windows\system32\dllcache\agt0408.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 21504 c:\windows\system32\dllcache\agt0407.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 19456 c:\windows\system32\dllcache\agt0406.dll

+ 2009-09-25 23:21 . 2008-04-14 11:00 19456 c:\windows\system32\dllcache\agt0405.dll

+ 2009-09-25 23:23 . 2008-04-14 11:00 19456 c:\windows\system32\dllcache\agt0404.dll

+ 2009-09-25 23:23 . 2008-04-14 11:00 19456 c:\windows\system32\dllcache\agt0401.dll

+ 2012-02-13 14:56 . 2008-04-13 22:06 44928 c:\windows\system32\dllcache\agpcpq.sys

+ 2012-02-13 14:56 . 2008-04-13 22:06 42368 c:\windows\system32\dllcache\agp440.sys

+ 2008-04-14 11:00 . 2008-04-14 11:00 44032 c:\windows\system32\dllcache\agentsr.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 24064 c:\windows\system32\dllcache\agentpsh.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 49152 c:\windows\system32\dllcache\agentmpx.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 57344 c:\windows\system32\dllcache\agentdpv.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 42496 c:\windows\system32\dllcache\agentdp2.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 24064 c:\windows\system32\dllcache\agentanm.dll

+ 2009-02-13 06:25 . 2009-02-13 06:25 68096 c:\windows\system32\dllcache\adsmsext.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 26112 c:\windows\system32\dllcache\adptif.dll

- 2009-03-08 02:32 . 2009-03-08 02:32 72704 c:\windows\system32\dllcache\admparse.dll

+ 2009-02-13 06:25 . 2009-03-08 02:32 72704 c:\windows\system32\dllcache\admparse.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 98304 c:\windows\system32\dllcache\actxprxy.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 11648 c:\windows\system32\dllcache\acpiec.sys

+ 2008-04-14 11:00 . 2008-04-14 11:00 25600 c:\windows\system32\dllcache\aaaamon.dll

+ 2009-02-13 06:25 . 2009-02-13 06:25 53504 c:\windows\system32\dllcache\1394bus.sys

+ 2012-02-13 14:55 . 2001-08-17 11:52 23552 c:\windows\LastGood\system32\dllcache\abp480n5.sys

+ 2012-02-13 14:55 . 2008-04-13 22:16 48128 c:\windows\LastGood\system32\dllcache\61883.sys

+ 2012-02-13 14:55 . 2008-04-13 22:10 12288 c:\windows\LastGood\system32\dllcache\4mmdat.sys

+ 2012-02-13 14:54 . 2001-08-17 12:06 11264 c:\windows\LastGood\system32\dllcache\1394vdbg.sys

+ 2008-04-14 11:00 . 2008-04-14 11:00 9728 c:\windows\system32\dllcache\sfc.exe

+ 2008-04-14 11:00 . 2008-04-14 11:00 5120 c:\windows\system32\dllcache\sfc.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 4569 c:\windows\system32\dllcache\secupd.dat

+ 2008-04-14 11:00 . 2008-04-14 11:00 3584 c:\windows\system32\dllcache\riched32.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 4463 c:\windows\system32\dllcache\oembios.dat

+ 2008-04-14 11:00 . 2008-04-14 11:00 4608 c:\windows\system32\dllcache\mssip32.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 4126 c:\windows\system32\dllcache\msdxmlc.dll

+ 2009-09-25 21:36 . 2008-04-14 11:00 4096 c:\windows\system32\dllcache\msdaurl.dll

+ 2009-09-25 21:36 . 2008-04-14 11:00 4096 c:\windows\system32\dllcache\msdasc.dll

+ 2009-09-25 21:36 . 2008-04-14 11:00 4096 c:\windows\system32\dllcache\msdaer.dll

+ 2009-09-25 21:36 . 2008-04-14 11:00 4096 c:\windows\system32\dllcache\msdaenum.dll

