Jump to content

Recommended Posts

Followed "I'm infected - What do I do now?, Please follow these instructions to clean your system"..I did remove MS Security Essentials and ran combofix previous to doing this though. I can't get my wireless to work as CF quarantined tcip.reg..not sure if thats even related. Earlier in the days MSE told me I have Trojan:DOS/Alureon.A variant though and I seem to recall it trying to remove something at the MBR level. psbase3.dll has been the only think I know thats been installed before I ran into problems that originally hijaked my web browsers.

==================================================================

Malwarebytes' Anti-Malware 1.50

www.malwarebytes.org

Database version: 5251

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

12/5/2010 4:48:01 PM

mbam-log-2010-12-05 (16-48-01).txt

Scan type: Quick scan

Objects scanned: 138824

Time elapsed: 1 minute(s), 14 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

========================================================================

DDS (Ver_10-12-05.01) - NTFSx86

Run by __ at 16:41:01.56 on Sun 12/05/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2449 [GMT -8:00]

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}

============== Running Processes ===============

E:\Program Files\Avira\AntiVir Desktop\avguard.exe

E:\Program Files\Avira\AntiVir Desktop\avshadow.exe

E:\WINDOWS\system32\Ati2evxx.exe

E:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

E:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

E:\WINDOWS\system32\Ati2evxx.exe

svchost.exe

E:\WINDOWS\System32\bcmwltry.exe

E:\WINDOWS\system32\spoolsv.exe

E:\Program Files\Avira\AntiVir Desktop\sched.exe

svchost.exe

E:\Program Files\Avira\AntiVir Desktop\avmailc.exe

E:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE

E:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

E:\Program Files\Bonjour\mDNSResponder.exe

E:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

E:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe

E:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

E:\Program Files\Norton Ghost\Agent\VProSvc.exe

E:\WINDOWS\system32\svchost.exe -k imgsvc

E:\WINDOWS\system32\dllhost.exe

E:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

E:\Program Files\Norton Ghost\Agent\VProTray.exe

E:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe

E:\WINDOWS\RTHDCPL.EXE

E:\Program Files\iTunes\iTunesHelper.exe

E:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

E:\WINDOWS\system32\wltray.exe

E:\Program Files\Avira\AntiVir Desktop\avgnt.exe

E:\Program Files\Dynex G Desktop Card Adapter\DynexWCUI.exe

E:\WINDOWS\system32\dllhost.exe

E:\Program Files\iPod\bin\iPodService.exe

E:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe

E:\WINDOWS\system32\wscntfy.exe

E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

E:\WINDOWS\system32\wuauclt.exe

E:\WINDOWS\explorer.exe

E:\Program Files\Mozilla Firefox\firefox.exe

E:\Program Files\Mozilla Firefox\plugin-container.exe

E:\Documents and Settings\__\Desktop\dds.scr

E:\Program Files\Avira\AntiVir Desktop\avconfig.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - e:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - e:\program files\spybot - search & destroy\SDHelper.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - e:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - e:\program files\java\jre6\bin\jp2ssv.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - e:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - e:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No File

mRun: [iAAnotif] e:\program files\intel\intel matrix storage manager\iaanotif.exe

mRun: [JMB36X IDE Setup] e:\windows\raidtool\xInsIDE.exe

mRun: [36X Raid Configurer] e:\windows\system32\xRaidSetup.exe boot

mRun: [Norton Ghost 14.0] "e:\program files\norton ghost\agent\VProTray.exe"

mRun: [NeroFilterCheck] e:\windows\system32\NeroCheck.exe

mRun: [PrnStatusMX] e:\program files\hewlett-packard\prnstatusmx\PrnStatusMX.exe

mRun: [AdobeCS4ServiceManager] "e:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin

mRun: [Adobe Acrobat Speed Launcher] "e:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [sunJavaUpdateSched] "e:\program files\common files\java\java update\jusched.exe"

mRun: [AppleSyncNotifier] e:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [QuickTime Task] "e:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "e:\program files\itunes\iTunesHelper.exe"

mRun: [Malwarebytes' Anti-Malware] "e:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [broadcom Wireless Manager] e:\windows\system32\wltray.exe

mRun: [avgnt] "e:\program files\avira\antivir desktop\avgnt.exe" /min

dRun: [DWQueuedReporting] "e:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: e:\docume~1\alluse~1\startm~1\programs\startup\dynexw~1.lnk - e:\program files\dynex g desktop card adapter\DynexWCUI.exe

IE: Append Link Target to Existing PDF - e:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - e:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - e:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - e:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - e:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - e:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - e:\progra~1\micros~2\office11\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - e:\program files\spybot - search & destroy\SDHelper.dll

LSP: e:\program files\avira\antivir desktop\avsda.dll

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204

DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1272525533046

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - e:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - e:\docume~1\__\applic~1\mozilla\firefox\profiles\rjaoickg.default\

FF - prefs.js: browser.startup.homepage - hxxP://WWW.DJBEEJ.COM

FF - plugin: e:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: e:\program files\mozilla firefox\plugins\npOGAPlugin.dll

FF - HiddenExtension: Java Console: No Registry Reference - e:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - e:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - e:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - e:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Extension: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - e:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Extension: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - e:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - e:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Extension: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - e:\docume~1\__\applic~1\mozilla\firefox\profiles\rjaoickg.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}

FF - Extension: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - e:\docume~1\__\applic~1\mozilla\firefox\profiles\rjaoickg.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}

FF - Extension: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - e:\docume~1\__\applic~1\mozilla\firefox\profiles\rjaoickg.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

FF - Extension: Firebug: firebug@software.joehewitt.com - e:\docume~1\__\applic~1\mozilla\firefox\profiles\rjaoickg.default\extensions\firebug@software.joehewitt.com

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;e:\program files\avira\antivir desktop\avgio.sys [2010-12-5 11608]

R2 AntiVirMailService;Avira AntiVir MailGuard;e:\program files\avira\antivir desktop\avmailc.exe [2010-12-5 337064]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;e:\program files\avira\antivir desktop\sched.exe [2010-12-5 135336]

R2 AntiVirService;Avira AntiVir Guard;e:\program files\avira\antivir desktop\avguard.exe [2010-12-5 267432]

R2 AntiVirWebService;Avira AntiVir WebGuard;e:\program files\avira\antivir desktop\avwebgrd.exe [2010-12-5 405672]

