Jump to content

Malwarebytes finds TROJAN.AGENT C:\WINDOWS\rundll.exe and BACKDOOR.BOT C:\WINDOWS \rundll32.exe


Recommended Posts

Good evening to you all,

I have a laptop (XP Home SP3) which was infected by XP AV 2010. This main infection has now gone, however Malwarebytes keeps finding TROJAN.AGENT in C:\WINDOWS\rundll.exe and BACKDOOR.BOT in C:\WINDOWS \rundll32.exe when a full scan is run - it finds them at the end of the scan when it is performing its additional tasks. It deletes it upon reboot, however another full scan and its back again :-(

Super Anti-Spyware and Ad-Aware finds nothing.

I have also followed the instructions in this link, but with no threats found -

http://www.bleepingcomputer.com/forums/topic262635.html

Malwarebytes is up to date (Ver 1.45, DB 3983).

The Hijackthis log comes out as follows -

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:01:31, on 12/04/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe

C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe

C:\Program Files\Lexmark 7600 Series\lxdwmon.exe

C:\Program Files\Lexmark 7600 Series\ezprint.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\lxdwcoms.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program Files\Trusteer\Rapport\bin\RapportService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Lexmark Printable Web - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang en

O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui

O4 - HKLM\..\Run: [lxdwmon.exe] "C:\Program Files\Lexmark 7600 Series\lxdwmon.exe"

O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 7600 Series\ezprint.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8942.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: lxdwCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdwserv.exe

O23 - Service: lxdw_device - - C:\WINDOWS\system32\lxdwcoms.exe

O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

--

End of file - 7647 bytes

Any help would be much appreciated.

Regards,

Michael.

Link to post
Share on other sites

Hello Michael! Welcome to MalwareBytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

  • The process of cleaning your system may take some time, so please be patient.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • If you don't know or can't understand something please ask.
  • Do not install any software or hardware, while work on.

Step 1:

  • Launch Malwarebytes' Anti-Malware
  • Go to "Update" tab and select "Check for Updates". If an update is found, it will download and install the latest version.
  • Go to "Scanner" tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Step 2:

Also, I would like you to generate a "Add/Remove Software list" log using the HijackThis application. Here is how you can do this:

To get an Uninstall List from HijackThis:

  • Open HijackThis, click Config, click Misc Tools
  • Click "Open Uninstall Manager"
  • Click "Save List" (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.

In your next reply, please include these log(s):

* MalwareBytes' Anti-Malware log

* HijackThis Uninstall List

* HijackThis log (new)

Link to post
Share on other sites

Hi Borislav,

Thank you for the warm welcome!!!

Right, I have followed your instructions exactly, and here are the results -

Malwarebytes Quick Scan Log -

Malwarebytes' Anti-Malware 1.45

www.malwarebytes.org

Database version: 3983

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

13/04/2010 18:00:01

mbam-log-2010-04-13 (18-00-01).txt

Scan type: Quick scan

Objects scanned: 110062

Time elapsed: 5 minute(s), 30 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\rundll.exe (Trojan.Agent) -> No action taken.

C:\WINDOWS\rundll32.exe (Backdoor.Bot) -> No action taken.

HijackThis Uninstall List -

AC97 Data Fax SoftModem with SmartCP

Acrobat.com

Ad-Aware

Ad-Aware

Ad-Aware Email Scanner for Outlook

Adobe AIR

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 9.1.3

Atheros Client Installation Program

ATI - Software Uninstall Utility

ATI Control Panel

ATI Display Driver

avast! Free Antivirus

CD/DVD Drive Acoustic Silencer

Conexant AC-Link Audio

Critical Update for Windows Media Player 11 (KB959772)

Google Update Helper

HijackThis 2.0.2

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB915800-v4)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954708)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

InterVideo WinDVD Creator 2

J2SE Runtime Environment 5.0 Update 2

Java 6 Update 12

Java 6 Update 7

Junk Mail filter update

Lexmark 7600 Series

Lexmark Printable Web

Macromedia Flash Player

Malwarebytes' Anti-Malware

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB953297)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 3.5 SP1

Microsoft Base Smart Card Cryptographic Service Provider Package

Microsoft Choice Guard

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office OneNote 2003

Microsoft Search Enhancement Pack

Microsoft Silverlight

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Mozilla Firefox (3.0.6)

MSN

MSVCRT

nCleaner second 2.3.4.0

OpenOffice.org 3.0

Rapport

REALTEK Gigabit and Fast Ethernet NIC Driver

Security Update for CAPICOM (KB931906)

Security Update for CAPICOM (KB931906)

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Internet Explorer 7 (KB938127-v2)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 7 (KB972260)

Security Update for Windows Internet Explorer 7 (KB974455)

Security Update for Windows Internet Explorer 7 (KB976325)

Security Update for Windows Internet Explorer 7 (KB978207)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978706)

Segoe UI

Spelling Dictionaries Support For Adobe Reader 9

SUPERAntiSpyware Free Edition

Synaptics Pointing Device Driver

TOSHIBA Assist

TOSHIBA ConfigFree

TOSHIBA Manuals

TOSHIBA PC Diagnostic Tool

Toshiba Touchpad Utility

Toshiba Utility

TOSHIBA Zooming Utility

Touch and Launch

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Windows (KB971513)

Update for Windows Internet Explorer 7 (KB976749)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB978506)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows Internet Explorer 8 (KB980302)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB961503)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

Windows Defender

Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)

Windows Driver Package - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)

Windows Internet Explorer 8

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live OneCare safety scanner

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Upload Tool

Windows Media Format 11 runtime

Windows Media Format 11 runtime

Windows Media Player 11

Windows Media Player 11

Windows XP Service Pack 3

WinRAR archiver

HijackThis Fresh-Log -

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:14:00, on 13/04/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\lxdwcoms.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe

C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe

C:\Program Files\Lexmark 7600 Series\lxdwmon.exe

C:\Program Files\Lexmark 7600 Series\ezprint.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Trusteer\Rapport\bin\RapportService.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Lexmark Printable Web - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang en

O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui

O4 - HKLM\..\Run: [lxdwmon.exe] "C:\Program Files\Lexmark 7600 Series\lxdwmon.exe"

O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 7600 Series\ezprint.exe"

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8942.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: lxdwCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdwserv.exe

O23 - Service: lxdw_device - - C:\WINDOWS\system32\lxdwcoms.exe

O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

--

End of file - 7336 bytes

I hope to hear from you soon :-)

Regards,

Michael.

Link to post
Share on other sites

Michael, pay more attention to my instructions. In this case, see this line:

Make sure that everything is checked, and click Remove Selected.

According MalwareBytes' Anti-Malware log that you gave me, this step is done.

Please repeat my instructions and post fresh new log file from HiJackThis.

Link to post
Share on other sites

Hi,

This has already been done.

I ran Malwarebytes, asked it to remove the items, rebooted the system as prompted.

Then I ran another scan, but yet again they re-appeared.

I then did the HijackThis logs for you.

Malwarebytes has been run about 10 times now, same outcome.

Regards,

Michael.

Link to post
Share on other sites

Thanks Michael!

Step 1:

Please uninstall the following application:

Adobe Reader 9.1.3

After finish our work, please download and install the latest version of Adobe Reader from:

http://www.adobe.com

Step 2:

Please go into the Control Panel, Add/Remove and for now remove ALL versions of JAVA

Then run this tool to help cleanup any left over Java

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please download JavaRa and unzip it to your desktop.

***Please close any instances of Internet Explorer (or other web browser) before continuing!***

  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location and post it back when you reply
    Then look for the following Java folders and if found delete them.
    C:\Program Files\Java
    C:\Program Files\Common Files\Java
    C:\Windows\Sun
    C:\Documents and Settings\All Users\Application Data\Java
    C:\Documents and Settings\All Users\Application Data\Sun\Java
    C:\Documents and Settings\username\Application Data\Java
    C:\Documents and Settings\username\Application Data\Sun\Java

Step 3:

**Note: If you need more detailed information, please visit the web page of ComboFix in BleepingComputer. **

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper.

Please download ComboFix from

Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

  1. If you are using Firefox, make sure that your download settings are as follows:
    • Open Tools -> Options -> Main tab
    • Set to Always ask me where to Save the files.

[*]During the download, rename Combofix to Combo-Fix as follows:

CF_download_FF.gif

CF_download_rename.gif

[*]It is important you rename Combofix during the download, but not after.

[*]Please do not rename Combofix to other names, but only to the one indicated.

[*]Close any open browsers.

[*]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause unpredictable results.
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    -----------------------------------------------------------


  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

-----------------------------------------------------------

[*]Double click on combo-Fix.exe & follow the prompts.

[*]When finished, it will produce a report for you.

[*]Please post the C:\Combo-Fix.txt for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

In your next reply, please include these log(s):

* ComboFix log

* JavaRa log

* HijackThis log (new)

Link to post
Share on other sites

OK, I have just completed that step, results are below -

JavaRa -

JavaRa 1.15 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Tue Apr 13 22:06:23 2010

Found and removed: C:\Program Files\Java\jre1.5.0_02

Found and removed: C:\Program Files\Java\jre1.6.0_07

Found and removed: C:\Documents and Settings\Luke\Application Data\Sun\Java\jre1.6.0_07

Found and removed: Software\JavaSoft\Java2D\1.5.0_02

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\JavaPlugin.150_02

Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_02

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_02

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_07

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_07

Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_02\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_07\bin\

------------------------------------

Finished reporting.

Combo-Fix -

ComboFix 10-04-13.02 - Luke 13/04/2010 22:30:29.2.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1918.1443 [GMT 1:00]

Running from: c:\documents and settings\Luke\Desktop\Combo-Fix.exe

AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\w32apiw.dll

.

((((((((((((((((((((((((( Files Created from 2010-03-13 to 2010-04-13 )))))))))))))))))))))))))))))))

.

2010-04-13 20:56 . 2010-04-13 20:56 3584 ----a-r- c:\documents and settings\Luke\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe

2010-04-13 20:56 . 2010-04-13 20:56 -------- d-----w- c:\program files\Windows Installer Clean Up

2010-04-13 20:55 . 2010-04-13 20:55 -------- d-----w- c:\program files\MSECACHE

2010-04-13 17:21 . 2010-04-13 17:21 -------- d-----w- C:\d1f17fb984a8cc1745b8

2010-04-12 22:01 . 2010-04-12 22:01 -------- d-----w- c:\program files\Trend Micro

2010-04-12 19:34 . 2010-04-12 19:34 52224 ----a-w- c:\documents and settings\Luke\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

2010-04-12 19:34 . 2010-04-12 19:34 117760 ----a-w- c:\documents and settings\Luke\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2010-04-12 19:33 . 2010-04-12 19:33 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2010-04-12 19:33 . 2010-04-12 19:33 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-04-12 19:33 . 2010-04-12 19:33 -------- d-----w- c:\documents and settings\Luke\Application Data\SUPERAntiSpyware.com

2010-04-12 19:32 . 2010-04-12 19:32 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2010-04-12 19:20 . 2010-04-12 19:20 -------- d-----w- c:\documents and settings\Luke\Application Data\nCleaner

2010-04-11 10:58 . 2010-04-11 10:58 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2010-04-11 10:37 . 2010-04-13 21:20 -------- dc-h--w- c:\documents and settings\All Users\Application Data\~0

2010-04-11 10:37 . 2010-04-11 10:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2010-04-09 20:29 . 2010-04-09 20:37 -------- d-----w- C:\ComboFix

2010-04-08 21:40 . 2008-04-13 23:12 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll

2010-04-08 21:40 . 2001-08-17 21:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll

2010-04-08 21:39 . 2008-04-13 23:12 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll

2010-04-08 21:39 . 2001-08-17 21:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe

2010-04-08 21:39 . 2001-08-17 21:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe

2010-04-08 21:39 . 2001-08-17 21:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe

2010-04-08 21:39 . 2001-08-17 11:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys

2010-04-08 21:39 . 2004-08-03 21:29 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys

2010-04-08 21:39 . 2008-04-13 17:46 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys

2010-04-08 21:39 . 2004-08-03 21:29 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys

2010-04-08 21:38 . 2008-04-13 23:12 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll

2010-04-08 21:38 . 2008-04-13 17:36 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys

2010-04-08 21:38 . 2004-08-03 21:31 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys

2010-04-08 21:38 . 2001-08-17 11:12 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys

2010-04-08 21:36 . 2004-08-03 21:29 12415 -c--a-w- c:\windows\system32\dllcache\wadv01nt.sys

2010-04-08 21:36 . 2001-08-17 11:13 16925 -c--a-w- c:\windows\system32\dllcache\w940nd.sys

2010-04-08 21:36 . 2001-08-17 11:13 19016 -c--a-w- c:\windows\system32\dllcache\w926nd.sys

2010-04-08 21:36 . 2001-08-17 11:13 19528 -c--a-w- c:\windows\system32\dllcache\w840nd.sys

2010-04-08 21:36 . 2004-08-04 12:00 48256 -c--a-w- c:\windows\system32\dllcache\w32.dll

2010-04-08 21:36 . 2001-08-17 12:28 64605 -c--a-w- c:\windows\system32\dllcache\vvoice.sys

2010-04-08 21:36 . 2001-08-17 12:28 397502 -c--a-w- c:\windows\system32\dllcache\vpctcom.sys

2010-04-08 21:35 . 2001-08-17 12:28 604253 -c--a-w- c:\windows\system32\dllcache\vmodem.sys

2010-04-08 21:35 . 2001-08-17 11:14 249402 -c--a-w- c:\windows\system32\dllcache\vinwm.sys

2010-04-08 21:35 . 2001-08-17 12:49 24576 -c--a-w- c:\windows\system32\dllcache\viairda.sys

2010-04-08 21:35 . 2008-04-13 17:40 5376 -c--a-w- c:\windows\system32\dllcache\viaide.sys

2010-04-08 21:35 . 2008-04-13 23:12 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll

2010-04-08 21:35 . 2001-08-17 12:28 687999 -c--a-w- c:\windows\system32\dllcache\usrwdxjs.sys

2010-04-08 21:35 . 2001-08-17 12:28 765884 -c--a-w- c:\windows\system32\dllcache\usrti.sys

2010-04-08 21:34 . 2001-08-17 12:28 113762 -c--a-w- c:\windows\system32\dllcache\usrpda.sys

2010-04-08 21:34 . 2001-08-17 12:28 7556 -c--a-w- c:\windows\system32\dllcache\usroslba.sys

2010-04-08 21:34 . 2001-08-17 12:28 224802 -c--a-w- c:\windows\system32\dllcache\usr1807a.sys

2010-04-08 21:34 . 2001-08-17 12:28 794399 -c--a-w- c:\windows\system32\dllcache\usr1806v.sys

2010-04-08 21:34 . 2001-08-17 12:28 793598 -c--a-w- c:\windows\system32\dllcache\usr1806.sys