+ 2009-09-25 21:36 . 2008-04-14 11:00 4096 c:\windows\system32\dllcache\msdadc.dll

+ 2009-09-25 21:36 . 2008-04-14 11:00 4639 c:\windows\system32\dllcache\mplayer2.exe

+ 2008-04-14 11:00 . 2008-04-14 11:00 6144 c:\windows\system32\dllcache\kbdpash.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 6144 c:\windows\system32\dllcache\kbdnepr.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 6144 c:\windows\system32\dllcache\kbdiultn.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 6144 c:\windows\system32\dllcache\kbdbhc.dll

+ 2009-09-25 21:36 . 2008-04-14 11:00 7168 c:\windows\system32\dllcache\bitsprx4.dll

+ 2009-09-25 23:30 . 2001-08-17 12:59 3072 c:\windows\system32\dllcache\audstub.sys

+ 2009-02-13 06:25 . 2009-02-13 06:25 7168 c:\windows\system32\dllcache\asferror.dll

+ 2012-02-13 14:56 . 2001-08-17 11:47 6272 c:\windows\system32\dllcache\apmbatt.sys

+ 2008-04-14 11:00 . 2008-04-14 11:00 9029 c:\windows\system32\dllcache\ansi.sys

+ 2012-02-13 14:56 . 2001-08-17 11:51 5248 c:\windows\system32\dllcache\aliide.sys

+ 2008-04-14 11:00 . 2008-04-14 11:00 4096 c:\windows\system32\dllcache\actmovie.exe

+ 2011-04-18 21:51 . 2011-04-18 21:51 653136 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll

+ 2011-04-18 21:51 . 2011-04-18 21:51 569680 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll

+ 2011-04-18 21:51 . 2011-04-18 21:51 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcm90.dll

+ 2011-04-18 21:51 . 2011-04-18 21:51 159048 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_92453bb7\atl90.dll

+ 2009-02-13 06:33 . 2008-06-20 11:59 361600 c:\windows\system32\drivers\tcpip.sys

- 2009-02-13 06:33 . 2009-02-13 06:33 361600 c:\windows\system32\drivers\tcpip.sys

+ 2009-02-13 06:27 . 2009-12-24 06:42 178176 c:\windows\system32\dllcache\wintrust.dll

- 2010-05-02 23:30 . 2009-12-24 06:42 178176 c:\windows\system32\dllcache\wintrust.dll

+ 2009-02-13 06:27 . 2009-02-13 06:27 507904 c:\windows\system32\dllcache\winlogon.exe

- 2010-04-06 22:43 . 2011-11-04 19:20 916992 c:\windows\system32\dllcache\wininet.dll

+ 2009-02-13 06:27 . 2011-11-04 19:20 916992 c:\windows\system32\dllcache\wininet.dll

- 2010-05-02 23:42 . 2011-03-04 06:37 420864 c:\windows\system32\dllcache\vbscript.dll

+ 2009-02-13 06:27 . 2011-03-04 06:37 420864 c:\windows\system32\dllcache\vbscript.dll

- 2010-04-06 22:43 . 2011-11-04 19:20 105984 c:\windows\system32\dllcache\url.dll

+ 2009-02-13 06:27 . 2011-11-04 19:20 105984 c:\windows\system32\dllcache\url.dll

+ 2009-02-13 06:27 . 2009-02-13 06:27 317440 c:\windows\system32\dllcache\unregmp2.exe

+ 2009-02-13 06:27 . 2009-02-13 06:27 123392 c:\windows\system32\dllcache\umpnpmgr.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 177856 c:\windows\system32\dllcache\typelib.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 106496 c:\windows\system32\dllcache\sysocmgr.exe

- 2010-03-08 13:36 . 2009-08-26 08:03 247326 c:\windows\system32\dllcache\strmdll.dll