R2 avgntflt;avgntflt;e:\windows\system32\drivers\avgntflt.sys [2010-12-5 60936]

R2 MBAMService;MBAMService;e:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-12-5 363344]

R2 NIHardwareService;NIHardwareService;e:\program files\common files\native instruments\hardware\NIHardwareService.exe [2010-10-19 3791872]

R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;e:\windows\system32\dllhost.exe [2008-4-13 5120]

R3 MBAMProtector;MBAMProtector;e:\windows\system32\drivers\mbam.sys [2010-12-5 20952]

R3 SymSnapService;SymSnapService;e:\program files\norton ghost\shared\drivers\SymSnapService.exe [2007-12-20 1553896]

S3 Ambfilt;Ambfilt;e:\windows\system32\drivers\Ambfilt.sys [2010-4-28 1691480]

S3 Bulk;HDJBulk;e:\windows\system32\drivers\hdjbulk.sys --> e:\windows\system32\drivers\HDJBulk.sys [?]

S3 HDJAsioK;HDJAsioK;e:\windows\system32\drivers\hdjasiok.sys --> e:\windows\system32\drivers\HDJAsioK.sys [?]

S3 HDJMidi;Hercules DJ Console Rmx MIDI;e:\windows\system32\drivers\hdjmidi.sys --> e:\windows\system32\drivers\HDJMidi.sys [?]

S3 MAUSBFASTTRACK;Service for M-Audio FastTrack;e:\windows\system32\drivers\maudiofasttrack.sys --> e:\windows\system32\drivers\MAudioFastTrack.sys [?]

S3 MAUSBMIDI;Service for M-Audio USB MIDI Series;e:\windows\system32\drivers\maudiousbmidi.sys --> e:\windows\system32\drivers\MAudioUSBMIDI.sys [?]

S3 MEMSWEEP2;MEMSWEEP2;\??\e:\windows\system32\14.tmp --> e:\windows\system32\14.tmp [?]

S3 WDC_SAM;WD SCSI Pass Thru driver;e:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]

=============== Created Last 30 ================

2010-12-06 00:35:03 -------- d-----w- e:\program files\VS Revo Group

2010-12-06 00:28:59 -------- d-----w- E:\ComboFix

2010-12-06 00:15:05 -------- d-----w- e:\docume~1\__\applic~1\Download Manager

2010-12-06 00:12:11 89088 ----a-w- e:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll.new

2010-12-06 00:12:02 89088 -c----w- e:\windows\system32\dllcache\SETE9.tmp

2010-12-06 00:12:02 597504 -c----w- e:\windows\system32\dllcache\SETE8.tmp

2010-12-06 00:12:02 597504 ------w- e:\windows\system32\spool\prtprocs\w32x86\SETCB.tmp

2010-12-06 00:12:02 575488 -c----w- e:\windows\system32\dllcache\SETE7.tmp

2010-12-06 00:12:02 575488 ------w- e:\windows\system32\SETD4.tmp

2010-12-06 00:12:02 1676288 -c----w- e:\windows\system32\dllcache\SETE6.tmp

2010-12-06 00:12:02 1676288 ------w- e:\windows\system32\SETD3.tmp

2010-12-06 00:12:02 117760 ------w- e:\windows\system32\SETD5.tmp

2010-12-06 00:12:02 -------- d-----w- E:\e87a74117322168fdd

2010-12-06 00:09:55 -------- d-----w- E:\98206a87fbdf71a8ee

2010-12-05 23:38:39 -------- d-----w- e:\windows\SQL9_KB970895_ENU

2010-12-05 21:41:11 -------- d-----w- e:\docume~1\__\applic~1\Avira

2010-12-05 21:39:56 -------- d-----w- e:\windows\system32\NtmsData

2010-12-05 21:34:50 60936 ----a-w- e:\windows\system32\drivers\avgntflt.sys

2010-12-05 21:34:50 -------- d-----w- e:\program files\Avira

2010-12-05 21:34:50 -------- d-----w- e:\docume~1\alluse~1\applic~1\Avira

2010-12-05 12:54:34 -------- d-----w- e:\program files\Sophos

2010-12-05 11:20:40 -------- d-----w- e:\windows\Performance

2010-12-05 11:20:34 -------- d-----w- e:\docume~1\__\locals~1\applic~1\Microsoft Corporation

2010-12-05 11:20:12 -------- d-----w- e:\program files\Microsoft Windows 7 Upgrade Advisor

2010-12-05 08:16:47 -------- d-----w- e:\docume~1\__\applic~1\Malwarebytes

2010-12-05 08:14:58 38224 ----a-w- e:\windows\system32\drivers\mbamswissarmy.sys

2010-12-05 08:14:57 -------- d-----w- e:\docume~1\alluse~1\applic~1\Malwarebytes

2010-12-05 08:14:54 20952 ----a-w- e:\windows\system32\drivers\mbam.sys

2010-12-05 08:14:53 -------- d-----w- e:\program files\Malwarebytes' Anti-Malware

2010-12-05 03:42:04 -------- d-----w- e:\docume~1\__\applic~1\InstallShield

2010-12-05 03:34:46 -------- d-sha-r- E:\cmdcons

2010-12-05 03:34:45 -------- d-----w- e:\windows\setup.pss

2010-12-05 02:08:00 98816 ----a-w- e:\windows\sed.exe

2010-12-05 02:08:00 89088 ----a-w- e:\windows\MBR.exe

2010-12-05 02:08:00 256512 ----a-w- e:\windows\PEV.exe

2010-12-05 02:08:00 161792 ----a-w- e:\windows\SWREG.exe

2010-12-05 00:25:13 54784 --sha-r- e:\windows\system32\psbase3.dll

2010-11-29 03:31:22 -------- d-----w- e:\docume~1\__\locals~1\applic~1\WindowsApplication1

2010-11-29 03:19:49 -------- d-----w- e:\docume~1\__\locals~1\applic~1\ContainerEx

2010-11-29 03:19:47 -------- d-----w- e:\program files\Xenocode

2010-11-29 03:19:47 -------- d-----w- e:\docume~1\__\locals~1\applic~1\Xenocode

2010-11-28 04:10:38 57344 ----a-r- e:\docume~1\__\applic~1\microsoft\installer\{269d9c87-36e2-453e-a58d-b39bd617917c}\NewShortcut7_B56E5B51EA954C948003CC703E2AFAD5.exe