2010-04-08 21:33 . 2001-08-17 12:28 794654 -c--a-w- c:\windows\system32\dllcache\usr1801.sys

2010-04-08 21:33 . 2008-04-13 17:45 20608 -c--a-w- c:\windows\system32\dllcache\usbuhci.sys

2010-04-08 21:33 . 2008-04-13 17:45 26112 -c--a-w- c:\windows\system32\dllcache\usbser.sys

2010-04-08 21:33 . 2008-04-13 17:45 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys

2010-04-08 21:33 . 2004-08-03 21:31 32384 -c--a-w- c:\windows\system32\dllcache\usb101et.sys

2010-04-08 21:33 . 2001-08-17 21:36 94720 -c--a-w- c:\windows\system32\dllcache\umaxud32.dll

2010-04-08 21:33 . 2001-08-17 21:36 28160 -c--a-w- c:\windows\system32\dllcache\umaxu40.dll

2010-04-08 21:33 . 2001-08-17 21:36 26624 -c--a-w- c:\windows\system32\dllcache\umaxu22.dll

2010-04-08 21:33 . 2001-08-17 21:36 69632 -c--a-w- c:\windows\system32\dllcache\umaxu12.dll

2010-04-08 21:32 . 2001-08-17 21:36 50688 -c--a-w- c:\windows\system32\dllcache\umaxscan.dll

2010-04-08 21:32 . 2001-08-17 12:58 22912 -c--a-w- c:\windows\system32\dllcache\umaxpcls.sys

2010-04-08 21:32 . 2001-08-17 21:36 50176 -c--a-w- c:\windows\system32\dllcache\umaxp60.dll

2010-04-08 21:32 . 2001-08-17 21:36 47616 -c--a-w- c:\windows\system32\dllcache\umaxcam.dll

2010-04-08 21:32 . 2001-08-17 21:36 211968 -c--a-w- c:\windows\system32\dllcache\um54scan.dll

2010-04-08 21:32 . 2001-08-17 21:36 216064 -c--a-w- c:\windows\system32\dllcache\um34scan.dll

2010-04-08 21:31 . 2001-08-17 12:52 36736 -c--a-w- c:\windows\system32\dllcache\ultra.sys

2010-04-08 21:31 . 2001-08-17 12:48 11520 -c--a-w- c:\windows\system32\dllcache\twotrack.sys

2010-04-08 21:31 . 2004-08-04 12:00 14336 -c--a-w- c:\windows\system32\dllcache\tsprof.exe

2010-04-08 21:31 . 2001-08-17 11:51 166784 -c--a-w- c:\windows\system32\dllcache\tridxpm.sys

2010-04-08 21:31 . 2001-08-17 21:36 525568 -c--a-w- c:\windows\system32\dllcache\tridxp.dll

2010-04-08 21:31 . 2001-08-17 11:51 159232 -c--a-w- c:\windows\system32\dllcache\tridkbm.sys

2010-04-08 21:30 . 2001-08-17 13:56 440576 -c--a-w- c:\windows\system32\dllcache\tridkb.dll

2010-04-08 21:30 . 2001-08-17 11:51 222336 -c--a-w- c:\windows\system32\dllcache\trid3dm.sys

2010-04-08 21:30 . 2001-08-17 13:56 315520 -c--a-w- c:\windows\system32\dllcache\trid3d.dll

2010-04-08 21:30 . 2001-08-17 11:12 34375 -c--a-w- c:\windows\system32\dllcache\tpro4.sys

2010-04-08 21:30 . 2001-08-17 21:35 42496 -c--a-w- c:\windows\system32\dllcache\tp4res.dll

2010-04-08 21:30 . 2008-04-13 23:12 82944 -c--a-w- c:\windows\system32\dllcache\tp4mon.exe

2010-04-08 21:30 . 2001-08-17 21:36 31744 -c--a-w- c:\windows\system32\dllcache\tp4.dll

2010-04-08 21:29 . 2001-08-17 12:51 4992 -c--a-w- c:\windows\system32\dllcache\toside.sys

2010-04-08 21:29 . 2001-08-17 13:02 230912 -c--a-w- c:\windows\system32\dllcache\tosdvd03.sys

2010-04-08 21:29 . 2001-08-17 13:01 241664 -c--a-w- c:\windows\system32\dllcache\tosdvd02.sys

2010-04-08 21:29 . 2001-08-17 11:10 28232 -c--a-w- c:\windows\system32\dllcache\tos4mo.sys

2010-04-08 21:29 . 2001-08-17 11:14 123995 -c--a-w- c:\windows\system32\dllcache\tjisdn.sys

2010-04-08 21:29 . 2001-08-17 11:51 138528 -c--a-w- c:\windows\system32\dllcache\tgiulnt5.sys

2010-04-08 21:28 . 2001-08-17 13:56 81408 -c--a-w- c:\windows\system32\dllcache\tgiul50.dll

2010-04-08 21:28 . 2008-04-13 17:40 149376 -c--a-w- c:\windows\system32\dllcache\tffsport.sys

2010-04-08 21:28 . 2004-08-04 12:00 19464 -c--a-w- c:\windows\system32\dllcache\tdspx.sys

2010-04-08 21:28 . 2001-08-17 11:13 17129 -c--a-w- c:\windows\system32\dllcache\tdkcd31.sys

2010-04-08 21:28 . 2001-08-17 11:13 37961 -c--a-w- c:\windows\system32\dllcache\tdk100b.sys

2010-04-08 21:28 . 2004-08-04 12:00 21896 -c--a-w- c:\windows\system32\dllcache\tdipx.sys

2010-04-08 21:28 . 2004-08-04 12:00 13192 -c--a-w- c:\windows\system32\dllcache\tdasync.sys

2010-04-08 21:28 . 2001-08-17 12:49 30464 -c--a-w- c:\windows\system32\dllcache\tbatm155.sys

2010-04-08 21:28 . 2001-08-17 12:52 7040 -c--a-w- c:\windows\system32\dllcache\tandqic.sys

2010-04-08 21:27 . 2001-08-17 11:50 36640 -c--a-w- c:\windows\system32\dllcache\t2r4mini.sys

2010-04-08 21:27 . 2001-08-17 13:56 172768 -c--a-w- c:\windows\system32\dllcache\t2r4disp.dll

2010-04-08 21:27 . 2001-08-17 13:07 32640 -c--a-w- c:\windows\system32\dllcache\symc8xx.sys

2010-04-08 21:27 . 2001-08-17 13:07 16256 -c--a-w- c:\windows\system32\dllcache\symc810.sys

2010-04-08 21:27 . 2001-08-17 13:07 30688 -c--a-w- c:\windows\system32\dllcache\sym_u3.sys

2010-04-08 21:27 . 2001-08-17 13:07 28384 -c--a-w- c:\windows\system32\dllcache\sym_hi.sys

2010-04-08 21:27 . 2001-08-17 21:36 94293 -c--a-w- c:\windows\system32\dllcache\sxports.dll

2010-04-08 21:26 . 2001-08-17 12:50 103936 -c--a-w- c:\windows\system32\dllcache\sx.sys

2010-04-08 21:26 . 2001-08-17 13:02 3968 -c--a-w- c:\windows\system32\dllcache\swusbflt.sys

2010-04-08 21:26 . 2001-08-17 21:36 10240 -c--a-w- c:\windows\system32\dllcache\swpidflt.dll

2010-04-08 21:26 . 2001-08-17 21:36 10240 -c--a-w- c:\windows\system32\dllcache\swpdflt2.dll

2010-04-08 21:26 . 2001-08-17 21:36 53760 -c--a-w- c:\windows\system32\dllcache\sw_wheel.dll

2010-04-08 21:26 . 2001-08-17 21:36 41472 -c--a-w- c:\windows\system32\dllcache\sw_effct.dll

2010-04-08 21:26 . 2008-04-13 17:46 15232 -c--a-w- c:\windows\system32\dllcache\streamip.sys

2010-04-08 21:25 . 2001-08-17 21:36 155648 -c--a-w- c:\windows\system32\dllcache\stlnprop.dll

2010-04-08 21:25 . 2001-08-17 21:36 53248 -c--a-w- c:\windows\system32\dllcache\stlncoin.dll

2010-04-08 21:25 . 2001-08-17 11:18 285760 -c--a-w- c:\windows\system32\dllcache\stlnata.sys

2010-04-08 21:25 . 2001-08-17 12:51 16896 -c--a-w- c:\windows\system32\dllcache\stcusb.sys

2010-04-08 21:25 . 2001-08-17 11:11 48736 -c--a-w- c:\windows\system32\dllcache\srwlnd5.sys

2010-04-08 21:25 . 2001-08-17 21:36 99328 -c--a-w- c:\windows\system32\dllcache\srusd.dll

2010-04-08 21:25 . 2004-08-04 12:00 101376 -c--a-w- c:\windows\system32\dllcache\srusbusd.dll

2010-04-08 21:24 . 2001-08-17 21:36 24660 -c--a-w- c:\windows\system32\dllcache\spxupchk.dll

2010-04-08 21:24 . 2001-08-17 12:51 61824 -c--a-w- c:\windows\system32\dllcache\speed.sys

2010-04-08 21:24 . 2001-08-17 21:36 106584 -c--a-w- c:\windows\system32\dllcache\spdports.dll

2010-04-08 21:24 . 2001-08-17 13:07 19072 -c--a-w- c:\windows\system32\dllcache\sparrow.sys

2010-04-08 21:24 . 2001-08-17 12:56 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys

2010-04-08 21:24 . 2001-08-17 11:51 37040 -c--a-w- c:\windows\system32\dllcache\sonypi.sys

2010-04-08 21:22 . 2001-08-17 11:12 25034 -c--a-w- c:\windows\system32\dllcache\smcpwr2n.sys

2010-04-08 21:22 . 2001-08-17 11:10 35913 -c--a-w- c:\windows\system32\dllcache\smcirda.sys

2010-04-08 21:22 . 2001-08-17 11:12 24576 -c--a-w- c:\windows\system32\dllcache\smc8000n.sys

2010-04-08 21:22 . 2001-08-17 12:57 6784 -c--a-w- c:\windows\system32\dllcache\smbhc.sys

2010-04-08 21:22 . 2008-04-13 17:36 6912 -c--a-w- c:\windows\system32\dllcache\smbclass.sys

2010-04-08 21:22 . 2008-04-13 17:36 16000 -c--a-w- c:\windows\system32\dllcache\smbbatt.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-04-11 08:41 . 2009-03-04 17:40 -------- d-----w- c:\program files\Google

2010-04-07 20:58 . 2009-02-21 10:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-04-07 20:54 . 2010-02-12 21:24 5918776 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2010-03-29 23:46 . 2009-02-21 10:25 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-03-29 23:45 . 2009-02-21 10:25 20824 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-03-20 21:18 . 2009-02-20 21:26 1 ----a-w- c:\documents and settings\Luke\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys

2010-03-09 11:24 . 2009-02-19 20:04 153184 ----a-w- c:\windows\system32\aswBoot.exe

2010-03-09 11:12 . 2009-02-19 20:05 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2010-03-09 11:12 . 2009-02-19 20:05 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys

2010-03-09 11:09 . 2009-02-19 20:05 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2010-03-09 11:08 . 2009-02-19 20:05 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2010-03-09 11:08 . 2009-02-19 20:05 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys

2010-03-09 11:08 . 2009-02-19 20:05 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2010-03-09 11:08 . 2009-02-19 20:05 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2010-03-08 21:41 . 2010-03-08 21:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Lexmark 7600 Series

2010-03-06 09:18 . 2010-03-06 09:16 -------- d-----w- c:\program files\Lexmark 7600 Series

2010-03-06 09:17 . 2010-03-06 09:17 -------- d-----w- c:\program files\Lexmark Toolbar

2010-03-06 09:17 . 2010-03-06 09:17 -------- d-----w- c:\program files\Lexmark Printable Web

2010-02-26 21:44 . 2010-02-26 21:08 -------- d-----w- c:\documents and settings\Luke\Application Data\Samsung

2010-02-26 21:44 . 2005-08-04 13:31 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-02-26 21:12 . 2010-02-26 21:12 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite

2010-02-26 21:12 . 2010-02-26 21:12 -------- d-----w- c:\documents and settings\Luke\Application Data\PC Suite

2010-02-26 21:09 . 2010-02-26 21:09 -------- d-----w- c:\program files\DIFX

2010-02-26 21:05 . 2009-02-19 20:03 -------- d-----w- c:\program files\Common Files\Adobe

2010-02-25 18:14 . 2010-02-25 18:14 390528 ----a-w- c:\windows\system32\drivers\RapportBuka.sys

2010-02-25 18:14 . 2010-02-25 18:14 390528 ----a-w- c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportBukaBroom\13897\RapportBuka.sys

2010-02-25 18:14 . 2010-02-25 18:14 249856 ----a-w- c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportBukaBroom\13897\RapportBukaBroom.dll

2010-02-25 06:24 . 2005-08-04 11:21 916480 ------w- c:\windows\system32\wininet.dll

2010-02-24 11:29 . 2010-04-08 18:38 -------- d-----w- c:\documents and settings\Administrator\Application Data\Trusteer

2010-02-24 10:16 . 2009-12-15 17:30 181632 ------w- c:\windows\system32\MpSigStub.exe

2010-02-19 21:14 . 2009-02-22 14:19 -------- d-----w- c:\program files\Windows Live

2010-02-17 21:27 . 2010-02-17 21:27 -------- d-----w- c:\program files\Atheros

2010-02-17 21:26 . 2010-02-17 21:26 -------- d-----w- c:\documents and settings\Luke\Application Data\InstallShield

2010-02-17 21:02 . 2010-02-17 21:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Atheros

2010-02-17 20:43 . 2005-08-05 06:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec

2010-02-17 20:42 . 2010-02-12 20:09 -------- d-----w- c:\program files\Common Files\Symantec Shared

2010-02-11 18:53 . 2009-02-19 20:05 38848 ----a-w- c:\windows\system32\avastSS.scr

2009-08-08 11:48 . 2009-08-08 11:47 18015723 ----a-w- c:\program files\vlc-1.0.1-win32.exe

2009-07-22 06:21 . 2009-07-22 06:19 17828326 ----a-w- c:\program files\vlc-1.0.0-win32.exe

2009-06-20 20:30 . 2009-06-20 20:29 16742799 ----a-w- c:\program files\vlc-0.9.9-win32.exe

2009-03-04 18:09 . 2009-03-04 18:07 16320472 ----a-w- c:\program files\vlc-0.9.8a-win32.exe

2009-03-04 18:07 . 2009-03-04 18:06 1234120 ----a-w- c:\program files\wrar380.exe

.