+ 2009-02-13 06:26 . 2009-08-26 08:03 247326 c:\windows\system32\dllcache\strmdll.dll

+ 2009-02-13 06:26 . 2009-02-13 06:26 985088 c:\windows\system32\dllcache\setupapi.dll

+ 2009-02-13 06:26 . 2009-02-13 06:26 172032 c:\windows\system32\dllcache\scrrun.dll

+ 2009-02-13 06:26 . 2009-02-13 06:26 180224 c:\windows\system32\dllcache\scrobj.dll

- 2010-03-08 13:26 . 2011-11-16 14:20 152064 c:\windows\system32\dllcache\schannel.dll

+ 2009-02-13 06:26 . 2011-11-16 14:20 152064 c:\windows\system32\dllcache\schannel.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 415744 c:\windows\system32\dllcache\samsrv.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 208384 c:\windows\system32\dllcache\rsaenh.dll

+ 2009-02-13 06:26 . 2009-02-13 06:26 433664 c:\windows\system32\dllcache\riched20.dll

+ 2009-09-25 21:36 . 2008-04-14 11:00 487424 c:\windows\system32\dllcache\oledb32.dll

- 2011-06-16 18:29 . 2010-12-20 17:32 551936 c:\windows\system32\dllcache\oleaut32.dll

+ 2008-04-14 11:00 . 2010-12-20 17:32 551936 c:\windows\system32\dllcache\oleaut32.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 147456 c:\windows\system32\dllcache\odbctrac.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 278559 c:\windows\system32\dllcache\odbcjt32.dll

+ 2009-02-13 06:26 . 2009-02-13 06:26 106496 c:\windows\system32\dllcache\odbccp32.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 135168 c:\windows\system32\dllcache\odbcconf.dll

- 2011-01-12 19:31 . 2010-11-09 14:50 253952 c:\windows\system32\dllcache\odbc32.dll

+ 2009-02-13 06:26 . 2010-11-09 14:50 253952 c:\windows\system32\dllcache\odbc32.dll

+ 2008-11-18 14:02 . 2008-11-18 14:02 576384 c:\windows\system32\dllcache\ntfs.sys

- 2010-03-08 13:27 . 2010-12-09 15:15 718336 c:\windows\system32\dllcache\ntdll.dll

+ 2008-05-05 08:16 . 2010-12-09 15:15 718336 c:\windows\system32\dllcache\ntdll.dll

+ 2009-09-25 21:36 . 2008-04-14 11:00 364544 c:\windows\system32\dllcache\npdsplay.dll

+ 2009-02-13 06:26 . 2009-02-13 06:26 339456 c:\windows\system32\dllcache\netapi32.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 355104 c:\windows\system32\dllcache\msxbde40.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 621344 c:\windows\system32\dllcache\mswstr10.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 838432 c:\windows\system32\dllcache\mswdat10.dll

+ 2009-02-13 06:26 . 2009-02-13 06:26 343040 c:\windows\system32\dllcache\msvcrt.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 264992 c:\windows\system32\dllcache\mstext40.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 559904 c:\windows\system32\dllcache\msrepl40.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 322336 c:\windows\system32\dllcache\msrd3x40.dll

+ 2009-02-13 06:26 . 2009-02-13 06:26 287768 c:\windows\system32\dllcache\msrd2x40.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 355104 c:\windows\system32\dllcache\mspbde40.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 143360 c:\windows\system32\dllcache\msorcl32.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 219936 c:\windows\system32\dllcache\msltus40.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 248608 c:\windows\system32\dllcache\msjtes40.dll

+ 2009-09-25 21:36 . 2010-11-09 14:50 102400 c:\windows\system32\dllcache\msjro.dll

- 2011-01-12 19:31 . 2010-11-09 14:50 102400 c:\windows\system32\dllcache\msjro.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 151583 c:\windows\system32\dllcache\msjint40.dll