2010-11-28 04:10:38 57344 ----a-r- e:\docume~1\__\applic~1\microsoft\installer\{269d9c87-36e2-453e-a58d-b39bd617917c}\NewShortcut1_9046FC1E1C604E8F87F08E640274C274.exe

2010-11-28 04:10:34 -------- d-----w- e:\program files\Serato

2010-11-18 04:01:11 -------- dc-h--w- e:\docume~1\alluse~1\applic~1\{A0DFE2A5-DE68-41F3-8861-73E954C1D41D}

2010-11-18 04:00:10 -------- dc-h--w- e:\docume~1\alluse~1\applic~1\{BB25779E-744C-48F3-94DE-CD6F60A5AC55}

2010-11-18 03:59:45 -------- dc-h--w- e:\docume~1\alluse~1\applic~1\{A6DB2A6F-FF9D-453F-99D6-C1AA54BC0C14}

2010-11-13 22:37:58 -------- d-----w- e:\program files\ASIO4ALL v2

2010-11-10 09:42:31 -------- d-----w- e:\docume~1\__\applic~1\Media Player Classic

==================== Find3M ====================

2010-10-19 20:51:33 222080 ------w- e:\windows\system32\MpSigStub.exe

2010-09-18 20:23:26 974848 ----a-w- e:\windows\system32\mfc42u.dll

2010-09-18 06:53:25 974848 ----a-w- e:\windows\system32\mfc42.dll

2010-09-18 06:53:25 954368 ----a-w- e:\windows\system32\mfc40.dll

2010-09-18 06:53:25 953856 ----a-w- e:\windows\system32\mfc40u.dll

2010-09-15 11:50:37 472808 ----a-w- e:\windows\system32\deployJava1.dll

2010-09-15 09:29:49 73728 ----a-w- e:\windows\system32\javacpl.cpl

2010-09-10 05:58:08 916480 ----a-w- e:\windows\system32\wininet.dll

2010-09-10 05:58:06 43520 ----a-w- e:\windows\system32\licmgr10.dll

2010-09-10 05:58:06 1469440 ------w- e:\windows\system32\inetcpl.cpl

2010-09-08 18:17:46 94208 ----a-w- e:\windows\system32\QuickTimeVR.qtx

2010-09-08 18:17:46 69632 ----a-w- e:\windows\system32\QuickTime.qts

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: Intel___ rev.1.0. -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0

device: opened successfully

user: MBR read successfully

Disk trace:

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; }

user != kernel MBR !!!

sectors 290437118 (+255): user != kernel

============= FINISH: 16:41:18.09 ===============

Attach.zip

Link to post
Share on other sites

Hi,

Please delete your copy of ComboFix.exe from the desktop.

Then download the latest version of ComboFix from one of these locations (or in your case, you can download the file on another PC and then transfer the file with an USB flash drive):

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them:
    Click me
    If you can't disable them then just continue on.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

Link to post
Share on other sites

ComboFix 10-12-15.06 - __ 12/16/2010 1:04.10.4 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2642 [GMT -8:00]

Running from: e:\documents and settings\__\Desktop\ComboFix.exe

AV: AntiVir Desktop *Disabled/Updated* {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}

* Created a new restore point

.

((((((((((((((((((((((((( Files Created from 2010-11-16 to 2010-12-16 )))))))))))))))))))))))))))))))

.

2010-12-06 05:36 . 2010-12-06 05:37 -------- d-----w- E:\b91e250315f9bcaf56bb

2010-12-06 04:25 . 2010-12-06 04:25 -------- d-----w- e:\program files\ESET

2010-12-06 00:35 . 2010-12-06 00:51 -------- d-----w- e:\program files\VS Revo Group

2010-12-06 00:15 . 2010-12-06 00:16 -------- d-----w- e:\documents and settings\__\Application Data\Download Manager

2010-12-06 00:12 . 2010-12-06 00:12 -------- d-----w- E:\e87a74117322168fdd

2010-12-05 23:38 . 2010-12-05 23:38 -------- d-----w- e:\windows\SQL9_KB970895_ENU

2010-12-05 21:41 . 2010-12-05 21:41 -------- d-----w- e:\documents and settings\__\Application Data\Avira

2010-12-05 21:39 . 2010-12-06 08:57 -------- d-----w- e:\windows\system32\NtmsData

2010-12-05 21:34 . 2010-12-16 09:00 135096 ----a-w- e:\windows\system32\drivers\avipbb.sys

2010-12-05 21:34 . 2010-12-06 08:37 61960 ----a-w- e:\windows\system32\drivers\avgntflt.sys

2010-12-05 21:34 . 2010-12-05 21:35 -------- d-----w- e:\documents and settings\All Users\Application Data\Avira

2010-12-05 21:34 . 2010-12-05 21:34 -------- d-----w- e:\program files\Avira

2010-12-05 21:34 . 2009-05-11 20:49 51992 ----a-w- e:\windows\system32\drivers\avgntdd.sys

2010-12-05 21:34 . 2009-05-11 20:49 17016 ----a-w- e:\windows\system32\drivers\avgntmgr.sys

2010-12-05 12:54 . 2010-12-05 12:54 -------- d-----w- e:\program files\Sophos

2010-12-05 11:20 . 2010-12-05 11:20 -------- d-----w- e:\windows\Performance

2010-12-05 11:20 . 2010-12-05 11:20 -------- d-----w- e:\documents and settings\__\Local Settings\Application Data\Microsoft Corporation

2010-12-05 11:20 . 2010-12-05 11:20 -------- d-----w- e:\program files\Microsoft Windows 7 Upgrade Advisor

2010-12-05 10:36 . 2010-12-05 11:25 -------- d-----w- e:\program files\Windows Live Safety Center

2010-12-05 08:16 . 2010-12-05 08:16 -------- d-----w- e:\documents and settings\__\Application Data\Malwarebytes

2010-12-05 08:14 . 2010-11-30 01:42 38224 ----a-w- e:\windows\system32\drivers\mbamswissarmy.sys

2010-12-05 08:14 . 2010-12-05 08:14 -------- d-----w- e:\documents and settings\All Users\Application Data\Malwarebytes

2010-12-05 08:14 . 2010-11-30 01:42 20952 ----a-w- e:\windows\system32\drivers\mbam.sys