((((((((((((((((((((((((((((( SnapShot@2010-04-09_20.35.34 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-07-29 07:05 . 2008-07-29 07:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll

+ 2008-07-29 07:05 . 2008-07-29 07:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll

+ 2008-07-29 07:05 . 2008-07-29 07:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll

+ 2008-07-29 07:05 . 2008-07-29 07:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll

+ 2008-07-29 07:05 . 2008-07-29 07:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll

+ 2008-07-29 07:05 . 2008-07-29 07:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll

+ 2008-07-29 07:05 . 2008-07-29 07:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll

+ 2008-07-29 07:05 . 2008-07-29 07:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll

+ 2008-07-29 07:05 . 2008-07-29 07:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll

+ 2008-07-29 07:05 . 2008-07-29 07:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll

+ 2008-07-29 07:05 . 2008-07-29 07:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll

+ 2008-07-29 05:07 . 2008-07-29 05:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll

+ 2008-07-29 05:07 . 2008-07-29 05:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll

+ 2008-07-29 05:07 . 2008-07-29 05:07 80896 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfcm90ud.dll

+ 2008-07-29 05:07 . 2008-07-29 05:07 80896 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfcm90d.dll

+ 2005-08-04 11:21 . 2004-08-03 23:56 33280 c:\windows\system32\rundll32.exe

- 2005-08-04 11:21 . 2008-04-14 00:12 33280 c:\windows\system32\rundll32.exe

- 2005-08-04 11:21 . 2010-03-28 10:31 84532 c:\windows\system32\perfc009.dat

+ 2005-08-04 11:21 . 2010-04-11 08:50 84532 c:\windows\system32\perfc009.dat

+ 2005-08-04 11:21 . 2004-08-03 23:56 33280 c:\windows\system32\dllcache\rundll32.exe

- 2005-08-04 11:21 . 2008-04-14 00:12 33280 c:\windows\system32\dllcache\rundll32.exe

+ 2009-06-27 20:29 . 2010-02-16 04:50 64000 c:\windows\system32\dllcache\iecompat.dll

- 2005-09-28 14:54 . 2009-02-19 22:02 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

+ 2005-09-28 14:54 . 2010-04-13 21:12 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

- 2005-09-28 14:54 . 2009-02-19 22:02 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

+ 2005-09-28 14:54 . 2010-04-13 21:12 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

+ 2010-04-11 11:04 . 2010-04-13 21:12 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat

- 2005-09-28 14:54 . 2009-02-19 22:02 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat

+ 2010-04-12 19:33 . 2010-04-12 19:33 65024 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe

+ 2010-04-12 19:33 . 2010-04-12 19:33 18944 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe

+ 2010-04-11 08:52 . 2009-12-11 08:38 69120 c:\windows\ie8updates\KB980302-IE8\iecompat.dll

+ 2010-04-11 08:48 . 2010-04-11 08:48 77824 c:\windows\assembly\tmp\DPY6FOX6\System.Web.RegularExpressions.dll

+ 2010-04-11 08:48 . 2010-04-11 08:48 13312 c:\windows\assembly\tmp\BMV4DLU2\cscompmgd.dll

+ 2010-04-11 09:07 . 2010-04-11 09:07 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\87a11190cb0c9ecfd20b607bff6690fb\System.Windows.Presentation.ni.dll

+ 2010-04-11 09:06 . 2010-04-11 09:06 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\6a6a72d2ee8849a5ad7a80af36563ed5\System.Web.DynamicData.Design.ni.dll

+ 2010-04-11 09:01 . 2010-04-11 09:01 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\1c25e1eb925bf9c0b526ead78e3e1abc\System.ComponentModel.DataAnnotations.ni.dll

+ 2010-04-11 09:01 . 2010-04-11 09:01 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\96443722953c690747a82d31bd1c549f\System.AddIn.Contract.ni.dll

+ 2010-04-11 09:05 . 2010-04-11 09:05 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\6c4bf544cfa75f913df49142acab1b7c\Microsoft.Vsa.ni.dll

+ 2010-04-11 08:57 . 2010-04-11 08:57 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\5754fc85021b2f65836ba422521631eb\Microsoft.Build.Framework.ni.dll

+ 2010-04-11 08:58 . 2010-04-11 08:58 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\0cb37ad30660eed74e9f8e28640c019f\Microsoft.Build.Framework.ni.dll

+ 2010-04-11 08:57 . 2010-04-11 08:57 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\36bb2dd711974ad0bce057d2bc9c4592\dfsvc.ni.exe

+ 2010-04-11 08:55 . 2010-04-11 08:55 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\16548a271b624211b7d1bd2956faed85\Accessibility.ni.dll

+ 2010-04-11 08:48 . 2010-04-11 08:48 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll

- 2009-11-11 08:31 . 2009-11-11 08:31 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll

+ 2010-04-11 08:48 . 2010-04-11 08:48 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll

- 2009-11-11 08:31 . 2009-11-11 08:31 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll

+ 2010-04-11 08:49 . 2010-04-11 08:49 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

- 2009-11-11 08:32 . 2009-11-11 08:32 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

+ 2010-04-11 08:49 . 2010-04-11 08:49 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll

- 2009-11-11 08:31 . 2009-11-11 08:31 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll

- 2009-11-11 08:31 . 2009-11-11 08:31 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

+ 2010-04-11 08:49 . 2010-04-11 08:49 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

- 2009-11-11 08:31 . 2009-11-11 08:31 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll

+ 2010-04-11 08:49 . 2010-04-11 08:49 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll

+ 2010-04-11 08:49 . 2010-04-11 08:49 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll

- 2009-11-11 08:31 . 2009-11-11 08:31 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll

- 2009-11-11 08:31 . 2009-11-11 08:31 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll

+ 2010-04-11 08:49 . 2010-04-11 08:49 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll

+ 2010-04-11 08:49 . 2010-04-11 08:49 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll

- 2009-11-11 08:31 . 2009-11-11 08:31 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll

- 2009-11-11 08:31 . 2009-11-11 08:31 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll

+ 2010-04-11 08:48 . 2010-04-11 08:48 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll

- 2009-11-11 08:31 . 2009-11-11 08:31 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

+ 2010-04-11 08:48 . 2010-04-11 08:48 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

+ 2010-04-11 08:49 . 2010-04-11 08:49 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

- 2009-11-11 08:31 . 2009-11-11 08:31 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

+ 2010-04-11 08:48 . 2010-04-11 08:48 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

- 2009-11-11 08:31 . 2009-11-11 08:31 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

- 2009-11-11 08:31 . 2009-11-11 08:31 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll

+ 2010-04-11 08:48 . 2010-04-11 08:48 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll

+ 2010-04-12 19:33 . 2010-04-12 19:33 5120 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF16.exe

+ 2010-04-11 08:49 . 2010-04-11 08:49 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll

- 2009-11-11 08:31 . 2009-11-11 08:31 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll

- 2009-11-11 08:32 . 2009-11-11 08:32 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

+ 2010-04-11 08:49 . 2010-04-11 08:49 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

+ 2010-04-11 08:49 . 2010-04-11 08:49 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll

- 2009-11-11 08:31 . 2009-11-11 08:31 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll

+ 2010-04-11 08:48 . 2010-04-11 08:48 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll

- 2009-11-11 08:31 . 2009-11-11 08:31 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll

+ 2010-04-11 08:49 . 2010-04-11 08:49 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll

- 2009-11-11 08:31 . 2009-11-11 08:31 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll

+ 2010-04-11 08:49 . 2010-04-11 08:49 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll

- 2009-11-11 08:31 . 2009-11-11 08:31 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll

+ 2008-07-29 07:05 . 2008-07-29 07:05 875520 c:\windows\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71f\msvcp90d.dll

+ 2008-07-29 02:54 . 2008-07-29 02:54 312832 c:\windows\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71f\msvcm90d.dll

+ 2008-07-29 07:05 . 2008-07-29 07:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll

+ 2008-07-29 07:05 . 2008-07-29 07:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll

+ 2008-07-29 02:54 . 2008-07-29 02:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll

+ 2008-07-29 07:05 . 2008-07-29 07:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll

+ 2005-08-04 11:21 . 2010-04-11 08:50 472976 c:\windows\system32\perfh009.dat

- 2005-08-04 11:21 . 2010-03-28 10:31 472976 c:\windows\system32\perfh009.dat

+ 2009-10-20 16:21 . 2009-10-20 16:21 989000 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll

+ 2010-04-13 20:56 . 2010-04-13 20:56 472064 c:\windows\Installer\4b68e.msi

+ 2010-04-11 10:36 . 2010-04-11 10:36 236032 c:\windows\Installer\3d9ce7.msi

+ 2010-04-11 08:52 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB980302-IE8\spuninst\updspapi.dll

+ 2010-04-11 08:52 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB980302-IE8\spuninst\spuninst.exe

+ 2010-04-11 08:57 . 2010-04-11 08:57 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\76212f0eaf908ddc457b7c09fdc00013\WsatConfig.ni.exe

+ 2010-04-11 09:08 . 2010-04-11 09:08 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\43dff2d60cc1e2d83207d115d6ebd5da\System.Xml.Linq.ni.dll

+ 2010-04-11 09:06 . 2010-04-11 09:06 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\bbbbee6aee8efc2a3fe36297df61558c\System.Web.Routing.ni.dll

+ 2010-04-11 09:07 . 2010-04-11 09:07 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\4918daec30cc88a92e9089d6e6ddf65b\System.Web.RegularExpressions.ni.dll

+ 2010-04-11 09:07 . 2010-04-11 09:07 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\1abbdbd4a1de53b702bae22e4714b95d\System.Web.Extensions.Design.ni.dll

+ 2010-04-11 09:06 . 2010-04-11 09:06 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\adaa9f715be2debd2b11674077f3afda\System.Web.Entity.ni.dll

+ 2010-04-11 09:06 . 2010-04-11 09:06 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\23a843aedd80a0f43e0baa1986bcd83f\System.Web.Entity.Design.ni.dll

+ 2010-04-11 09:06 . 2010-04-11 09:06 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\bf4cf131e0808755f12f86b632c831f4\System.Web.DynamicData.ni.dll

+ 2010-04-11 09:06 . 2010-04-11 09:06 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\8ff474534be27f40db5c17fee04a9fe7\System.Web.Abstractions.ni.dll

+ 2010-04-11 09:05 . 2010-04-11 09:05 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\9aa6ef5e5d40a8b8fb2850ee4a3e7bb3\System.Transactions.ni.dll

+ 2010-04-11 09:05 . 2010-04-11 09:05 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\b74d61184e254ac814bb3ceae5cc1095\System.ServiceProcess.ni.dll

+ 2010-04-11 08:58 . 2010-04-11 08:58 676352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\3ef9383bddd7283406d0ba7303f38e46\System.Security.ni.dll

+ 2010-04-11 09:04 . 2010-04-11 09:04 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\aab1f5149537a106a50b1508d9b18eb5\System.Runtime.Serialization.Formatters.Soap.ni.dll

+ 2010-04-11 09:05 . 2010-04-11 09:05 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\90e7b21b6f94a25cb4470ac854999479\System.Net.ni.dll

+ 2010-04-11 09:04 . 2010-04-11 09:04 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\d7ad7924159136fb7e13cfdf3d01cf21\System.Management.ni.dll

+ 2010-04-11 09:04 . 2010-04-11 09:04 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\7081191709ba39f5b18f2f52f61c6aab\System.Management.Instrumentation.ni.dll

+ 2010-04-11 08:55 . 2010-04-11 08:55 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\c88bdc0770617f2bec70e82b2877712e\System.IO.Log.ni.dll

+ 2010-04-11 08:55 . 2010-04-11 08:55 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\9830b36108b5acc8bfecd4b523ae6422\System.IdentityModel.Selectors.ni.dll

+ 2010-04-11 09:04 . 2010-04-11 09:04 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\34bd8d1c5589efe26dfd69cfef05888c\System.EnterpriseServices.Wrapper.dll

+ 2010-04-11 09:04 . 2010-04-11 09:04 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\34bd8d1c5589efe26dfd69cfef05888c\System.EnterpriseServices.ni.dll

+ 2010-04-11 08:52 . 2010-04-11 08:52 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\c27d9b8fc90f4e86f272ec31748a9beb\System.Drawing.Design.ni.dll

+ 2010-04-11 09:04 . 2010-04-11 09:04 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\2e171d3863d31c9760be4a76d7a41842\System.DirectoryServices.AccountManagement.ni.dll

+ 2010-04-11 09:04 . 2010-04-11 09:04 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\26c2dd48768ead8ab6981c502c33a16b\System.DirectoryServices.Protocols.ni.dll

+ 2010-04-11 09:04 . 2010-04-11 09:04 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\a157c98a0bd61c92cc324ccb085c0c2f\System.Data.Services.Client.ni.dll

+ 2010-04-11 09:04 . 2010-04-11 09:04 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\43ebb69f9f13b4d50877a718fe7e2fec\System.Data.Services.Design.ni.dll

+ 2010-04-11 09:03 . 2010-04-11 09:03 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\6f40c0b03a35585ad314a0459ebd3721\System.Data.Entity.Design.ni.dll

+ 2010-04-11 09:01 . 2010-04-11 09:01 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\67b8b52a93087400d9c8efa36d28ba0f\System.Data.DataSetExtensions.ni.dll

+ 2010-04-11 08:57 . 2010-04-11 08:57 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\33f46842f1687b027c3471ca1ba6e929\System.Configuration.ni.dll

+ 2010-04-11 09:04 . 2010-04-11 09:04 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\d5f4012b6c896418365813c53c5e46ce\System.Configuration.Install.ni.dll

+ 2010-04-11 09:01 . 2010-04-11 09:01 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\338d4c7d84af692ae64bdee6e66bd04a\System.AddIn.ni.dll

+ 2010-04-11 08:57 . 2010-04-11 08:57 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\8a6c7d7f7876f4b3276122167503c170\SMSvcHost.ni.exe

+ 2010-04-11 08:57 . 2010-04-11 08:57 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\c047fb6624ebfd95bdbc916e0068e6e9\SMDiagnostics.ni.dll

+ 2010-04-11 08:57 . 2010-04-11 08:57 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\be79ac2ece330c98b62261350d65292b\ServiceModelReg.ni.exe

+ 2010-04-11 08:57 . 2010-04-11 08:57 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\9f2d92e6bde466705c09e3ecf53878a5\MSBuild.ni.exe

+ 2010-04-11 08:57 . 2010-04-11 08:57 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\dc492c55c273491e30684dfed864e4db\Microsoft.Transactions.Bridge.Dtc.ni.dll

+ 2010-04-11 08:58 . 2010-04-11 08:58 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\caf2207b404aa5bcb77833e3302fc5b6\Microsoft.Build.Utilities.ni.dll

+ 2010-04-11 08:58 . 2010-04-11 08:58 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\74290c786353b8f4341550847169adb1\Microsoft.Build.Utilities.v3.5.ni.dll

+ 2010-04-11 08:58 . 2010-04-11 08:58 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\ecad09aa540d7011ff615077bba756c9\Microsoft.Build.Engine.ni.dll