+ 2009-02-13 06:26 . 2009-02-13 06:26 304152 c:\windows\system32\dllcache\msexcl40.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 518944 c:\windows\system32\dllcache\msexch40.dll

+ 2009-09-25 21:36 . 2008-04-14 11:00 315392 c:\windows\system32\dllcache\msdasql.dll

+ 2009-09-25 21:36 . 2008-04-14 11:00 118784 c:\windows\system32\dllcache\msdarem.dll

+ 2009-09-25 21:36 . 2008-04-14 11:00 204800 c:\windows\system32\dllcache\msdaps.dll

+ 2009-09-25 21:36 . 2008-04-14 11:00 200704 c:\windows\system32\dllcache\msdaprst.dll

+ 2009-09-25 21:36 . 2008-04-14 11:00 233472 c:\windows\system32\dllcache\msdaora.dll

+ 2009-09-25 21:36 . 2010-11-09 14:50 200704 c:\windows\system32\dllcache\msadox.dll

- 2011-01-12 19:31 . 2010-11-09 14:50 200704 c:\windows\system32\dllcache\msadox.dll

+ 2009-09-25 21:36 . 2010-11-09 14:50 180224 c:\windows\system32\dllcache\msadomd.dll

- 2011-01-12 19:31 . 2010-11-09 14:50 180224 c:\windows\system32\dllcache\msadomd.dll

+ 2009-09-25 21:36 . 2010-11-09 19:20 565248 c:\windows\system32\dllcache\msado15.dll

- 2010-11-09 19:20 . 2010-11-09 19:20 565248 c:\windows\system32\dllcache\msado15.dll

+ 2009-09-25 21:36 . 2008-04-14 11:00 155648 c:\windows\system32\dllcache\msadds.dll

- 2011-01-12 19:31 . 2010-11-09 14:50 143360 c:\windows\system32\dllcache\msadco.dll

+ 2009-09-25 21:36 . 2010-11-09 14:50 143360 c:\windows\system32\dllcache\msadco.dll

+ 2009-09-25 21:36 . 2009-02-13 06:25 331776 c:\windows\system32\dllcache\msadce.dll

+ 2008-04-14 11:00 . 2011-02-08 17:03 974848 c:\windows\system32\dllcache\mfc42u.dll

- 2010-09-18 10:23 . 2011-02-08 17:03 974848 c:\windows\system32\dllcache\mfc42u.dll

+ 2008-04-14 11:00 . 2011-02-08 13:33 978944 c:\windows\system32\dllcache\mfc42.dll

- 2010-10-13 22:59 . 2011-02-08 13:33 978944 c:\windows\system32\dllcache\mfc42.dll

+ 2008-04-14 11:00 . 2010-09-18 06:53 953856 c:\windows\system32\dllcache\mfc40u.dll

- 2010-10-13 22:59 . 2010-09-18 06:53 953856 c:\windows\system32\dllcache\mfc40u.dll

- 2010-10-13 22:59 . 2010-09-18 06:53 954368 c:\windows\system32\dllcache\mfc40.dll

+ 2008-04-14 11:00 . 2010-09-18 06:53 954368 c:\windows\system32\dllcache\mfc40.dll

+ 2009-02-13 06:25 . 2010-12-20 17:24 730112 c:\windows\system32\dllcache\lsasrv.dll

- 2009-06-26 14:11 . 2010-12-20 17:24 730112 c:\windows\system32\dllcache\lsasrv.dll

+ 2009-02-13 06:25 . 2009-02-13 06:25 100864 c:\windows\system32\dllcache\logagent.exe

+ 2009-02-13 06:25 . 2009-03-21 18:29 991744 c:\windows\system32\dllcache\kernel32.dll

- 2009-03-21 18:29 . 2009-03-21 18:29 991744 c:\windows\system32\dllcache\kernel32.dll

- 2010-03-08 13:19 . 2011-03-04 06:37 726528 c:\windows\system32\dllcache\jscript.dll