2010-12-05 08:14 . 2010-12-05 08:14 -------- d-----w- e:\program files\Malwarebytes' Anti-Malware

2010-12-05 03:42 . 2010-12-05 03:42 -------- d-----w- e:\documents and settings\__\Application Data\InstallShield

2010-12-05 00:25 . 2010-12-05 00:25 54784 --sha-r- e:\windows\system32\psbase3.dll

2010-11-29 03:31 . 2010-11-29 03:31 -------- d-----w- e:\documents and settings\__\Local Settings\Application Data\WindowsApplication1

2010-11-29 03:19 . 2010-11-29 03:19 -------- d-----w- e:\documents and settings\__\Local Settings\Application Data\ContainerEx

2010-11-29 03:19 . 2010-11-29 03:19 -------- d-----w- e:\program files\Xenocode

2010-11-29 03:19 . 2010-11-29 03:19 -------- d-----w- e:\documents and settings\__\Local Settings\Application Data\Xenocode

2010-11-28 04:10 . 2010-11-28 04:10 57344 ----a-r- e:\documents and settings\__\Application Data\Microsoft\Installer\{269D9C87-36E2-453E-A58D-B39BD617917C}\NewShortcut7_B56E5B51EA954C948003CC703E2AFAD5.exe

2010-11-28 04:10 . 2010-11-28 04:10 57344 ----a-r- e:\documents and settings\__\Application Data\Microsoft\Installer\{269D9C87-36E2-453E-A58D-B39BD617917C}\NewShortcut1_9046FC1E1C604E8F87F08E640274C274.exe

2010-11-28 04:10 . 2010-11-28 04:10 -------- d-----w- e:\program files\Serato

2010-11-18 04:01 . 2010-11-18 04:01 -------- dc-h--w- e:\documents and settings\All Users\Application Data\{A0DFE2A5-DE68-41F3-8861-73E954C1D41D}

2010-11-18 04:00 . 2010-11-18 04:00 -------- dc-h--w- e:\documents and settings\All Users\Application Data\{BB25779E-744C-48F3-94DE-CD6F60A5AC55}

2010-11-18 03:59 . 2010-11-18 03:59 -------- dc-h--w- e:\documents and settings\All Users\Application Data\{A6DB2A6F-FF9D-453F-99D6-C1AA54BC0C14}

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-10-19 20:51 . 2010-09-02 06:30 222080 ------w- e:\windows\system32\MpSigStub.exe

2010-09-18 20:23 . 2007-04-03 06:44 974848 ----a-w- e:\windows\system32\mfc42u.dll

2010-09-18 06:53 . 2008-04-14 03:41 974848 ----a-w- e:\windows\system32\mfc42.dll

2010-09-18 06:53 . 2008-04-14 03:41 953856 ----a-w- e:\windows\system32\mfc40u.dll

2010-09-18 06:53 . 2001-08-23 12:00 954368 ----a-w- e:\windows\system32\mfc40.dll

.

------- Sigcheck -------

[-] 2010-04-29 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . e:\windows\system32\sfcfiles.dll

.

((((((((((((((((((((((((((((( SnapShot@2010-12-06_00.25.39 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-12-16 08:58 . 2010-12-16 08:58 16384 e:\windows\temp\Perflib_Perfdata_bb4.dat

+ 2010-12-16 08:58 . 2010-12-16 08:58 16384 e:\windows\temp\Perflib_Perfdata_a3c.dat

+ 2010-07-22 00:47 . 2008-07-06 12:06 89088 e:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll

+ 2008-04-14 03:42 . 2008-05-19 14:33 18944 e:\windows\system32\msisip.dll

+ 2008-04-14 03:42 . 2008-05-19 09:57 95744 e:\windows\system32\msiexec.exe

+ 2008-04-14 03:42 . 2008-05-19 14:33 18944 e:\windows\system32\dllcache\msisip.dll

+ 2008-04-14 03:42 . 2008-05-19 09:57 95744 e:\windows\system32\dllcache\msiexec.exe

+ 2007-03-23 03:24 . 2008-07-06 12:06 89088 e:\windows\system32\dllcache\filterpipelineprintproc.dll

- 2010-04-29 05:53 . 2010-12-06 00:01 32768 e:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

+ 2010-04-29 05:53 . 2010-12-06 03:23 32768 e:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

- 2010-04-29 05:53 . 2010-12-06 00:01 32768 e:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

+ 2010-04-29 05:53 . 2010-12-06 03:23 32768 e:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

+ 2010-12-05 23:28 . 2010-12-06 03:23 16384 e:\windows\system32\config\systemprofile\Cookies\index.dat

- 2010-12-05 23:28 . 2010-12-06 00:01 16384 e:\windows\system32\config\systemprofile\Cookies\index.dat

+ 2010-12-06 01:19 . 2010-12-06 01:19 37888 e:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\423f794d1f4ed6e120fbb02e436491cb\System.Windows.Presentation.ni.dll

+ 2010-12-06 01:18 . 2010-12-06 01:18 36864 e:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\19ca1747c1ea18a3b639b302bca8df93\System.Web.DynamicData.Design.ni.dll

+ 2010-12-06 01:16 . 2010-12-06 01:16 94208 e:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\532438e2acfcadc469a4d468c51f8451\System.ComponentModel.DataAnnotations.ni.dll

+ 2010-12-06 01:16 . 2010-12-06 01:16 82944 e:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\597b20e1b053d6a510cfe033c07a63e6\System.AddIn.Contract.ni.dll

+ 2010-12-06 01:17 . 2010-12-06 01:17 55296 e:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\790cf1edb17ee41b59be62ecbd59613b\Microsoft.Vsa.ni.dll

+ 2010-12-06 01:16 . 2010-12-06 01:16 65024 e:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e9aba2eab90d647356f65e66053da02b\Microsoft.Build.Framework.ni.dll

+ 2010-12-06 01:16 . 2010-12-06 01:16 74752 e:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\28343d470d992f169ca0e7cdb3cc3117\Microsoft.Build.Framework.ni.dll

+ 2010-12-06 01:16 . 2010-12-06 01:16 14336 e:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\f4e38208e88cb4cc314a1d6543b9fcc6\dfsvc.ni.exe