+ 2010-04-11 08:58 . 2010-04-11 08:58 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\d326c3841b68b469dc70eab552dc0764\Microsoft.Build.Conversion.v3.5.ni.dll

+ 2010-04-11 08:58 . 2010-04-11 08:58 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\7966bb0eeae06d6e0a0999f7e57945c3\CustomMarshalers.ni.dll

+ 2010-04-11 08:57 . 2010-04-11 08:57 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\11afe9235899cd970b4f19037e77fa04\ComSvcConfig.ni.exe

+ 2010-04-11 08:55 . 2010-04-11 08:55 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\ab21507db0a8b7a8b8bd86f468bed2d4\AspNetMMCExt.ni.dll

+ 2010-04-11 08:48 . 2010-04-11 08:48 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll

- 2009-11-11 08:31 . 2009-11-11 08:31 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll

- 2009-11-11 08:31 . 2009-11-11 08:31 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll

+ 2010-04-11 08:48 . 2010-04-11 08:48 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll

+ 2010-04-11 08:49 . 2010-04-11 08:49 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

- 2009-11-11 08:31 . 2009-11-11 08:31 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

+ 2010-04-11 08:49 . 2010-04-11 08:49 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll

- 2009-11-11 08:31 . 2009-11-11 08:31 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll

+ 2010-04-11 08:51 . 2010-04-11 08:51 970752 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll

- 2009-11-11 08:31 . 2009-11-11 08:31 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll

+ 2010-04-11 08:49 . 2010-04-11 08:49 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll

- 2009-11-11 08:31 . 2009-11-11 08:31 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

+ 2010-04-11 08:49 . 2010-04-11 08:49 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

+ 2010-04-11 08:49 . 2010-04-11 08:49 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll

- 2009-11-11 08:31 . 2009-11-11 08:31 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll

+ 2010-04-11 08:49 . 2010-04-11 08:49 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll

- 2009-11-11 08:31 . 2009-11-11 08:31 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll

+ 2010-04-11 08:49 . 2010-04-11 08:49 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

- 2009-11-11 08:31 . 2009-11-11 08:31 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

+ 2010-04-11 08:49 . 2010-04-11 08:49 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll

- 2009-11-11 08:31 . 2009-11-11 08:31 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll

- 2009-11-11 08:31 . 2009-11-11 08:31 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll

+ 2010-04-11 08:48 . 2010-04-11 08:48 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll

+ 2010-04-11 08:49 . 2010-04-11 08:49 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll

- 2009-11-11 08:32 . 2009-11-11 08:32 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll

+ 2010-04-11 08:49 . 2010-04-11 08:49 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll

- 2009-11-11 08:32 . 2009-11-11 08:32 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll

+ 2010-04-11 08:49 . 2010-04-11 08:49 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll

- 2009-11-11 08:32 . 2009-11-11 08:32 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll

+ 2010-04-11 08:49 . 2010-04-11 08:49 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll

- 2009-11-11 08:32 . 2009-11-11 08:32 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll

- 2009-11-11 08:31 . 2009-11-11 08:31 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

+ 2010-04-11 08:49 . 2010-04-11 08:49 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

- 2009-11-11 08:31 . 2009-11-11 08:31 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll

+ 2010-04-11 08:49 . 2010-04-11 08:49 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll

+ 2010-04-11 08:49 . 2010-04-11 08:49 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll

- 2009-11-11 08:31 . 2009-11-11 08:31 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll

+ 2010-04-11 08:49 . 2010-04-11 08:49 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll

- 2009-11-11 08:31 . 2009-11-11 08:31 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll

- 2009-11-11 08:31 . 2009-11-11 08:31 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll

+ 2010-04-11 08:49 . 2010-04-11 08:49 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll

+ 2010-04-11 08:49 . 2010-04-11 08:49 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll

- 2009-11-11 08:31 . 2009-11-11 08:31 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll

+ 2010-04-11 08:48 . 2010-04-11 08:48 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll

- 2009-11-11 08:31 . 2009-11-11 08:31 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll

- 2009-11-11 08:31 . 2009-11-11 08:31 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

+ 2010-04-11 08:49 . 2010-04-11 08:49 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

+ 2010-04-11 08:49 . 2010-04-11 08:49 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

- 2009-11-11 08:31 . 2009-11-11 08:31 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

- 2009-11-11 08:31 . 2009-11-11 08:31 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

+ 2010-04-11 08:49 . 2010-04-11 08:49 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

- 2009-11-11 08:32 . 2009-11-11 08:32 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll

+ 2010-04-11 08:49 . 2010-04-11 08:49 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll

+ 2008-07-29 07:05 . 2008-07-29 07:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll

+ 2008-07-29 07:05 . 2008-07-29 07:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll

+ 2008-07-29 07:05 . 2008-07-29 07:05 5982720 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfc90ud.dll

+ 2008-07-29 07:05 . 2008-07-29 07:05 5937144 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfc90d.dll

+ 2008-07-29 07:05 . 2008-07-29 07:05 1180672 c:\windows\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71f\msvcr90d.dll

+ 2009-10-20 16:21 . 2009-10-20 16:21 5812544 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll

+ 2009-10-20 16:21 . 2009-10-20 16:21 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll

+ 2010-04-12 19:33 . 2010-04-12 19:33 1583616 c:\windows\Installer\76264.msi

+ 2010-04-11 08:51 . 2010-04-11 08:51 5931008 c:\windows\assembly\tmp\MX6ENV3C\System.ServiceModel.dll

+ 2010-04-11 08:51 . 2010-04-11 08:51 7868416 c:\windows\assembly\NativeImages_v2.0.50727_32\System\37de8af38fc4fd7d868097a40f82c0bb\System.ni.dll

+ 2010-04-11 08:53 . 2010-04-11 08:53 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\0090a51bb28fe4c9abb5604048501e57\System.Xml.ni.dll

+ 2010-04-11 09:08 . 2010-04-11 09:08 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\a8043fd6e996c25b961e4b59068d2cec\System.WorkflowServices.ni.dll

+ 2010-04-11 09:08 . 2010-04-11 09:08 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\56f5b5b7fbb513b20a8c42d6ede20716\System.Workflow.Runtime.ni.dll

+ 2010-04-11 09:08 . 2010-04-11 09:08 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\4428b243d69bdd25c325fcf5a4d9f1eb\System.Workflow.ComponentModel.ni.dll

+ 2010-04-11 09:07 . 2010-04-11 09:07 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\1133d8b77e7e94edc069d95e93eb0531\System.Workflow.Activities.ni.dll

+ 2010-04-11 09:07 . 2010-04-11 09:07 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\affca324d68452f7827a9be5e355e445\System.Web.Services.ni.dll

+ 2010-04-11 09:07 . 2010-04-11 09:07 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\dec2660e1581be57dacf9c6104e8d252\System.Web.Mobile.ni.dll

+ 2010-04-11 09:06 . 2010-04-11 09:06 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\19a0fe785a2eb348989c4cb85472d304\System.Web.Extensions.ni.dll

+ 2010-04-11 09:05 . 2010-04-11 09:05 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\bbec2772eb6030baf0b18819bdc8849b\System.ServiceModel.Web.ni.dll

+ 2010-04-11 08:55 . 2010-04-11 08:55 2338304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\56af38cf73089edef2b390527817228e\System.Runtime.Serialization.ni.dll

+ 2010-04-11 09:05 . 2010-04-11 09:05 2344960 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\0f1d3fc0f9bd72295c053a66090472e1\System.Runtime.Serialization.ni.dll

+ 2010-04-11 08:55 . 2010-04-11 08:55 1056768 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\3b589e5c7262c5564668e893ed5fa347\System.IdentityModel.ni.dll

+ 2010-04-11 08:52 . 2010-04-11 08:52 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\b106b43c1a464a009a72930a81204b35\System.Drawing.ni.dll

+ 2010-04-11 09:04 . 2010-04-11 09:04 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\3102dd31a0e81701ab4c3e3627210885\System.DirectoryServices.ni.dll

+ 2010-04-11 09:04 . 2010-04-11 09:04 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\299b46ce8a9cd708aad0b34a6817c3c9\System.Deployment.ni.dll

+ 2010-04-11 08:52 . 2010-04-11 08:52 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\37ddef291179db404821628bdd037cf0\System.Data.ni.dll

+ 2010-04-11 08:57 . 2010-04-11 08:57 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\0f4ca76e1a55a8b10a169e26fb5ae852\System.Data.SqlXml.ni.dll

+ 2010-04-11 09:04 . 2010-04-11 09:04 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\024858187a3725c625d100975ff49ba3\System.Data.Services.ni.dll

+ 2010-04-11 09:03 . 2010-04-11 09:03 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\f0ffa7c1091f11d9b3442926e44f2756\System.Data.Entity.ni.dll

+ 2010-04-11 09:01 . 2010-04-11 09:01 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\4ab24094be8e022a12520ca6cd010b7b\System.Core.ni.dll

+ 2010-04-11 09:01 . 2010-04-11 09:01 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\16fc2faef3984a77e7ee02cafd94c5f4\Microsoft.VisualBasic.ni.dll

+ 2010-04-11 08:57 . 2010-04-11 08:57 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\87887988acf0bf7cef022ac352013ad9\Microsoft.Transactions.Bridge.ni.dll

+ 2010-04-11 09:05 . 2010-04-11 09:05 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\1d4ab5c6748b01243403b915fb76e068\Microsoft.JScript.ni.dll

+ 2010-04-11 08:58 . 2010-04-11 08:58 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\e5581e288bb26364dc6d4987251dfdf5\Microsoft.Build.Tasks.v3.5.ni.dll

+ 2010-04-11 08:58 . 2010-04-11 08:58 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\19627bc5e3955d69e007b4c4f49489db\Microsoft.Build.Tasks.ni.dll

+ 2010-04-11 08:57 . 2010-04-11 08:57 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\e25766aa55cbe4b36e3c6b1a498beb0d\Microsoft.Build.Engine.ni.dll

- 2009-11-11 08:32 . 2009-11-11 08:32 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll

+ 2010-04-11 08:49 . 2010-04-11 08:49 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll

- 2009-11-11 08:32 . 2009-11-11 08:32 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll

+ 2010-04-11 08:49 . 2010-04-11 08:49 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll

+ 2010-04-11 08:48 . 2010-04-11 08:48 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

- 2009-11-11 08:31 . 2009-11-11 08:31 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

+ 2010-04-11 08:58 . 2010-04-11 08:58 5931008 c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll

- 2009-02-20 19:53 . 2009-02-20 19:53 5931008 c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll

- 2009-11-11 08:31 . 2009-11-11 08:31 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll

+ 2010-04-11 08:48 . 2010-04-11 08:48 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll

- 2009-11-11 08:31 . 2009-11-11 08:31 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll

+ 2010-04-11 08:48 . 2010-04-11 08:48 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll

+ 2010-04-11 08:49 . 2010-04-11 08:49 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

- 2009-11-11 08:32 . 2009-11-11 08:32 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

+ 2010-04-11 08:49 . 2010-04-11 08:49 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll

+ 2009-10-27 13:57 . 2009-10-27 13:57 14009856 c:\windows\Installer\73e52.msp

+ 2009-10-27 16:11 . 2009-10-27 16:11 11146240 c:\windows\Installer\73e4c.msp

+ 2010-04-11 08:53 . 2010-04-11 08:53 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f0c753f83940b5de037a16ba162ebdce\System.Windows.Forms.ni.dll

+ 2010-04-11 09:06 . 2010-04-11 09:06 11796992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\3d959bc1e5bef926783107fd981701b6\System.Web.ni.dll

+ 2010-04-11 08:56 . 2010-04-11 08:56 17317888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\1f1ea3ecafd0b518dbc820f651a25f26\System.ServiceModel.ni.dll

+ 2010-04-11 08:52 . 2010-04-11 08:52 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\75dc107fbe5daac68eaf32c5050d7108\System.Design.ni.dll

+ 2010-04-11 08:51 . 2010-04-11 08:51 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\4e82a0b51b82ffb8127c48c7d13485d7\mscorlib.ni.dll

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-28 344064]

"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 98394]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 688218]

"Toshiba Hotkey Utility"="c:\program files\Toshiba\Windows Utilities\Hotkey.exe" [2005-08-01 1093632]

"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-05-12 118784]

"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-11-17 1077327]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]

"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-03-09 2769336]

"lxdwmon.exe"="c:\program files\Lexmark 7600 Series\lxdwmon.exe" [2009-10-26 676520]

"EzPrint"="c:\program files\Lexmark 7600 Series\ezprint.exe" [2009-10-26 131752]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Luke\Start Menu\Programs\Startup\

Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-4-19 64864]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\WINDOWS\\system32\\lxdwcoms.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"15920:TCP"= 15920:TCP:BitComet 15920 TCP

"15920:UDP"= 15920:UDP:BitComet 15920 UDP

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [19/02/2009 21:05 162640]

R1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [25/02/2010 19:14 390528]

R1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [15/03/2010 14:47 58984]

R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [15/03/2010 14:47 116328]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 11:25 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [17/02/2010 11:15 66632]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [19/02/2009 21:05 19024]

R2 lxdw_device;lxdw_device;c:\windows\system32\lxdwcoms.exe -service --> c:\windows\system32\lxdwcoms.exe -service [?]

R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [15/03/2010 14:47 779496]

R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 20:19 13592]

R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [04/08/2005 22:09 211200]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29/01/2010 09:33 135664]

S2 lxdwCATSCustConnectService;lxdwCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdwserv.exe [06/03/2010 10:17 98984]

S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [26/02/2010 22:09 36608]

S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [17/02/2010 11:15 12872]

.

Contents of the 'Scheduled Tasks' folder

2010-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 08:33]

2010-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 08:33]

2010-04-13 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]

2010-04-13 c:\windows\Tasks\User_Feed_Synchronization-{CED200F3-B140-4DF1-A4BE-3BA76DD90495}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 04:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.co.uk/

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

FF - ProfilePath - c:\documents and settings\Luke\Application Data\Mozilla\Firefox\Profiles\r3szkjl8.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=

FF - prefs.js: browser.search.selectedEngine - Live Search

FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157

FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=

FF - component: c:\documents and settings\Luke\Application Data\Mozilla\Firefox\Profiles\r3szkjl8.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll

FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll

.

- - - - ORPHANS REMOVED - - - -

HKLM-Run-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe

MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe

MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-04-13 22:35

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(652)

c:\program files\SUPERAntiSpyware\SASWINLO.dll

c:\windows\system32\WININET.dll

c:\windows\system32\Ati2evxx.dll

.