+ 2009-02-13 06:25 . 2011-03-04 06:37 726528 c:\windows\system32\dllcache\jscript.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 138240 c:\windows\system32\dllcache\itss.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 155136 c:\windows\system32\dllcache\itircl.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 143744 c:\windows\system32\dllcache\fastfat.sys

+ 2008-04-14 11:00 . 2008-04-14 11:00 380445 c:\windows\system32\dllcache\expsrv.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 498742 c:\windows\system32\dllcache\dxmasf.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 138752 c:\windows\system32\dllcache\dssenh.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 299520 c:\windows\system32\dllcache\drmclien.dll

+ 2009-09-25 21:36 . 2008-04-14 11:00 554008 c:\windows\system32\dllcache\dao360.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 512512 c:\windows\system32\dllcache\cryptui.dll

- 2011-09-08 13:09 . 2011-09-28 07:05 599552 c:\windows\system32\dllcache\crypt32.dll

+ 2009-02-13 06:25 . 2011-09-28 07:05 599552 c:\windows\system32\dllcache\crypt32.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 252928 c:\windows\system32\dllcache\compatui.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 276992 c:\windows\system32\dllcache\comdlg32.dll

- 2010-10-13 22:59 . 2010-08-23 16:12 617472 c:\windows\system32\dllcache\comctl32.dll

+ 2008-04-14 11:00 . 2010-08-23 16:12 617472 c:\windows\system32\dllcache\comctl32.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 233472 c:\windows\system32\dllcache\azroles.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 602624 c:\windows\system32\dllcache\autoconv.exe

+ 2008-04-14 11:00 . 2008-04-14 11:00 588800 c:\windows\system32\dllcache\autochk.exe

+ 2008-04-14 11:00 . 2008-04-14 11:00 352256 c:\windows\system32\dllcache\atmuni.sys

+ 2009-02-13 06:25 . 2011-02-15 13:05 290432 c:\windows\system32\dllcache\atmfd.dll

- 2010-06-09 04:46 . 2011-02-15 13:05 290432 c:\windows\system32\dllcache\atmfd.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 295936 c:\windows\system32\dllcache\appmgr.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 167936 c:\windows\system32\dllcache\appmgmts.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 125952 c:\windows\system32\dllcache\apphelp.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 102912 c:\windows\system32\dllcache\apcups.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 256512 c:\windows\system32\dllcache\agentsvr.exe

+ 2008-04-14 11:00 . 2008-04-14 11:00 214016 c:\windows\system32\dllcache\agentctl.dll

+ 2009-02-13 06:25 . 2011-08-17 13:41 138496 c:\windows\system32\dllcache\afd.sys

- 2011-04-16 14:55 . 2011-08-17 13:41 138496 c:\windows\system32\dllcache\afd.sys

+ 2009-09-26 09:57 . 2008-04-13 19:09 142592 c:\windows\system32\dllcache\aec.sys

- 2010-04-06 22:43 . 2009-03-08 02:32 128512 c:\windows\system32\dllcache\advpack.dll

+ 2009-02-13 06:25 . 2009-03-08 02:32 128512 c:\windows\system32\dllcache\advpack.dll

- 2009-02-10 18:26 . 2009-02-10 18:26 617472 c:\windows\system32\dllcache\advapi32.dll

+ 2008-04-14 11:00 . 2009-02-10 18:26 617472 c:\windows\system32\dllcache\advapi32.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 123392 c:\windows\system32\dllcache\adsnw.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 263680 c:\windows\system32\dllcache\adsnt.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 161792 c:\windows\system32\dllcache\adsnds.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 143360 c:\windows\system32\dllcache\adsldpc.dll

+ 2009-02-13 06:25 . 2009-02-13 06:25 176128 c:\windows\system32\dllcache\adsldp.dll