+ 2010-12-06 01:15 . 2010-12-06 01:15 25600 e:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\11eb4f6606ba01e5128805759121ea6c\Accessibility.ni.dll

+ 2008-04-13 19:09 . 2008-04-17 09:43 2560 e:\windows\system32\msimsg.dll

+ 2008-04-13 19:09 . 2008-04-17 09:43 2560 e:\windows\system32\dllcache\msimsg.dll

+ 2007-03-23 13:07 . 2008-07-06 12:06 575488 e:\windows\system32\xpsshhdr.dll

+ 2010-07-22 00:47 . 2008-07-06 12:06 147456 e:\windows\system32\spool\prtprocs\x64\filterpipelineprintproc.dll

+ 2007-03-23 03:25 . 2008-07-06 10:50 597504 e:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

+ 2007-03-23 03:25 . 2008-07-06 12:06 117760 e:\windows\system32\prntvpt.dll

+ 2008-04-14 03:42 . 2008-05-19 14:33 332800 e:\windows\system32\msihnd.dll

+ 2007-03-23 13:07 . 2008-07-06 12:06 575488 e:\windows\system32\dllcache\xpsshhdr.dll

+ 2007-03-23 03:25 . 2008-07-06 10:50 597504 e:\windows\system32\dllcache\printfilterpipelinesvc.exe

+ 2008-04-14 03:42 . 2008-05-19 14:33 332800 e:\windows\system32\dllcache\msihnd.dll

+ 2010-12-06 01:15 . 2010-12-06 01:15 321536 e:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\2ef5bc3a2edd7570bb23886a4f32294a\WsatConfig.ni.exe

+ 2010-12-06 01:19 . 2010-12-06 01:19 400896 e:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\c338a470b14851ce5987bb0f0869c310\System.Xml.Linq.ni.dll

+ 2010-12-06 01:18 . 2010-12-06 01:18 129536 e:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\bb77ea11f46ab438b2b7ed7c180011a1\System.Web.Routing.ni.dll

+ 2010-12-06 01:18 . 2010-12-06 01:18 202240 e:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\6ee255220d90dcbe80c990e443051cc5\System.Web.RegularExpressions.ni.dll

+ 2010-12-06 01:18 . 2010-12-06 01:18 859648 e:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\58f62044fa702ea6f936071aa5520baa\System.Web.Extensions.Design.ni.dll

+ 2010-12-06 01:18 . 2010-12-06 01:18 328704 e:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\79c29ac85dd57dd485ab60118ac292ff\System.Web.Entity.ni.dll

+ 2010-12-06 01:18 . 2010-12-06 01:18 301056 e:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\d3d65e34fa60f0b6c72ca0d12ec89933\System.Web.Entity.Design.ni.dll

+ 2010-12-06 01:18 . 2010-12-06 01:18 547328 e:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\b7891f5659db299dbd1b3c72db7edb9f\System.Web.DynamicData.ni.dll

+ 2010-12-06 01:18 . 2010-12-06 01:18 141312 e:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\00ec08741a765c707bd9169346064a81\System.Web.Abstractions.ni.dll

+ 2010-12-06 01:18 . 2010-12-06 01:18 627200 e:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\5a555c9ae6984c40157cf940bb519f7c\System.Transactions.ni.dll

+ 2010-12-06 01:18 . 2010-12-06 01:18 212992 e:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\ea3366939280c1715f1c620e33ee3c8a\System.ServiceProcess.ni.dll

+ 2010-12-06 01:16 . 2010-12-06 01:16 676352 e:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\1c8df2da33222c048d683017f2095f04\System.Security.ni.dll

+ 2010-12-06 01:17 . 2010-12-06 01:17 311296 e:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\bfd6e16d8c3589cd2bd3f8d46f0a5402\System.Runtime.Serialization.Formatters.Soap.ni.dll

+ 2010-12-06 01:17 . 2010-12-06 01:17 621056 e:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\519d9c618341b136f9b963ffb7495308\System.Net.ni.dll

+ 2010-12-06 01:17 . 2010-12-06 01:17 998400 e:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\8642fdfbf02a6cb6f01169fe6fdb5d11\System.Management.ni.dll

+ 2010-12-06 01:17 . 2010-12-06 01:17 330752 e:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\1d3fbbd23ce1e8637ef4f40a8d23cd32\System.Management.Instrumentation.ni.dll

+ 2010-12-06 01:14 . 2010-12-06 01:14 381440 e:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\7c367a96b10d626ec8cbf8149272d845\System.IO.Log.ni.dll

+ 2010-12-06 01:14 . 2010-12-06 01:14 212992 e:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\68e71147704ef0d34d9a4bece7767fc5\System.IdentityModel.Selectors.ni.dll

+ 2010-12-06 01:17 . 2010-12-06 01:17 280064 e:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4267bd908175603006c6c90bb5d900c7\System.EnterpriseServices.Wrapper.dll

+ 2010-12-06 01:17 . 2010-12-06 01:17 627712 e:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4267bd908175603006c6c90bb5d900c7\System.EnterpriseServices.ni.dll

+ 2010-12-06 01:17 . 2010-12-06 01:17 455680 e:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c434a07332ce490711c27fd0edb7562f\System.DirectoryServices.Protocols.ni.dll

+ 2010-12-06 01:17 . 2010-12-06 01:17 881152 e:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\8b3bb7a2c2f3ffe94c866283f1cd5957\System.DirectoryServices.AccountManagement.ni.dll

+ 2010-12-06 01:17 . 2010-12-06 01:17 939008 e:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\a4b887f476fa4b8746a93a9fc2208560\System.Data.Services.Client.ni.dll

+ 2010-12-06 01:17 . 2010-12-06 01:17 354816 e:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\1cf3acad6553d6c59df576794f4e8bd6\System.Data.Services.Design.ni.dll

+ 2010-12-06 01:17 . 2010-12-06 01:17 756736 e:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\392de34573f9f8ec885714f2f3e7f07f\System.Data.Entity.Design.ni.dll

+ 2010-12-06 01:16 . 2010-12-06 01:16 135680 e:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\1db495ff00bbd14df4af6680c4de0653\System.Data.DataSetExtensions.ni.dll

+ 2010-12-06 01:16 . 2010-12-06 01:16 971264 e:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\b82c00e2d24305ad6cb08556e3779b75\System.Configuration.ni.dll