Completion time: 2010-04-13 22:37:09

ComboFix-quarantined-files.txt 2010-04-13 21:37

ComboFix2.txt 2010-04-09 20:37

Pre-Run: 129,291,792,384 bytes free

Post-Run: 129,288,892,416 bytes free

- - End Of File - - E4F9D9980076488172855093591F7EB7

HijackThis -

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:41:07, on 13/04/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\lxdwcoms.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe

C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe

C:\Program Files\Lexmark 7600 Series\lxdwmon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Trusteer\Rapport\bin\RapportService.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Lexmark Printable Web - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (file missing)

O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang en

O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui

O4 - HKLM\..\Run: [lxdwmon.exe] "C:\Program Files\Lexmark 7600 Series\lxdwmon.exe"

O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 7600 Series\ezprint.exe"

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8942.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe (file missing)

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: lxdwCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdwserv.exe

O23 - Service: lxdw_device - - C:\WINDOWS\system32\lxdwcoms.exe

O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

--

End of file - 6813 bytes

Regards,

Michael.

Link to post
Share on other sites

Open Notepad and copy and paste the text in the code box below into it:

KillAll::

Rootkit::
C:\WINDOWS\rundll.exe
C:\WINDOWS\rundll32.exe

Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.

Link to post
Share on other sites

Good evening,

The logs have come out as follows -

ComboFix -

ComboFix 10-04-14.01 - Luke 14/04/2010 18:58:18.3.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1918.1402 [GMT 1:00]

Running from: c:\documents and settings\Luke\Desktop\Combo-Fix.exe

Command switches used :: c:\documents and settings\Luke\Desktop\CFScript.txt

AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

((((((((((((((((((((((((( Files Created from 2010-03-14 to 2010-04-14 )))))))))))))))))))))))))))))))

.

2010-04-13 21:29 . 2010-04-13 21:37 -------- d-----w- C:\Combo-Fix

2010-04-13 20:56 . 2010-04-13 20:56 3584 ----a-r- c:\documents and settings\Luke\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe

2010-04-13 20:56 . 2010-04-13 20:56 -------- d-----w- c:\program files\Windows Installer Clean Up

2010-04-13 20:55 . 2010-04-13 20:55 -------- d-----w- c:\program files\MSECACHE

2010-04-13 17:21 . 2010-04-13 17:21 -------- d-----w- C:\d1f17fb984a8cc1745b8

2010-04-12 22:01 . 2010-04-12 22:01 -------- d-----w- c:\program files\Trend Micro

2010-04-12 19:34 . 2010-04-12 19:34 52224 ----a-w- c:\documents and settings\Luke\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

2010-04-12 19:34 . 2010-04-12 19:34 117760 ----a-w- c:\documents and settings\Luke\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2010-04-12 19:33 . 2010-04-12 19:33 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2010-04-12 19:33 . 2010-04-12 19:33 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-04-12 19:33 . 2010-04-12 19:33 -------- d-----w- c:\documents and settings\Luke\Application Data\SUPERAntiSpyware.com

2010-04-12 19:32 . 2010-04-12 19:32 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2010-04-12 19:20 . 2010-04-12 19:20 -------- d-----w- c:\documents and settings\Luke\Application Data\nCleaner

2010-04-11 10:58 . 2010-04-11 10:58 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2010-04-11 10:37 . 2010-04-13 21:20 -------- dc-h--w- c:\documents and settings\All Users\Application Data\~0

2010-04-11 10:37 . 2010-04-11 10:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2010-04-09 20:29 . 2010-04-09 20:37 -------- d-----w- C:\ComboFix

2010-04-08 21:40 . 2008-04-13 23:12 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll

2010-04-08 21:40 . 2001-08-17 21:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll

2010-04-08 21:39 . 2008-04-13 23:12 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll

2010-04-08 21:39 . 2001-08-17 21:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe

2010-04-08 21:39 . 2001-08-17 21:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe

2010-04-08 21:39 . 2001-08-17 21:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe

2010-04-08 21:39 . 2001-08-17 11:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys

2010-04-08 21:39 . 2004-08-03 21:29 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys

2010-04-08 21:39 . 2008-04-13 17:46 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys

2010-04-08 21:39 . 2004-08-03 21:29 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys

2010-04-08 21:38 . 2008-04-13 23:12 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll

2010-04-08 21:38 . 2008-04-13 17:36 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys

2010-04-08 21:38 . 2004-08-03 21:31 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys

2010-04-08 21:38 . 2001-08-17 11:12 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys

2010-04-08 21:36 . 2004-08-03 21:29 12415 -c--a-w- c:\windows\system32\dllcache\wadv01nt.sys

2010-04-08 21:36 . 2001-08-17 11:13 16925 -c--a-w- c:\windows\system32\dllcache\w940nd.sys

2010-04-08 21:36 . 2001-08-17 11:13 19016 -c--a-w- c:\windows\system32\dllcache\w926nd.sys

2010-04-08 21:36 . 2001-08-17 11:13 19528 -c--a-w- c:\windows\system32\dllcache\w840nd.sys

2010-04-08 21:36 . 2004-08-04 12:00 48256 -c--a-w- c:\windows\system32\dllcache\w32.dll

2010-04-08 21:36 . 2001-08-17 12:28 64605 -c--a-w- c:\windows\system32\dllcache\vvoice.sys

2010-04-08 21:36 . 2001-08-17 12:28 397502 -c--a-w- c:\windows\system32\dllcache\vpctcom.sys

2010-04-08 21:35 . 2001-08-17 12:28 604253 -c--a-w- c:\windows\system32\dllcache\vmodem.sys

2010-04-08 21:35 . 2001-08-17 11:14 249402 -c--a-w- c:\windows\system32\dllcache\vinwm.sys

2010-04-08 21:35 . 2001-08-17 12:49 24576 -c--a-w- c:\windows\system32\dllcache\viairda.sys

2010-04-08 21:35 . 2008-04-13 17:40 5376 -c--a-w- c:\windows\system32\dllcache\viaide.sys

2010-04-08 21:35 . 2008-04-13 23:12 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll

2010-04-08 21:35 . 2001-08-17 12:28 687999 -c--a-w- c:\windows\system32\dllcache\usrwdxjs.sys

2010-04-08 21:35 . 2001-08-17 12:28 765884 -c--a-w- c:\windows\system32\dllcache\usrti.sys

2010-04-08 21:34 . 2001-08-17 12:28 113762 -c--a-w- c:\windows\system32\dllcache\usrpda.sys

2010-04-08 21:34 . 2001-08-17 12:28 7556 -c--a-w- c:\windows\system32\dllcache\usroslba.sys

2010-04-08 21:34 . 2001-08-17 12:28 224802 -c--a-w- c:\windows\system32\dllcache\usr1807a.sys

2010-04-08 21:34 . 2001-08-17 12:28 794399 -c--a-w- c:\windows\system32\dllcache\usr1806v.sys

2010-04-08 21:34 . 2001-08-17 12:28 793598 -c--a-w- c:\windows\system32\dllcache\usr1806.sys

2010-04-08 21:33 . 2001-08-17 12:28 794654 -c--a-w- c:\windows\system32\dllcache\usr1801.sys

2010-04-08 21:33 . 2008-04-13 17:45 20608 -c--a-w- c:\windows\system32\dllcache\usbuhci.sys

2010-04-08 21:33 . 2008-04-13 17:45 26112 -c--a-w- c:\windows\system32\dllcache\usbser.sys

2010-04-08 21:33 . 2008-04-13 17:45 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys

2010-04-08 21:33 . 2004-08-03 21:31 32384 -c--a-w- c:\windows\system32\dllcache\usb101et.sys

2010-04-08 21:33 . 2001-08-17 21:36 94720 -c--a-w- c:\windows\system32\dllcache\umaxud32.dll

2010-04-08 21:33 . 2001-08-17 21:36 28160 -c--a-w- c:\windows\system32\dllcache\umaxu40.dll

2010-04-08 21:33 . 2001-08-17 21:36 26624 -c--a-w- c:\windows\system32\dllcache\umaxu22.dll

2010-04-08 21:33 . 2001-08-17 21:36 69632 -c--a-w- c:\windows\system32\dllcache\umaxu12.dll

2010-04-08 21:32 . 2001-08-17 21:36 50688 -c--a-w- c:\windows\system32\dllcache\umaxscan.dll

2010-04-08 21:32 . 2001-08-17 12:58 22912 -c--a-w- c:\windows\system32\dllcache\umaxpcls.sys

2010-04-08 21:32 . 2001-08-17 21:36 50176 -c--a-w- c:\windows\system32\dllcache\umaxp60.dll

2010-04-08 21:32 . 2001-08-17 21:36 47616 -c--a-w- c:\windows\system32\dllcache\umaxcam.dll

2010-04-08 21:32 . 2001-08-17 21:36 211968 -c--a-w- c:\windows\system32\dllcache\um54scan.dll

2010-04-08 21:32 . 2001-08-17 21:36 216064 -c--a-w- c:\windows\system32\dllcache\um34scan.dll

2010-04-08 21:31 . 2001-08-17 12:52 36736 -c--a-w- c:\windows\system32\dllcache\ultra.sys

2010-04-08 21:31 . 2001-08-17 12:48 11520 -c--a-w- c:\windows\system32\dllcache\twotrack.sys

2010-04-08 21:31 . 2004-08-04 12:00 14336 -c--a-w- c:\windows\system32\dllcache\tsprof.exe

2010-04-08 21:31 . 2001-08-17 11:51 166784 -c--a-w- c:\windows\system32\dllcache\tridxpm.sys

2010-04-08 21:31 . 2001-08-17 21:36 525568 -c--a-w- c:\windows\system32\dllcache\tridxp.dll

2010-04-08 21:31 . 2001-08-17 11:51 159232 -c--a-w- c:\windows\system32\dllcache\tridkbm.sys

2010-04-08 21:30 . 2001-08-17 13:56 440576 -c--a-w- c:\windows\system32\dllcache\tridkb.dll

2010-04-08 21:30 . 2001-08-17 11:51 222336 -c--a-w- c:\windows\system32\dllcache\trid3dm.sys

2010-04-08 21:30 . 2001-08-17 13:56 315520 -c--a-w- c:\windows\system32\dllcache\trid3d.dll

2010-04-08 21:30 . 2001-08-17 11:12 34375 -c--a-w- c:\windows\system32\dllcache\tpro4.sys

2010-04-08 21:30 . 2001-08-17 21:35 42496 -c--a-w- c:\windows\system32\dllcache\tp4res.dll

2010-04-08 21:30 . 2008-04-13 23:12 82944 -c--a-w- c:\windows\system32\dllcache\tp4mon.exe

2010-04-08 21:30 . 2001-08-17 21:36 31744 -c--a-w- c:\windows\system32\dllcache\tp4.dll

2010-04-08 21:29 . 2001-08-17 12:51 4992 -c--a-w- c:\windows\system32\dllcache\toside.sys

2010-04-08 21:29 . 2001-08-17 13:02 230912 -c--a-w- c:\windows\system32\dllcache\tosdvd03.sys

2010-04-08 21:29 . 2001-08-17 13:01 241664 -c--a-w- c:\windows\system32\dllcache\tosdvd02.sys

2010-04-08 21:29 . 2001-08-17 11:10 28232 -c--a-w- c:\windows\system32\dllcache\tos4mo.sys

2010-04-08 21:29 . 2001-08-17 11:14 123995 -c--a-w- c:\windows\system32\dllcache\tjisdn.sys

2010-04-08 21:29 . 2001-08-17 11:51 138528 -c--a-w- c:\windows\system32\dllcache\tgiulnt5.sys

2010-04-08 21:28 . 2001-08-17 13:56 81408 -c--a-w- c:\windows\system32\dllcache\tgiul50.dll

2010-04-08 21:28 . 2008-04-13 17:40 149376 -c--a-w- c:\windows\system32\dllcache\tffsport.sys

2010-04-08 21:28 . 2004-08-04 12:00 19464 -c--a-w- c:\windows\system32\dllcache\tdspx.sys

2010-04-08 21:28 . 2001-08-17 11:13 17129 -c--a-w- c:\windows\system32\dllcache\tdkcd31.sys

2010-04-08 21:28 . 2001-08-17 11:13 37961 -c--a-w- c:\windows\system32\dllcache\tdk100b.sys

2010-04-08 21:28 . 2004-08-04 12:00 21896 -c--a-w- c:\windows\system32\dllcache\tdipx.sys

2010-04-08 21:28 . 2004-08-04 12:00 13192 -c--a-w- c:\windows\system32\dllcache\tdasync.sys

2010-04-08 21:28 . 2001-08-17 12:49 30464 -c--a-w- c:\windows\system32\dllcache\tbatm155.sys

2010-04-08 21:28 . 2001-08-17 12:52 7040 -c--a-w- c:\windows\system32\dllcache\tandqic.sys

2010-04-08 21:27 . 2001-08-17 11:50 36640 -c--a-w- c:\windows\system32\dllcache\t2r4mini.sys

2010-04-08 21:27 . 2001-08-17 13:56 172768 -c--a-w- c:\windows\system32\dllcache\t2r4disp.dll

2010-04-08 21:27 . 2001-08-17 13:07 32640 -c--a-w- c:\windows\system32\dllcache\symc8xx.sys

2010-04-08 21:27 . 2001-08-17 13:07 16256 -c--a-w- c:\windows\system32\dllcache\symc810.sys

2010-04-08 21:27 . 2001-08-17 13:07 30688 -c--a-w- c:\windows\system32\dllcache\sym_u3.sys

2010-04-08 21:27 . 2001-08-17 13:07 28384 -c--a-w- c:\windows\system32\dllcache\sym_hi.sys

2010-04-08 21:27 . 2001-08-17 21:36 94293 -c--a-w- c:\windows\system32\dllcache\sxports.dll

2010-04-08 21:26 . 2001-08-17 12:50 103936 -c--a-w- c:\windows\system32\dllcache\sx.sys

2010-04-08 21:26 . 2001-08-17 13:02 3968 -c--a-w- c:\windows\system32\dllcache\swusbflt.sys

2010-04-08 21:26 . 2001-08-17 21:36 10240 -c--a-w- c:\windows\system32\dllcache\swpidflt.dll

2010-04-08 21:26 . 2001-08-17 21:36 10240 -c--a-w- c:\windows\system32\dllcache\swpdflt2.dll

2010-04-08 21:26 . 2001-08-17 21:36 53760 -c--a-w- c:\windows\system32\dllcache\sw_wheel.dll

2010-04-08 21:26 . 2001-08-17 21:36 41472 -c--a-w- c:\windows\system32\dllcache\sw_effct.dll

2010-04-08 21:26 . 2008-04-13 17:46 15232 -c--a-w- c:\windows\system32\dllcache\streamip.sys

2010-04-08 21:25 . 2001-08-17 21:36 155648 -c--a-w- c:\windows\system32\dllcache\stlnprop.dll

2010-04-08 21:25 . 2001-08-17 21:36 53248 -c--a-w- c:\windows\system32\dllcache\stlncoin.dll

2010-04-08 21:25 . 2001-08-17 11:18 285760 -c--a-w- c:\windows\system32\dllcache\stlnata.sys