+ 2012-02-13 14:56 . 2001-08-17 12:07 101888 c:\windows\system32\dllcache\adpu160m.sys

+ 2008-04-14 11:00 . 2008-04-14 11:00 116224 c:\windows\system32\dllcache\acxtrnal.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 193536 c:\windows\system32\dllcache\activeds.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 245248 c:\windows\system32\dllcache\acspecfc.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 187776 c:\windows\system32\dllcache\acpi.sys

+ 2008-04-14 11:00 . 2008-04-14 11:00 115712 c:\windows\system32\dllcache\aclui.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 141312 c:\windows\system32\dllcache\aclua.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 129536 c:\windows\system32\dllcache\acledit.dll

- 2010-03-08 13:31 . 2009-11-21 15:51 471552 c:\windows\system32\dllcache\aclayers.dll

+ 2008-04-14 11:00 . 2009-11-21 15:51 471552 c:\windows\system32\dllcache\aclayers.dll

+ 2009-09-25 21:32 . 2008-04-14 11:00 184320 c:\windows\system32\dllcache\accwiz.exe

+ 2009-09-25 21:32 . 2008-04-14 11:00 136192 c:\windows\system32\dllcache\aaclient.dll

+ 2008-04-14 11:00 . 2010-02-12 04:27 100864 c:\windows\system32\dllcache\6to4svc.dll

- 2010-05-02 23:41 . 2010-02-12 04:27 100864 c:\windows\system32\dllcache\6to4svc.dll

+ 2012-02-13 14:48 . 2012-02-13 14:48 223744 c:\windows\Installer\21bd88.msi

+ 2011-04-18 21:51 . 2011-04-18 21:51 3781960 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90u.dll

+ 2011-04-18 21:51 . 2011-04-18 21:51 3766600 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90.dll

+ 2009-02-13 06:27 . 2011-11-04 19:20 1212416 c:\windows\system32\dllcache\urlmon.dll

- 2010-04-06 22:43 . 2011-11-04 19:20 1212416 c:\windows\system32\dllcache\urlmon.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 1614848 c:\windows\system32\dllcache\sfcfiles.dll

+ 2009-02-13 06:26 . 2011-11-01 16:05 1289216 c:\windows\system32\dllcache\ole32.dll

- 2010-10-13 22:59 . 2011-11-01 16:05 1289216 c:\windows\system32\dllcache\ole32.dll

+ 2009-02-13 06:26 . 2011-10-25 13:34 2192768 c:\windows\system32\dllcache\ntoskrnl.exe

- 2010-03-08 13:21 . 2011-10-25 13:34 2192768 c:\windows\system32\dllcache\ntoskrnl.exe

+ 2009-02-13 06:26 . 2009-02-13 06:26 1520664 c:\windows\system32\dllcache\msjet40.dll

+ 2008-04-14 11:00 . 2008-04-14 11:00 1852928 c:\windows\system32\dllcache\acgenral.dll

+ 2012-02-13 14:39 . 2011-10-25 13:38 2148864 c:\windows\LastGood\system32\dllcache\ntkrnlmp.exe

+ 2008-04-14 11:00 . 2008-04-14 11:00 13107200 c:\windows\system32\dllcache\oembios.bin

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]

"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"_nltide_3"="advpack.dll" [2009-03-08 128512]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-11-13 2057536]

WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-11-13 9117504]

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=

"c:\\Program Files\\Spotify\\spotify.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [11/13/2009 11:28 AM 110592]

R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [6/16/2009 8:58 AM 20480]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2/8/2010 10:47 PM 11520]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WUAUSERV

.

Contents of the 'Scheduled Tasks' folder

.

2012-02-10 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 10:34]

.