+ 2010-12-06 01:17 . 2010-12-06 01:17 141312 e:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\de514e484e49b04b016949d57ffac03e\System.Configuration.Install.ni.dll

+ 2010-12-06 01:16 . 2010-12-06 01:16 633856 e:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\ce984d754e3c0b6be4504b785cc43574\System.AddIn.ni.dll

+ 2010-12-06 01:15 . 2010-12-06 01:15 366080 e:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\045dd501b7257b1cc26083538ae69045\SMSvcHost.ni.exe

+ 2010-12-06 01:15 . 2010-12-06 01:15 256000 e:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\9790551187e294b4ed3aaa1c221891c7\SMDiagnostics.ni.dll

+ 2010-12-06 01:15 . 2010-12-06 01:15 320512 e:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\10a0c9707876fc1f65e64b811a28b020\ServiceModelReg.ni.exe

+ 2010-12-06 01:16 . 2010-12-06 01:16 133632 e:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\6d38e317128608bc4516ea46ab94590e\MSBuild.ni.exe

+ 2010-12-06 01:15 . 2010-12-06 01:15 386560 e:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\1820d6a012fc0e16c3e1d29d973cd2d0\Microsoft.Transactions.Bridge.Dtc.ni.dll

+ 2010-12-06 01:16 . 2010-12-06 01:16 144384 e:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\55b9eff9e23359faed4351386c062238\Microsoft.Build.Utilities.ni.dll

+ 2010-12-06 01:16 . 2010-12-06 01:16 175104 e:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\4217124db1ea5de5f1a1f3eea75e8d32\Microsoft.Build.Utilities.v3.5.ni.dll

+ 2010-12-06 01:16 . 2010-12-06 01:16 839680 e:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\96825c34d7e1f7df1923ff2123bed8da\Microsoft.Build.Engine.ni.dll

+ 2010-12-06 01:16 . 2010-12-06 01:16 222720 e:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\9b321ebf67587237f576df6104a32588\Microsoft.Build.Conversion.v3.5.ni.dll

+ 2010-12-06 01:16 . 2010-12-06 01:16 220672 e:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\9bea05938bee3555c5aa8763d89a68f9\CustomMarshalers.ni.dll

+ 2010-12-06 01:15 . 2010-12-06 01:15 410112 e:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\12629e2f3e315459bee67cbbaac85cb2\ComSvcConfig.ni.exe

+ 2010-12-06 01:16 . 2010-12-06 01:16 842240 e:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\b5b2feadc3943e3976daebc0bcd2b5e2\AspNetMMCExt.ni.dll

+ 2007-03-23 13:07 . 2008-07-06 12:06 1676288 e:\windows\system32\xpssvcs.dll

+ 2008-04-14 03:42 . 2008-05-19 14:33 4445184 e:\windows\system32\msi.dll

- 2010-04-28 22:43 . 2010-12-05 23:47 2009632 e:\windows\system32\FNTCACHE.DAT

+ 2010-04-28 22:43 . 2010-12-06 02:39 2009632 e:\windows\system32\FNTCACHE.DAT

+ 2007-03-23 13:07 . 2008-07-06 12:06 1676288 e:\windows\system32\dllcache\xpssvcs.dll

+ 2008-04-14 03:42 . 2008-05-19 14:33 4445184 e:\windows\system32\dllcache\msi.dll

+ 2010-12-06 01:19 . 2010-12-06 01:19 1356288 e:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\ac1750e78d79520dcf19195772eff1b6\System.WorkflowServices.ni.dll

+ 2010-12-06 01:19 . 2010-12-06 01:19 1908224 e:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\d265da36954fcb4cb7ad5adc693ea0f2\System.Workflow.Runtime.ni.dll

+ 2010-12-06 01:19 . 2010-12-06 01:19 4514304 e:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\693a8fbe6f7ad6e4e429052da4317e59\System.Workflow.ComponentModel.ni.dll

+ 2010-12-06 01:19 . 2010-12-06 01:19 2992640 e:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\cc99fbbac0b6e4e9ca62093e49b0c16b\System.Workflow.Activities.ni.dll

+ 2010-12-06 01:19 . 2010-12-06 01:19 1840640 e:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\b57bb002a655920cbfa2bee29d1e22b7\System.Web.Services.ni.dll

+ 2010-12-06 01:18 . 2010-12-06 01:18 2209280 e:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\81197e32ec931f439b3114e9031b65d6\System.Web.Mobile.ni.dll

+ 2010-12-06 01:18 . 2010-12-06 01:18 2403328 e:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\7f64c9d25471b72e1e957bdfe67947c8\System.Web.Extensions.ni.dll

+ 2010-12-06 01:18 . 2010-12-06 01:18 1917440 e:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\63cf639b6e0a3c25c1643c85016e7422\System.Speech.ni.dll

+ 2010-12-06 01:18 . 2010-12-06 01:18 1706496 e:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\340cad17fe57947eacbc8fa2cea780da\System.ServiceModel.Web.ni.dll

+ 2010-12-06 01:15 . 2010-12-06 01:15 2338304 e:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\034c91b133dee73d452652c52767b5ea\System.Runtime.Serialization.ni.dll

+ 2010-12-06 01:14 . 2010-12-06 01:14 1056768 e:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\c2de8479e54852f56996f79bc93acb13\System.IdentityModel.ni.dll

+ 2010-12-06 01:17 . 2010-12-06 01:17 1116672 e:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\543aced762f6b0c3f8e037955941afc6\System.DirectoryServices.ni.dll

+ 2010-12-06 01:17 . 2010-12-06 01:17 1801216 e:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\a6b58624486714fa71e5e35186850ff0\System.Deployment.ni.dll

+ 2010-12-06 01:16 . 2010-12-06 01:16 2510336 e:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\826b09ab0d0e36f4d631b4cd335df511\System.Data.SqlXml.ni.dll

+ 2010-12-06 01:17 . 2010-12-06 01:17 1328128 e:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\956a513dcbd44d5a6801840ef2b0b47b\System.Data.Services.ni.dll

+ 2010-12-06 01:17 . 2010-12-06 01:17 9924096 e:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\6479f975b105808a8d9e7a7fdc762551\System.Data.Entity.ni.dll

+ 2010-12-06 01:16 . 2010-12-06 01:16 1712128 e:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\1c86afc399d0fdd8e069266ffbe748d1\Microsoft.VisualBasic.ni.dll