2010-04-08 21:25 . 2001-08-17 12:51 16896 -c--a-w- c:\windows\system32\dllcache\stcusb.sys

2010-04-08 21:25 . 2001-08-17 11:11 48736 -c--a-w- c:\windows\system32\dllcache\srwlnd5.sys

2010-04-08 21:25 . 2001-08-17 21:36 99328 -c--a-w- c:\windows\system32\dllcache\srusd.dll

2010-04-08 21:25 . 2004-08-04 12:00 101376 -c--a-w- c:\windows\system32\dllcache\srusbusd.dll

2010-04-08 21:24 . 2001-08-17 21:36 24660 -c--a-w- c:\windows\system32\dllcache\spxupchk.dll

2010-04-08 21:24 . 2001-08-17 12:51 61824 -c--a-w- c:\windows\system32\dllcache\speed.sys

2010-04-08 21:24 . 2001-08-17 21:36 106584 -c--a-w- c:\windows\system32\dllcache\spdports.dll

2010-04-08 21:24 . 2001-08-17 13:07 19072 -c--a-w- c:\windows\system32\dllcache\sparrow.sys

2010-04-08 21:24 . 2001-08-17 12:56 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys

2010-04-08 21:24 . 2001-08-17 11:51 37040 -c--a-w- c:\windows\system32\dllcache\sonypi.sys

2010-04-08 21:22 . 2001-08-17 11:12 25034 -c--a-w- c:\windows\system32\dllcache\smcpwr2n.sys

2010-04-08 21:22 . 2001-08-17 11:10 35913 -c--a-w- c:\windows\system32\dllcache\smcirda.sys

2010-04-08 21:22 . 2001-08-17 11:12 24576 -c--a-w- c:\windows\system32\dllcache\smc8000n.sys

2010-04-08 21:22 . 2001-08-17 12:57 6784 -c--a-w- c:\windows\system32\dllcache\smbhc.sys

2010-04-08 21:22 . 2008-04-13 17:36 6912 -c--a-w- c:\windows\system32\dllcache\smbclass.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-04-11 08:41 . 2009-03-04 17:40 -------- d-----w- c:\program files\Google

2010-04-07 20:58 . 2009-02-21 10:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-04-07 20:54 . 2010-02-12 21:24 5918776 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2010-03-29 23:46 . 2009-02-21 10:25 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-03-29 23:45 . 2009-02-21 10:25 20824 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-03-20 21:18 . 2009-02-20 21:26 1 ----a-w- c:\documents and settings\Luke\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys

2010-03-09 11:24 . 2009-02-19 20:04 153184 ----a-w- c:\windows\system32\aswBoot.exe

2010-03-09 11:12 . 2009-02-19 20:05 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2010-03-09 11:12 . 2009-02-19 20:05 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys

2010-03-09 11:09 . 2009-02-19 20:05 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2010-03-09 11:08 . 2009-02-19 20:05 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2010-03-09 11:08 . 2009-02-19 20:05 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys

2010-03-09 11:08 . 2009-02-19 20:05 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2010-03-09 11:08 . 2009-02-19 20:05 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2010-03-08 21:41 . 2010-03-08 21:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Lexmark 7600 Series

2010-03-06 09:18 . 2010-03-06 09:16 -------- d-----w- c:\program files\Lexmark 7600 Series

2010-03-06 09:17 . 2010-03-06 09:17 -------- d-----w- c:\program files\Lexmark Toolbar

2010-03-06 09:17 . 2010-03-06 09:17 -------- d-----w- c:\program files\Lexmark Printable Web

2010-02-26 21:44 . 2010-02-26 21:08 -------- d-----w- c:\documents and settings\Luke\Application Data\Samsung

2010-02-26 21:44 . 2005-08-04 13:31 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-02-26 21:12 . 2010-02-26 21:12 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite

2010-02-26 21:12 . 2010-02-26 21:12 -------- d-----w- c:\documents and settings\Luke\Application Data\PC Suite

2010-02-26 21:09 . 2010-02-26 21:09 -------- d-----w- c:\program files\DIFX

2010-02-26 21:05 . 2009-02-19 20:03 -------- d-----w- c:\program files\Common Files\Adobe

2010-02-25 18:14 . 2010-02-25 18:14 390528 ----a-w- c:\windows\system32\drivers\RapportBuka.sys

2010-02-25 18:14 . 2010-02-25 18:14 390528 ----a-w- c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportBukaBroom\13897\RapportBuka.sys

2010-02-25 18:14 . 2010-02-25 18:14 249856 ----a-w- c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportBukaBroom\13897\RapportBukaBroom.dll

2010-02-25 06:24 . 2005-08-04 11:21 916480 ------w- c:\windows\system32\wininet.dll

2010-02-24 11:29 . 2010-04-08 18:38 -------- d-----w- c:\documents and settings\Administrator\Application Data\Trusteer

2010-02-24 10:16 . 2009-12-15 17:30 181632 ------w- c:\windows\system32\MpSigStub.exe

2010-02-19 21:14 . 2009-02-22 14:19 -------- d-----w- c:\program files\Windows Live

2010-02-17 21:27 . 2010-02-17 21:27 -------- d-----w- c:\program files\Atheros

2010-02-17 21:26 . 2010-02-17 21:26 -------- d-----w- c:\documents and settings\Luke\Application Data\InstallShield

2010-02-17 21:02 . 2010-02-17 21:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Atheros

2010-02-17 20:43 . 2005-08-05 06:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec

2010-02-17 20:42 . 2010-02-12 20:09 -------- d-----w- c:\program files\Common Files\Symantec Shared

2010-02-11 18:53 . 2009-02-19 20:05 38848 ----a-w- c:\windows\system32\avastSS.scr

2009-08-08 11:48 . 2009-08-08 11:47 18015723 ----a-w- c:\program files\vlc-1.0.1-win32.exe

2009-07-22 06:21 . 2009-07-22 06:19 17828326 ----a-w- c:\program files\vlc-1.0.0-win32.exe

2009-06-20 20:30 . 2009-06-20 20:29 16742799 ----a-w- c:\program files\vlc-0.9.9-win32.exe

2009-03-04 18:09 . 2009-03-04 18:07 16320472 ----a-w- c:\program files\vlc-0.9.8a-win32.exe

2009-03-04 18:07 . 2009-03-04 18:06 1234120 ----a-w- c:\program files\wrar380.exe

.

((((((((((((((((((((((((((((( SnapShot_2010-04-13_21.35.17 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-04-14 18:05 . 2010-04-14 18:05 16384 c:\windows\Temp\Perflib_Perfdata_db4.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-28 344064]

"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 98394]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 688218]

"Toshiba Hotkey Utility"="c:\program files\Toshiba\Windows Utilities\Hotkey.exe" [2005-08-01 1093632]

"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-05-12 118784]

"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-11-17 1077327]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]

"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-03-09 2769336]

"lxdwmon.exe"="c:\program files\Lexmark 7600 Series\lxdwmon.exe" [2009-10-26 676520]

"EzPrint"="c:\program files\Lexmark 7600 Series\ezprint.exe" [2009-10-26 131752]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Luke\Start Menu\Programs\Startup\

Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-4-19 64864]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\WINDOWS\\system32\\lxdwcoms.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"15920:TCP"= 15920:TCP:BitComet 15920 TCP

"15920:UDP"= 15920:UDP:BitComet 15920 UDP

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [19/02/2009 21:05 162640]

R1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [25/02/2010 19:14 390528]

R1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [15/03/2010 14:47 58984]

R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [15/03/2010 14:47 116328]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 11:25 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [17/02/2010 11:15 66632]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [19/02/2009 21:05 19024]

R2 lxdw_device;lxdw_device;c:\windows\system32\lxdwcoms.exe -service --> c:\windows\system32\lxdwcoms.exe -service [?]

R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [15/03/2010 14:47 779496]

R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 20:19 13592]

R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [04/08/2005 22:09 211200]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29/01/2010 09:33 135664]

S2 lxdwCATSCustConnectService;lxdwCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdwserv.exe [06/03/2010 10:17 98984]

S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [26/02/2010 22:09 36608]

S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [17/02/2010 11:15 12872]

.

Contents of the 'Scheduled Tasks' folder

2010-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 08:33]

2010-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 08:33]

2010-04-14 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]

2010-04-14 c:\windows\Tasks\User_Feed_Synchronization-{CED200F3-B140-4DF1-A4BE-3BA76DD90495}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 04:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.co.uk/

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

FF - ProfilePath - c:\documents and settings\Luke\Application Data\Mozilla\Firefox\Profiles\r3szkjl8.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=

FF - prefs.js: browser.search.selectedEngine - Live Search

FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157

FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=

FF - component: c:\documents and settings\Luke\Application Data\Mozilla\Firefox\Profiles\r3szkjl8.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-04-14 19:05

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(660)

c:\program files\SUPERAntiSpyware\SASWINLO.dll

c:\windows\system32\WININET.dll

c:\windows\system32\Ati2evxx.dll

c:\windows\system32\COMRes.dll

- - - - - - - > 'explorer.exe'(6068)

c:\windows\system32\WININET.dll

c:\program files\Trusteer\Rapport\bin\rooksbas.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\program files\Alwil Software\Avast5\AvastSvc.exe

c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\windows\system32\lxdwcoms.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\windows\system32\Ati2evxx.exe

.

**************************************************************************

.

Completion time: 2010-04-14 19:09:23 - machine was rebooted

ComboFix-quarantined-files.txt 2010-04-14 18:09

ComboFix2.txt 2010-04-13 21:37

ComboFix3.txt 2010-04-09 20:37

Pre-Run: 129,192,161,280 bytes free

Post-Run: 129,152,323,584 bytes free

- - End Of File - - 512541965B7300DE500798B750F29D32

HijackThis -

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:22:52, on 14/04/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\lxdwcoms.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Trusteer\Rapport\bin\RapportService.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe

C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe

C:\Program Files\Lexmark 7600 Series\lxdwmon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Lexmark 7600 Series\ezprint.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Lexmark Printable Web - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (file missing)

O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang en

O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui

O4 - HKLM\..\Run: [lxdwmon.exe] "C:\Program Files\Lexmark 7600 Series\lxdwmon.exe"

O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 7600 Series\ezprint.exe"

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8942.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe (file missing)

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: lxdwCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdwserv.exe

O23 - Service: lxdw_device - - C:\WINDOWS\system32\lxdwcoms.exe

O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

--

End of file - 6831 bytes

Regards,

Michael.

Link to post
Share on other sites

Good evening,

Sadly its no different :-(

First MBAM Scan -

Malwarebytes' Anti-Malware 1.45

www.malwarebytes.org

Database version: 3988

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

14/04/2010 20:18:00

mbam-log-2010-04-14 (20-18-00).txt

Scan type: Quick scan

Objects scanned: 110047

Time elapsed: 5 minute(s), 52 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\rundll.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\rundll32.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

Second MBAM Scan -

Malwarebytes' Anti-Malware 1.45

www.malwarebytes.org

Database version: 3988

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

14/04/2010 20:29:12

mbam-log-2010-04-14 (20-29-12).txt

Scan type: Quick scan

Objects scanned: 110045

Time elapsed: 5 minute(s), 25 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\rundll.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\rundll32.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

HijackThis - (023 Java entry wont delete)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:32:33, on 14/04/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\lxdwcoms.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Trusteer\Rapport\bin\RapportService.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe

C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe

C:\Program Files\Lexmark 7600 Series\lxdwmon.exe

C:\Program Files\Lexmark 7600 Series\ezprint.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Lexmark Printable Web - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll

O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang en

O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui

O4 - HKLM\..\Run: [lxdwmon.exe] "C:\Program Files\Lexmark 7600 Series\lxdwmon.exe"

O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 7600 Series\ezprint.exe"

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8942.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe (file missing)

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: lxdwCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdwserv.exe

O23 - Service: lxdw_device - - C:\WINDOWS\system32\lxdwcoms.exe

O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

--

End of file - 6557 bytes

Regards,

Michael.

Link to post
Share on other sites

Good evening,

I had (before posting anything on this site) run a scan in safe mode with the same 2 items being found.

Anyway, tonight I ran a scan whilst in safe mode in the users profile (this account is and always has been an 'Administrator' to the machine) it found the 2 items again. I took a HijackThis report of this.

I did not remove these items, but instead logged off and went into 'Administrator' in safe model. Malwarebytes found nothing. I took a HijackThis report from this profile.

I then went back into the users profile, ran Malwarebytes again which found the 2 items. So, I, removed the items and rebooted.

Now the items are completely gone!!!!!

Here are the HijackThis reports incase they help you in the future -

Administrators -

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:01:37, on 15/04/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Safe mode with network support

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\userinit.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.co.uk

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://g.msn.co.uk/8SEENGB020100/FRWCompleteAddIns

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Lexmark Printable Web - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll

O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang en

O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui

O4 - HKLM\..\Run: [lxdwmon.exe] "C:\Program Files\Lexmark 7600 Series\lxdwmon.exe"

O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 7600 Series\ezprint.exe"

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8942.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe (file missing)

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: lxdwCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdwserv.exe

O23 - Service: lxdw_device - - C:\WINDOWS\system32\lxdwcoms.exe

O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

--

End of file - 5774 bytes

Users Profile -

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:00:56, on 15/04/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Safe mode with network support

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Lexmark Printable Web - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll

O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang en

O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui

O4 - HKLM\..\Run: [lxdwmon.exe] "C:\Program Files\Lexmark 7600 Series\lxdwmon.exe"

O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 7600 Series\ezprint.exe"

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8942.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe (file missing)

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: lxdwCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdwserv.exe

O23 - Service: lxdw_device - - C:\WINDOWS\system32\lxdwcoms.exe

O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

--

End of file - 5315 bytes

I would just like to finish with saying thank you very much for all your help. It has certainly been a learning curve!!!

Regards,

Michael.

Link to post
Share on other sites

One other thing ...

I have just gone into Control Panel only to find none of the applets in there open - and that it complains rundll32.exe cannot be found.

Therefore I have just put the XP CD in, opened CMD (Start - Run - CMD) and have executed the following -

C:\>expand D:\i386\rundll32.ex_ c:\windows\system32\rundll32.exe

Which has worked fine.

Regards,

Michael.

Link to post
Share on other sites

Sorry, I was adding posts without refreshing the thread so did not see your requests.

I had just reloaded Adobe Reader and Java when they re-appeared.