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = *.local

TCP: DhcpNameServer = 205.152.111.23 205.152.144.23

FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3qr03o8i.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-02-13 16:14

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-682003330-1326574676-1177238915-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ec,12,46,7c,1f,a3,b4,44,a7,27,63,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ba,54,44,e4,b5,6c,89,45,8f,c9,68,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(1312)

c:\windows\system32\WININET.dll

c:\windows\system32\msi.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2012-02-13 16:17:51

ComboFix-quarantined-files.txt 2012-02-13 15:17

ComboFix2.txt 2012-02-10 02:31

ComboFix3.txt 2012-02-08 22:07

.

Pre-Run: 6,429,581,312 bytes free

Post-Run: 6,433,669,120 bytes free

.

- - End Of File - - 29F5D7750B0CDF3754EFF73F6F4597FD

Link to post
Share on other sites

Here is the latest MBytes full scan of my C: drive.

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Database version: v2012.02.15.03

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Administrator :: ANONYMOUS [administrator]

2/15/2012 7:46:51 PM

mbam-log-2012-02-15 (19-46-51).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 204176

Time elapsed: 27 minute(s), 28 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 19

C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\33\7dc27821-143d030c (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\42\4b70b46a-7ab6e5c3 (Trojan.FakeMS) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\62\653533be-6d0575e7 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{0B035B8E-E09E-44BE-A296-D2DEE4530CDA}\RP607\A0207928.exe (Adware.FunWeb) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{0B035B8E-E09E-44BE-A296-D2DEE4530CDA}\RP608\A0207934.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{0B035B8E-E09E-44BE-A296-D2DEE4530CDA}\RP608\A0207939.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{0B035B8E-E09E-44BE-A296-D2DEE4530CDA}\RP608\A0207940.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{0B035B8E-E09E-44BE-A296-D2DEE4530CDA}\RP608\A0207941.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{0B035B8E-E09E-44BE-A296-D2DEE4530CDA}\RP608\A0207942.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{0B035B8E-E09E-44BE-A296-D2DEE4530CDA}\RP625\A0209048.exe (Rogue.InternetSecurity) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{0B035B8E-E09E-44BE-A296-D2DEE4530CDA}\RP626\A0212273.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{0B035B8E-E09E-44BE-A296-D2DEE4530CDA}\RP626\A0212274.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\TDSSKiller_Quarantine\08.02.2012_20.11.46\mbr0000\tdlfs0000\tsk0009.dta (Rootkit.TDSS) -> Quarantined and deleted successfully.

C:\TDSSKiller_Quarantine\08.02.2012_20.11.46\mbr0000\tdlfs0000\tsk0005.dta (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\TDSSKiller_Quarantine\08.02.2012_20.11.46\mbr0000\tdlfs0000\tsk0006.dta (Rootkit.TDSS) -> Quarantined and deleted successfully.

C:\TDSSKiller_Quarantine\08.02.2012_20.11.46\mbr0000\tdlfs0000\tsk0007.dta (Rootkit.TDSS.64) -> Quarantined and deleted successfully.

C:\TDSSKiller_Quarantine\08.02.2012_20.11.46\mbr0000\tdlfs0000\tsk0008.dta (Rootkit.TDSS) -> Quarantined and deleted successfully.

C:\TDSSKiller_Quarantine\08.02.2012_20.11.46\mbr0000\tdlfs0000\tsk0010.dta (Rootkit.TDSS.64) -> Quarantined and deleted successfully.

C:\TDSSKiller_Quarantine\08.02.2012_20.11.46\mbr0000\tdlfs0000\tsk0012.dta (Rootkit.TDSS.64) -> Quarantined and deleted successfully.

(end)

Link to post
Share on other sites

Step 1

  • Launch Malwarebytes' Anti-Malware
  • Go to Update" tab and select Check for Updates. If an update is found, it will download and install the latest version. If you already have difficulty, for your convenience we have video on YouTube, which shows visually how to do that.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 2

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

In your next post, please include:

  • Malwarebytes' Anti-Malware log
  • ESET Online Scanner log

Link to post
Share on other sites

  • 2 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.