+ 2010-12-06 01:15 . 2010-12-06 01:15 1093120 e:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\6b2f62f5e981913fce1d223f645d9ddf\Microsoft.Transactions.Bridge.ni.dll

+ 2010-12-06 01:17 . 2010-12-06 01:17 2332160 e:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\b261961046545831aa60963e84905968\Microsoft.JScript.ni.dll

+ 2010-12-06 01:16 . 2010-12-06 01:16 1620992 e:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\bd241492d96db39f20e758c13c845033\Microsoft.Build.Tasks.ni.dll

+ 2010-12-06 01:16 . 2010-12-06 01:16 1966080 e:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\a47100d8f4574bed2d49d83d0ab8964e\Microsoft.Build.Tasks.v3.5.ni.dll

+ 2010-12-06 01:16 . 2010-12-06 01:16 1888768 e:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\6cfe582681724965fb817e8ece5f0909\Microsoft.Build.Engine.ni.dll

+ 2010-12-06 01:18 . 2010-12-06 01:18 11796992 e:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\3963ce03d445a8619abbf388d590134b\System.Web.ni.dll

+ 2010-12-06 01:15 . 2010-12-06 01:15 17317888 e:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\85a68b5908535729e0458a1a58001df3\System.ServiceModel.ni.dll

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAAnotif"="e:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]

"JMB36X IDE Setup"="e:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]

"36X Raid Configurer"="e:\windows\system32\xRaidSetup.exe" [2007-11-19 1966080]

"Norton Ghost 14.0"="e:\program files\Norton Ghost\Agent\VProTray.exe" [2008-01-20 2245984]

"NeroFilterCheck"="e:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"PrnStatusMX"="e:\program files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe" [2007-08-29 1077248]

"AdobeCS4ServiceManager"="e:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]

"Adobe Acrobat Speed Launcher"="e:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]

"RTHDCPL"="RTHDCPL.EXE" [2010-05-01 19523616]

"SunJavaUpdateSched"="e:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"AppleSyncNotifier"="e:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-22 47904]

"QuickTime Task"="e:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]

"iTunesHelper"="e:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]

"Malwarebytes' Anti-Malware"="e:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-11-30 443728]

"Broadcom Wireless Manager"="e:\windows\system32\wltray.exe" [2007-03-02 1282048]

"avgnt"="e:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-06 281768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="e:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

e:\documents and settings\All Users\Start Menu\Programs\Startup\

Dynex Wireless Networking Utility.lnk - e:\program files\Dynex G Desktop Card Adapter\DynexWCUI.exe [2010-12-5 1462272]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]

2008-06-12 05:43 640376 ----a-w- e:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"e:\\Program Files\\DC++\\DCPlusPlus.exe"=

"e:\\Program Files\\EA GAMES\\Battlefield 2 Demo\\BF2.exe"=

"e:\\Program Files\\uTorrent\\uTorrent.exe"=

"e:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"e:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=

"e:\\Program Files\\iTunes\\iTunes.exe"=

"e:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

"e:\\Program Files\\Guillemot\\tools\\giWebUpdater.exe"=

"e:\\WINDOWS\\system32\\dpvsetup.exe"=

"e:\\WINDOWS\\system32\\sessmgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5353:TCP"= 5353:TCP:*:Disabled:Adobe CSI CS4

"3689:TCP"= 3689:TCP:iTunes Sharing

R2 AntiVirMailService;Avira AntiVir MailGuard;e:\program files\Avira\AntiVir Desktop\avmailc.exe [12/5/2010 1:34 PM 339624]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;e:\program files\Avira\AntiVir Desktop\sched.exe [12/5/2010 1:34 PM 135336]

R2 AntiVirWebService;Avira AntiVir WebGuard;e:\program files\Avira\AntiVir Desktop\avwebgrd.exe [12/5/2010 1:34 PM 403624]

R2 MBAMService;MBAMService;e:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/5/2010 12:14 AM 363344]

R2 NIHardwareService;NIHardwareService;e:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [10/19/2010 9:34 AM 3791872]

R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;e:\windows\system32\dllhost.exe [4/13/2008 7:42 PM 5120]

R3 MBAMProtector;MBAMProtector;e:\windows\system32\drivers\mbam.sys [12/5/2010 12:14 AM 20952]

R3 SymSnapService;SymSnapService;e:\program files\Norton Ghost\Shared\Drivers\SymSnapService.exe [12/20/2007 4:13 PM 1553896]

R3 WDC_SAM;WD SCSI Pass Thru driver;e:\windows\system32\drivers\wdcsam.sys [5/6/2008 3:06 PM 11520]

S3 Ambfilt;Ambfilt;e:\windows\system32\drivers\Ambfilt.sys [4/28/2010 10:34 PM 1691480]

S3 Bulk;HDJBulk;e:\windows\system32\Drivers\HDJBulk.sys --> e:\windows\system32\Drivers\HDJBulk.sys [?]

S3 HDJAsioK;HDJAsioK;e:\windows\system32\Drivers\HDJAsioK.sys --> e:\windows\system32\Drivers\HDJAsioK.sys [?]

S3 HDJMidi;Hercules DJ Console Rmx MIDI;e:\windows\system32\DRIVERS\HDJMidi.sys --> e:\windows\system32\DRIVERS\HDJMidi.sys [?]

S3 MAUSBFASTTRACK;Service for M-Audio FastTrack;e:\windows\system32\DRIVERS\MAudioFastTrack.sys --> e:\windows\system32\DRIVERS\MAudioFastTrack.sys [?]

S3 MAUSBMIDI;Service for M-Audio USB MIDI Series;e:\windows\system32\DRIVERS\MAudioUSBMIDI.sys --> e:\windows\system32\DRIVERS\MAudioUSBMIDI.sys [?]

S3 MEMSWEEP2;MEMSWEEP2;\??\e:\windows\system32\14.tmp --> e:\windows\system32\14.tmp [?]

S4 sptd;sptd;e:\windows\system32\drivers\sptd.sys [4/29/2010 12:50 AM 691696]

.