MBAM logs for tonight as follows -

Malwarebytes' Anti-Malware 1.45

www.malwarebytes.org

Database version: 3992

Windows 5.1.2600 Service Pack 3 (Safe Mode)

Internet Explorer 8.0.6001.18702

15/04/2010 20:10:51

mbam-log-2010-04-15 (20-10-51).txt

Scan type: Quick scan

Objects scanned: 109230

Time elapsed: 3 minute(s), 6 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\rundll.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\rundll32.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

Malwarebytes' Anti-Malware 1.45

www.malwarebytes.org

Database version: 3992

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

15/04/2010 20:26:52

mbam-log-2010-04-15 (20-26-52).txt

Scan type: Quick scan

Objects scanned: 110344

Time elapsed: 5 minute(s), 25 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Malwarebytes' Anti-Malware 1.45

www.malwarebytes.org

Database version: 3992

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

15/04/2010 20:58:40

mbam-log-2010-04-15 (20-58-40).txt

Scan type: Full scan (C:\|)

Objects scanned: 162601

Time elapsed: 31 minute(s), 28 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Malwarebytes' Anti-Malware 1.45

www.malwarebytes.org

Database version: 3993

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

15/04/2010 22:42:24

mbam-log-2010-04-15 (22-42-24).txt

Scan type: Full scan (C:\|)

Objects scanned: 162189

Time elapsed: 32 minute(s), 24 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\rundll.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\rundll32.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

HijackThis -

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:49:47, on 15/04/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe

C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe

C:\Program Files\Lexmark 7600 Series\lxdwmon.exe

C:\Program Files\Lexmark 7600 Series\ezprint.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\lxdwcoms.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trusteer\Rapport\bin\RapportService.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Lexmark Printable Web - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll

O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang en

O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui

O4 - HKLM\..\Run: [lxdwmon.exe] "C:\Program Files\Lexmark 7600 Series\lxdwmon.exe"

O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 7600 Series\ezprint.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll (file missing)

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe (file missing)

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: lxdwCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdwserv.exe

O23 - Service: lxdw_device - - C:\WINDOWS\system32\lxdwcoms.exe

O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

--

End of file - 7379 bytes

Regards,

Michael.

Link to post
Share on other sites

Open Notepad and copy and paste the text in the code box below into it:

KillAll::

File::
C:\WINDOWS\rundll.exe
C:\WINDOWS\rundll32.exe

Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.

Link to post
Share on other sites

Hi,

ComboFix report as follows -

ComboFix 10-04-17.02 - Luke 18/04/2010 9:42.4.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1918.1414 [GMT 1:00]

Running from: c:\documents and settings\Luke\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Luke\Desktop\CFScript.txt

AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::

"c:\windows\rundll.exe"

"c:\windows\rundll32.exe"

.

((((((((((((((((((((((((( Files Created from 2010-03-18 to 2010-04-18 )))))))))))))))))))))))))))))))

.

2010-04-15 20:30 . 2010-02-01 01:45 38784 ----a-w- c:\documents and settings\Luke\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

2010-04-15 20:30 . 2010-04-15 20:30 -------- d-----w- c:\program files\Common Files\Adobe AIR

2010-04-15 20:29 . 2010-04-15 20:29 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe

2010-04-15 20:28 . 2010-04-15 20:39 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

2010-04-15 20:27 . 2010-04-15 20:27 -------- d-----w- c:\program files\Common Files\Java

2010-04-15 20:23 . 2010-04-12 16:29 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-04-15 20:23 . 2010-04-15 20:23 -------- d-----w- c:\program files\Java

2010-04-15 20:18 . 2004-08-03 23:56 33280 -c--a-w- c:\windows\system32\dllcache\rundll32.exe

2010-04-15 20:18 . 2004-08-03 23:56 33280 ----a-w- c:\windows\system32\rundll32.exe

2010-04-14 19:01 . 2010-03-29 23:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-14 19:01 . 2010-04-14 19:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-04-14 19:01 . 2010-03-29 23:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-04-13 20:55 . 2010-04-15 20:22 -------- d-----w- c:\program files\MSECACHE

2010-04-13 17:21 . 2010-04-13 17:21 -------- d-----w- C:\d1f17fb984a8cc1745b8

2010-04-12 22:01 . 2010-04-12 22:01 -------- d-----w- c:\program files\Trend Micro

2010-04-12 19:33 . 2010-04-12 19:33 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2010-04-12 19:33 . 2010-04-15 20:19 -------- d-----w- c:\documents and settings\Luke\Application Data\SUPERAntiSpyware.com

2010-04-12 19:33 . 2010-04-15 20:19 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-04-11 10:58 . 2010-04-11 10:58 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2010-04-11 10:37 . 2010-04-13 21:20 -------- dc-h--w- c:\documents and settings\All Users\Application Data\~0

2010-04-11 10:37 . 2010-04-11 10:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2010-04-08 21:40 . 2008-04-13 23:12 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll

2010-04-08 21:40 . 2001-08-17 21:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll

2010-04-08 21:39 . 2008-04-13 23:12 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll

2010-04-08 21:39 . 2001-08-17 21:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe

2010-04-08 21:39 . 2001-08-17 21:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe

2010-04-08 21:39 . 2001-08-17 21:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe

2010-04-08 21:39 . 2001-08-17 11:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys

2010-04-08 21:39 . 2004-08-03 21:29 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys

2010-04-08 21:39 . 2008-04-13 17:46 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys

2010-04-08 21:39 . 2004-08-03 21:29 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys

2010-04-08 21:38 . 2008-04-13 23:12 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll

2010-04-08 21:38 . 2008-04-13 17:36 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys

2010-04-08 21:38 . 2004-08-03 21:31 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys

2010-04-08 21:38 . 2001-08-17 11:12 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys

2010-04-08 21:36 . 2004-08-03 21:29 12415 -c--a-w- c:\windows\system32\dllcache\wadv01nt.sys

2010-04-08 21:36 . 2001-08-17 11:13 16925 -c--a-w- c:\windows\system32\dllcache\w940nd.sys

2010-04-08 21:36 . 2001-08-17 11:13 19016 -c--a-w- c:\windows\system32\dllcache\w926nd.sys

2010-04-08 21:36 . 2001-08-17 11:13 19528 -c--a-w- c:\windows\system32\dllcache\w840nd.sys

2010-04-08 21:36 . 2004-08-04 12:00 48256 -c--a-w- c:\windows\system32\dllcache\w32.dll

2010-04-08 21:36 . 2001-08-17 12:28 64605 -c--a-w- c:\windows\system32\dllcache\vvoice.sys

2010-04-08 21:36 . 2001-08-17 12:28 397502 -c--a-w- c:\windows\system32\dllcache\vpctcom.sys

2010-04-08 21:35 . 2001-08-17 12:28 604253 -c--a-w- c:\windows\system32\dllcache\vmodem.sys

2010-04-08 21:35 . 2001-08-17 11:14 249402 -c--a-w- c:\windows\system32\dllcache\vinwm.sys

2010-04-08 21:35 . 2001-08-17 12:49 24576 -c--a-w- c:\windows\system32\dllcache\viairda.sys

2010-04-08 21:35 . 2008-04-13 17:40 5376 -c--a-w- c:\windows\system32\dllcache\viaide.sys

2010-04-08 21:35 . 2008-04-13 23:12 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll

2010-04-08 21:35 . 2001-08-17 12:28 687999 -c--a-w- c:\windows\system32\dllcache\usrwdxjs.sys

2010-04-08 21:35 . 2001-08-17 12:28 765884 -c--a-w- c:\windows\system32\dllcache\usrti.sys

2010-04-08 21:34 . 2001-08-17 12:28 113762 -c--a-w- c:\windows\system32\dllcache\usrpda.sys

2010-04-08 21:34 . 2001-08-17 12:28 7556 -c--a-w- c:\windows\system32\dllcache\usroslba.sys

2010-04-08 21:34 . 2001-08-17 12:28 224802 -c--a-w- c:\windows\system32\dllcache\usr1807a.sys

2010-04-08 21:34 . 2001-08-17 12:28 794399 -c--a-w- c:\windows\system32\dllcache\usr1806v.sys

2010-04-08 21:34 . 2001-08-17 12:28 793598 -c--a-w- c:\windows\system32\dllcache\usr1806.sys

2010-04-08 21:33 . 2001-08-17 12:28 794654 -c--a-w- c:\windows\system32\dllcache\usr1801.sys

2010-04-08 21:33 . 2008-04-13 17:45 20608 -c--a-w- c:\windows\system32\dllcache\usbuhci.sys

2010-04-08 21:33 . 2008-04-13 17:45 26112 -c--a-w- c:\windows\system32\dllcache\usbser.sys

2010-04-08 21:33 . 2008-04-13 17:45 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys

2010-04-08 21:33 . 2004-08-03 21:31 32384 -c--a-w- c:\windows\system32\dllcache\usb101et.sys

2010-04-08 21:33 . 2001-08-17 21:36 94720 -c--a-w- c:\windows\system32\dllcache\umaxud32.dll

2010-04-08 21:33 . 2001-08-17 21:36 28160 -c--a-w- c:\windows\system32\dllcache\umaxu40.dll

2010-04-08 21:33 . 2001-08-17 21:36 26624 -c--a-w- c:\windows\system32\dllcache\umaxu22.dll

2010-04-08 21:33 . 2001-08-17 21:36 69632 -c--a-w- c:\windows\system32\dllcache\umaxu12.dll

2010-04-08 21:32 . 2001-08-17 21:36 50688 -c--a-w- c:\windows\system32\dllcache\umaxscan.dll

2010-04-08 21:32 . 2001-08-17 12:58 22912 -c--a-w- c:\windows\system32\dllcache\umaxpcls.sys

2010-04-08 21:32 . 2001-08-17 21:36 50176 -c--a-w- c:\windows\system32\dllcache\umaxp60.dll

2010-04-08 21:32 . 2001-08-17 21:36 47616 -c--a-w- c:\windows\system32\dllcache\umaxcam.dll

2010-04-08 21:32 . 2001-08-17 21:36 211968 -c--a-w- c:\windows\system32\dllcache\um54scan.dll

2010-04-08 21:32 . 2001-08-17 21:36 216064 -c--a-w- c:\windows\system32\dllcache\um34scan.dll

2010-04-08 21:31 . 2001-08-17 12:52 36736 -c--a-w- c:\windows\system32\dllcache\ultra.sys

2010-04-08 21:31 . 2001-08-17 12:48 11520 -c--a-w- c:\windows\system32\dllcache\twotrack.sys

2010-04-08 21:31 . 2004-08-04 12:00 14336 -c--a-w- c:\windows\system32\dllcache\tsprof.exe

2010-04-08 21:31 . 2001-08-17 11:51 166784 -c--a-w- c:\windows\system32\dllcache\tridxpm.sys

2010-04-08 21:31 . 2001-08-17 21:36 525568 -c--a-w- c:\windows\system32\dllcache\tridxp.dll

2010-04-08 21:31 . 2001-08-17 11:51 159232 -c--a-w- c:\windows\system32\dllcache\tridkbm.sys

2010-04-08 21:30 . 2001-08-17 13:56 440576 -c--a-w- c:\windows\system32\dllcache\tridkb.dll

2010-04-08 21:30 . 2001-08-17 11:51 222336 -c--a-w- c:\windows\system32\dllcache\trid3dm.sys

2010-04-08 21:30 . 2001-08-17 13:56 315520 -c--a-w- c:\windows\system32\dllcache\trid3d.dll

2010-04-08 21:30 . 2001-08-17 11:12 34375 -c--a-w- c:\windows\system32\dllcache\tpro4.sys

2010-04-08 21:30 . 2001-08-17 21:35 42496 -c--a-w- c:\windows\system32\dllcache\tp4res.dll

2010-04-08 21:30 . 2008-04-13 23:12 82944 -c--a-w- c:\windows\system32\dllcache\tp4mon.exe

2010-04-08 21:30 . 2001-08-17 21:36 31744 -c--a-w- c:\windows\system32\dllcache\tp4.dll

2010-04-08 21:29 . 2001-08-17 12:51 4992 -c--a-w- c:\windows\system32\dllcache\toside.sys

2010-04-08 21:29 . 2001-08-17 13:02 230912 -c--a-w- c:\windows\system32\dllcache\tosdvd03.sys

2010-04-08 21:29 . 2001-08-17 13:01 241664 -c--a-w- c:\windows\system32\dllcache\tosdvd02.sys

2010-04-08 21:29 . 2001-08-17 11:10 28232 -c--a-w- c:\windows\system32\dllcache\tos4mo.sys

2010-04-08 21:29 . 2001-08-17 11:14 123995 -c--a-w- c:\windows\system32\dllcache\tjisdn.sys

2010-04-08 21:29 . 2001-08-17 11:51 138528 -c--a-w- c:\windows\system32\dllcache\tgiulnt5.sys

2010-04-08 21:28 . 2001-08-17 13:56 81408 -c--a-w- c:\windows\system32\dllcache\tgiul50.dll

2010-04-08 21:28 . 2008-04-13 17:40 149376 -c--a-w- c:\windows\system32\dllcache\tffsport.sys

2010-04-08 21:28 . 2004-08-04 12:00 19464 -c--a-w- c:\windows\system32\dllcache\tdspx.sys

2010-04-08 21:28 . 2001-08-17 11:13 17129 -c--a-w- c:\windows\system32\dllcache\tdkcd31.sys

2010-04-08 21:28 . 2001-08-17 11:13 37961 -c--a-w- c:\windows\system32\dllcache\tdk100b.sys

2010-04-08 21:28 . 2004-08-04 12:00 21896 -c--a-w- c:\windows\system32\dllcache\tdipx.sys

2010-04-08 21:28 . 2004-08-04 12:00 13192 -c--a-w- c:\windows\system32\dllcache\tdasync.sys

2010-04-08 21:28 . 2001-08-17 12:49 30464 -c--a-w- c:\windows\system32\dllcache\tbatm155.sys

2010-04-08 21:28 . 2001-08-17 12:52 7040 -c--a-w- c:\windows\system32\dllcache\tandqic.sys

2010-04-08 21:27 . 2001-08-17 11:50 36640 -c--a-w- c:\windows\system32\dllcache\t2r4mini.sys

2010-04-08 21:27 . 2001-08-17 13:56 172768 -c--a-w- c:\windows\system32\dllcache\t2r4disp.dll

2010-04-08 21:27 . 2001-08-17 13:07 32640 -c--a-w- c:\windows\system32\dllcache\symc8xx.sys

2010-04-08 21:27 . 2001-08-17 13:07 16256 -c--a-w- c:\windows\system32\dllcache\symc810.sys

2010-04-08 21:27 . 2001-08-17 13:07 30688 -c--a-w- c:\windows\system32\dllcache\sym_u3.sys

2010-04-08 21:27 . 2001-08-17 13:07 28384 -c--a-w- c:\windows\system32\dllcache\sym_hi.sys

2010-04-08 21:27 . 2001-08-17 21:36 94293 -c--a-w- c:\windows\system32\dllcache\sxports.dll

2010-04-08 21:26 . 2001-08-17 12:50 103936 -c--a-w- c:\windows\system32\dllcache\sx.sys

2010-04-08 21:26 . 2001-08-17 13:02 3968 -c--a-w- c:\windows\system32\dllcache\swusbflt.sys

2010-04-08 21:26 . 2001-08-17 21:36 10240 -c--a-w- c:\windows\system32\dllcache\swpidflt.dll

2010-04-08 21:26 . 2001-08-17 21:36 10240 -c--a-w- c:\windows\system32\dllcache\swpdflt2.dll

2010-04-08 21:26 . 2001-08-17 21:36 53760 -c--a-w- c:\windows\system32\dllcache\sw_wheel.dll

2010-04-08 21:26 . 2001-08-17 21:36 41472 -c--a-w- c:\windows\system32\dllcache\sw_effct.dll

2010-04-08 21:26 . 2008-04-13 17:46 15232 -c--a-w- c:\windows\system32\dllcache\streamip.sys

2010-04-08 21:25 . 2001-08-17 21:36 155648 -c--a-w- c:\windows\system32\dllcache\stlnprop.dll

2010-04-08 21:25 . 2001-08-17 21:36 53248 -c--a-w- c:\windows\system32\dllcache\stlncoin.dll

2010-04-08 21:25 . 2001-08-17 11:18 285760 -c--a-w- c:\windows\system32\dllcache\stlnata.sys

2010-04-08 21:25 . 2001-08-17 12:51 16896 -c--a-w- c:\windows\system32\dllcache\stcusb.sys

2010-04-08 21:25 . 2001-08-17 11:11 48736 -c--a-w- c:\windows\system32\dllcache\srwlnd5.sys

2010-04-08 21:25 . 2001-08-17 21:36 99328 -c--a-w- c:\windows\system32\dllcache\srusd.dll

2010-04-08 21:25 . 2004-08-04 12:00 101376 -c--a-w- c:\windows\system32\dllcache\srusbusd.dll

2010-04-08 21:24 . 2001-08-17 21:36 24660 -c--a-w- c:\windows\system32\dllcache\spxupchk.dll

2010-04-08 21:24 . 2001-08-17 12:51 61824 -c--a-w- c:\windows\system32\dllcache\speed.sys

2010-04-08 21:24 . 2001-08-17 21:36 106584 -c--a-w- c:\windows\system32\dllcache\spdports.dll

2010-04-08 21:24 . 2001-08-17 13:07 19072 -c--a-w- c:\windows\system32\dllcache\sparrow.sys

2010-04-08 21:24 . 2001-08-17 12:56 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys

2010-04-08 21:24 . 2001-08-17 11:51 37040 -c--a-w- c:\windows\system32\dllcache\sonypi.sys

2010-04-08 21:22 . 2001-08-17 11:12 25034 -c--a-w- c:\windows\system32\dllcache\smcpwr2n.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-04-15 20:33 . 2009-02-19 20:03 -------- d-----w- c:\program files\Common Files\Adobe

2010-04-15 20:23 . 2010-04-15 20:23 0 ----a-w- c:\windows\system32\REN77.tmp

2010-04-15 20:23 . 2010-04-15 20:23 0 ----a-w- c:\windows\system32\REN76.tmp

2010-04-15 20:23 . 2010-04-15 20:23 0 ----a-w- c:\windows\system32\REN75.tmp

2010-04-14 16:47 . 2009-02-19 20:05 38848 ----a-w- c:\windows\system32\avastSS.scr

2010-04-14 16:47 . 2009-02-19 20:04 153184 ----a-w- c:\windows\system32\aswBoot.exe

2010-04-14 16:35 . 2009-02-19 20:05 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2010-04-14 16:35 . 2009-02-19 20:05 162768 ----a-w- c:\windows\system32\drivers\aswSP.sys

2010-04-14 16:31 . 2009-02-19 20:05 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2010-04-14 16:31 . 2009-02-19 20:05 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2010-04-14 16:31 . 2009-02-19 20:05 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys

2010-04-14 16:31 . 2009-02-19 20:05 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2010-04-14 16:30 . 2009-02-19 20:05 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2010-04-11 08:41 . 2009-03-04 17:40 -------- d-----w- c:\program files\Google

2010-03-20 21:18 . 2009-02-20 21:26 1 ----a-w- c:\documents and settings\Luke\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys

2010-03-10 06:15 . 2005-08-04 11:21 420352 ----a-w- c:\windows\system32\vbscript.dll

2010-03-08 21:41 . 2010-03-08 21:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Lexmark 7600 Series

2010-03-06 09:18 . 2010-03-06 09:16 -------- d-----w- c:\program files\Lexmark 7600 Series

2010-03-06 09:17 . 2010-03-06 09:17 -------- d-----w- c:\program files\Lexmark Toolbar

2010-03-06 09:17 . 2010-03-06 09:17 -------- d-----w- c:\program files\Lexmark Printable Web

2010-02-26 21:44 . 2010-02-26 21:08 -------- d-----w- c:\documents and settings\Luke\Application Data\Samsung

2010-02-26 21:44 . 2005-08-04 13:31 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-02-26 21:12 . 2010-02-26 21:12 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite

2010-02-26 21:12 . 2010-02-26 21:12 -------- d-----w- c:\documents and settings\Luke\Application Data\PC Suite

2010-02-26 21:09 . 2010-02-26 21:09 -------- d-----w- c:\program files\DIFX

2010-02-25 18:14 . 2010-02-25 18:14 390528 ----a-w- c:\windows\system32\drivers\RapportBuka.sys

2010-02-25 18:14 . 2010-02-25 18:14 390528 ----a-w- c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportBukaBroom\13897\RapportBuka.sys

2010-02-25 18:14 . 2010-02-25 18:14 249856 ----a-w- c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportBukaBroom\13897\RapportBukaBroom.dll

2010-02-25 06:24 . 2005-08-04 11:21 916480 ------w- c:\windows\system32\wininet.dll

2010-02-24 13:11 . 2005-08-04 11:21 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2010-02-24 11:29 . 2010-04-08 18:38 -------- d-----w- c:\documents and settings\Administrator\Application Data\Trusteer

2010-02-24 10:16 . 2009-12-15 17:30 181632 ------w- c:\windows\system32\MpSigStub.exe

2010-02-19 21:14 . 2009-02-22 14:19 -------- d-----w- c:\program files\Windows Live

2010-02-17 21:27 . 2010-02-17 21:27 -------- d-----w- c:\program files\Atheros

2010-02-17 21:26 . 2010-02-17 21:26 -------- d-----w- c:\documents and settings\Luke\Application Data\InstallShield

2010-02-17 21:02 . 2010-02-17 21:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Atheros

2010-02-17 20:43 . 2005-08-05 06:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec

2010-02-17 20:42 . 2010-02-12 20:09 -------- d-----w- c:\program files\Common Files\Symantec Shared

2010-02-17 08:10 . 2005-08-04 11:21 2189952 ------w- c:\windows\system32\ntoskrnl.exe

2010-02-16 13:25 . 2004-08-03 22:59 2066816 ------w- c:\windows\system32\ntkrnlpa.exe

2010-02-12 04:33 . 2005-08-04 11:20 100864 ----a-w- c:\windows\system32\6to4svc.dll

2010-02-11 12:02 . 2005-08-04 11:21 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys

2009-08-08 11:48 . 2009-08-08 11:47 18015723 ----a-w- c:\program files\vlc-1.0.1-win32.exe

2009-07-22 06:21 . 2009-07-22 06:19 17828326 ----a-w- c:\program files\vlc-1.0.0-win32.exe

2009-06-20 20:30 . 2009-06-20 20:29 16742799 ----a-w- c:\program files\vlc-0.9.9-win32.exe

2009-03-04 18:09 . 2009-03-04 18:07 16320472 ----a-w- c:\program files\vlc-0.9.8a-win32.exe

2009-03-04 18:07 . 2009-03-04 18:06 1234120 ----a-w- c:\program files\wrar380.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-28 344064]

"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 98394]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 688218]

"Toshiba Hotkey Utility"="c:\program files\Toshiba\Windows Utilities\Hotkey.exe" [2005-08-01 1093632]

"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-05-12 118784]

"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-11-17 1077327]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]

"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-04-14 2790472]

"lxdwmon.exe"="c:\program files\Lexmark 7600 Series\lxdwmon.exe" [2009-10-26 676520]

"EzPrint"="c:\program files\Lexmark 7600 Series\ezprint.exe" [2009-10-26 131752]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Luke\Start Menu\Programs\Startup\

Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-4-19 64864]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\WINDOWS\\system32\\lxdwcoms.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"15920:TCP"= 15920:TCP:BitComet 15920 TCP

"15920:UDP"= 15920:UDP:BitComet 15920 UDP

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [19/02/2009 21:05 162768]

R1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [25/02/2010 19:14 390528]

R1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [15/03/2010 14:47 58984]

R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [15/03/2010 14:47 116328]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [19/02/2009 21:05 19024]

R2 lxdw_device;lxdw_device;c:\windows\system32\lxdwcoms.exe -service --> c:\windows\system32\lxdwcoms.exe -service [?]

R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [15/03/2010 14:47 779496]

R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 20:19 13592]

R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [04/08/2005 22:09 211200]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29/01/2010 09:33 135664]

S2 lxdwCATSCustConnectService;lxdwCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdwserv.exe [06/03/2010 10:17 98984]

S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [26/02/2010 22:09 36608]

.

Contents of the 'Scheduled Tasks' folder

2010-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 08:33]

2010-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 08:33]

2010-04-18 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]

2010-04-18 c:\windows\Tasks\User_Feed_Synchronization-{CED200F3-B140-4DF1-A4BE-3BA76DD90495}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 04:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.co.uk/

FF - ProfilePath - c:\documents and settings\Luke\Application Data\Mozilla\Firefox\Profiles\r3szkjl8.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=

FF - prefs.js: browser.search.selectedEngine - Live Search

FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157

FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=

FF - component: c:\documents and settings\Luke\Application Data\Mozilla\Firefox\Profiles\r3szkjl8.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-04-18 09:55

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(656)

c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(5008)

c:\windows\system32\WININET.dll

c:\program files\Trusteer\Rapport\bin\rooksbas.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\program files\Alwil Software\Avast5\AvastSvc.exe

c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\windows\system32\lxdwcoms.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\windows\system32\Ati2evxx.exe

.

**************************************************************************

.

Completion time: 2010-04-18 09:58:19 - machine was rebooted

ComboFix-quarantined-files.txt 2010-04-18 08:58

Pre-Run: 129,217,241,088 bytes free

Post-Run: 129,199,902,720 bytes free

- - End Of File - - 1F5B11D6438EC93ECCDB88A800895A7B

HijackThis -

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:12:32, on 18/04/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\lxdwcoms.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Trusteer\Rapport\bin\RapportService.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe

C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe

C:\Program Files\Lexmark 7600 Series\lxdwmon.exe

C:\Program Files\Lexmark 7600 Series\ezprint.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Lexmark Printable Web - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll

O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang en

O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui

O4 - HKLM\..\Run: [lxdwmon.exe] "C:\Program Files\Lexmark 7600 Series\lxdwmon.exe"

O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 7600 Series\ezprint.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll (file missing)

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe (file missing)

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: lxdwCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdwserv.exe

O23 - Service: lxdw_device - - C:\WINDOWS\system32\lxdwcoms.exe

O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

--

End of file - 6973 bytes

Malwarebytes - (Second Time Run)

Malwarebytes' Anti-Malware 1.45

www.malwarebytes.org

Database version: 4003

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

18/04/2010 10:24:06

mbam-log-2010-04-18 (10-24-06).txt

Scan type: Quick scan

Objects scanned: 111016

Time elapsed: 5 minute(s), 6 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\rundll.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\rundll32.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

Regards,

Michael.

Link to post
Share on other sites

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however may need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go here then click on: EOLS1.gif
  • Select the option YES, I accept the Terms of Use then click on: EOLS2.gif
  • When prompted allow the Add-On/Active X to install.
  • Now click on Advanced Settings and select the following:

    • Remove found threats
    • Scan archives
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology

[*]Now click on: EOLS3.gif

[*]The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.

[*]When completed the Online Scan will begin automatically.

[*]Do not touch either the Mouse or keyboard during the scan otherwise it may stall.

[*]When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!

[*]Now click on: EOLS4.gif

[*]Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.

[*]Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Link to post
Share on other sites

Hi,

Log as follows -

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=13e59e898104bb47828b53b49feb8b3e

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2010-04-18 08:57:17

# local_time=2010-04-18 09:57:17 (+0000, GMT Daylight Time)

# country="United Kingdom"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 499234 499234 0 0

# compatibility_mode=768 16777175 100 0 5603401 5603401 0 0

# compatibility_mode=6143 16777215 0 0 0 0 0 0

# compatibility_mode=8192 67108863 100 0 227 227 0 0

# scanned=60374

# found=0

# cleaned=0

# scan_time=15347

Regards,

Michael.

Link to post
Share on other sites

Please download The Avenger2 by Swandog46 to your Desktop.

  • Right click on the Avenger.zip folder and select "Extract All..."
  • Follow the prompts and extract the avenger folder to your desktop

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:
C:\WINDOWS\rundll.exe
C:\WINDOWS\rundll32.exe

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, open the avenger folder and start The Avenger program by clicking on its icon.

  • Right click on the window under Input script here:, and select Paste.
  • You can also Paste the text copied to the clipboard into this window by pressing (Ctrl+V), or click on the third button under the menu to paste it from the clipboard.
  • Click on Execute
  • Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

[*]It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete" or "Drivers to Disable", The Avenger will actually restart your system twice.)

[*]On reboot, it will briefly open a black command window on your desktop, this is normal.

[*]After the restart, it creates a log file that should open with the results of Avenger

Link to post
Share on other sites

Hi,

Logs as follows (posted in the order the programs were run) -

Avenger -

Logfile of The Avenger Version 2.0, © by Swandog46

http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.

Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

No rootkits found!

Error: file "C:\WINDOWS\rundll.exe" not found!

Deletion of file "C:\WINDOWS\rundll.exe" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: file "C:\WINDOWS\rundll32.exe" not found!

Deletion of file "C:\WINDOWS\rundll32.exe" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Completed script processing.

*******************

Finished! Terminate.

Malwarebytes -

Malwarebytes' Anti-Malware 1.45

www.malwarebytes.org

Database version: 4023

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

22/04/2010 19:37:13

mbam-log-2010-04-22 (19-37-13).txt

Scan type: Quick scan

Objects scanned: 111767

Time elapsed: 5 minute(s), 31 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\rundll.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\rundll32.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

HijackThis -

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:37:35, on 22/04/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\lxdwcoms.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Trusteer\Rapport\bin\RapportService.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe

C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe

C:\Program Files\Lexmark 7600 Series\lxdwmon.exe

C:\Program Files\Lexmark 7600 Series\ezprint.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Lexmark Printable Web - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll

O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang en

O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui

O4 - HKLM\..\Run: [lxdwmon.exe] "C:\Program Files\Lexmark 7600 Series\lxdwmon.exe"

O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 7600 Series\ezprint.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll (file missing)

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe (file missing)

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: lxdwCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdwserv.exe

O23 - Service: lxdw_device - - C:\WINDOWS\system32\lxdwcoms.exe

O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

--

End of file - 7192 bytes

Regards,

Michael.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.