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = *.local

IE: Append Link Target to Existing PDF - e:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - e:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - e:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - e:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - e:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

LSP: e:\program files\Avira\AntiVir Desktop\avsda.dll

FF - ProfilePath - e:\documents and settings\__\Application Data\Mozilla\Firefox\Profiles\rjaoickg.default\

FF - prefs.js: browser.startup.homepage - hxxP://WWW.DJBEEJ.COM

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - e:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - e:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - e:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - e:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}

FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}

FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-12-16 01:07

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: Intel___ rev.1.0. -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2

device: opened successfully

user: MBR read successfully

Disk trace:

called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys iaStor.sys hal.dll

e:\docume~1\__\LOCALS~1\Temp\catchme.sys

e:\windows\system32\drivers\iaStor.sys Intel Corporation Intel Matrix Storage Manager driver

1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8AE62700]

3 CLASSPNP[0xBA108FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Ide\IAAStorageDevice-3[0x8A89D028]

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; }

user != kernel MBR !!!

sectors 290437118 (+255): user != kernel

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]

"ImagePath"="\??\e:\windows\system32\14.tmp"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@e:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="e:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(776)

e:\windows\system32\Ati2evxx.dll

e:\windows\system32\atiadlxx.dll

- - - - - - - > 'lsass.exe'(836)

e:\program files\Avira\AntiVir Desktop\avsda.dll

- - - - - - - > 'explorer.exe'(3424)

e:\windows\system32\WININET.dll

e:\windows\system32\ieframe.dll

e:\windows\system32\msi.dll

e:\windows\system32\webcheck.dll

e:\windows\system32\WPDShServiceObj.dll

e:\windows\system32\PortableDeviceTypes.dll

e:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2010-12-16 01:09:22

ComboFix-quarantined-files.txt 2010-12-16 09:09

ComboFix2.txt 2010-12-06 00:33

ComboFix3.txt 2010-12-06 00:27

Pre-Run: 8,017,989,632 bytes free

Post-Run: 8,016,961,536 bytes free

- - End Of File - - 4166DEF6DB57631FCCF851772773502D

Link to post
Share on other sites

Fine by me. I'll keep this thread open. :rolleyes:

ComboFix 10-12-15.06 - __ 12/16/2010 1:04.10.4 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2642 [GMT -8:00]

Running from: e:\documents and settings\__\Desktop\ComboFix.exe

AV: AntiVir Desktop *Disabled/Updated* {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}

* Created a new restore point

.

((((((((((((((((((((((((( Files Created from 2010-11-16 to 2010-12-16 )))))))))))))))))))))))))))))))

.

2010-12-06 05:36 . 2010-12-06 05:37 -------- d-----w- E:\b91e250315f9bcaf56bb

2010-12-06 04:25 . 2010-12-06 04:25 -------- d-----w- e:\program files\ESET

2010-12-06 00:35 . 2010-12-06 00:51 -------- d-----w- e:\program files\VS Revo Group

2010-12-06 00:15 . 2010-12-06 00:16 -------- d-----w- e:\documents and settings\__\Application Data\Download Manager

2010-12-06 00:12 . 2010-12-06 00:12 -------- d-----w- E:\e87a74117322168fdd

2010-12-05 23:38 . 2010-12-05 23:38 -------- d-----w- e:\windows\SQL9_KB970895_ENU

2010-12-05 21:41 . 2010-12-05 21:41 -------- d-----w- e:\documents and settings\__\Application Data\Avira

2010-12-05 21:39 . 2010-12-06 08:57 -------- d-----w- e:\windows\system32\NtmsData

2010-12-05 21:34 . 2010-12-16 09:00 135096 ----a-w- e:\windows\system32\drivers\avipbb.sys

2010-12-05 21:34 . 2010-12-06 08:37 61960 ----a-w- e:\windows\system32\drivers\avgntflt.sys

2010-12-05 21:34 . 2010-12-05 21:35 -------- d-----w- e:\documents and settings\All Users\Application Data\Avira

2010-12-05 21:34 . 2010-12-05 21:34 -------- d-----w- e:\program files\Avira

2010-12-05 21:34 . 2009-05-11 20:49 51992 ----a-w- e:\windows\system32\drivers\avgntdd.sys

2010-12-05 21:34 . 2009-05-11 20:49 17016 ----a-w- e:\windows\system32\drivers\avgntmgr.sys

2010-12-05 12:54 . 2010-12-05 12:54 -------- d-----w- e:\program files\Sophos

2010-12-05 11:20 . 2010-12-05 11:20 -------- d-----w- e:\windows\Performance

2010-12-05 11:20 . 2010-12-05 11:20 -------- d-----w- e:\documents and settings\__\Local Settings\Application Data\Microsoft Corporation

2010-12-05 11:20 . 2010-12-05 11:20 -------- d-----w- e:\program files\Microsoft Windows 7 Upgrade Advisor

2010-12-05 10:36 . 2010-12-05 11:25 -------- d-----w- e:\program files\Windows Live Safety Center

2010-12-05 08:16 . 2010-12-05 08:16 -------- d-----w- e:\documents and settings\__\Application Data\Malwarebytes

2010-12-05 08:14 . 2010-11-30 01:42 38224 ----a-w- e:\windows\system32\drivers\mbamswissarmy.sys

2010-12-05 08:14 . 2010-12-05 08:14 -------- d-----w- e:\documents and settings\All Users\Application Data\Malwarebytes

2010-12-05 08:14 . 2010-11-30 01:42 20952 ----a-w- e:\windows\system32\drivers\mbam.sys

2010-12-05 08:14 . 2010-12-05 08:14 -------- d-----w- e:\program files\Malwarebytes' Anti-Malware

2010-12-05 03:42 . 2010-12-05 03:42 -------- d-----w- e:\documents and settings\__\Application Data\InstallShield

2010-12-05 00:25 . 2010-12-05 00:25 54784 --sha-r- e:\windows\system32\psbase3.dll

2010-11-29 03:31 . 2010-11-29 03:31 -------- d-----w- e:\documents and settings\__\Local Settings\Application Data\WindowsApplication1

2010-11-29 03:19 . 2010-11-29 03:19 -------- d-----w- e:\documents and settings\__\Local Settings\Application Data\ContainerEx

2010-11-29 03:19 . 2010-11-29 03:19 -------- d-----w- e:\program files\Xenocode

2010-11-29 03:19 . 2010-11-29 03:19 -------- d-----w- e:\documents and settings\__\Local Settings\Application Data\Xenocode

2010-11-28 04:10 . 2010-11-28 04:10 57344 ----a-r- e:\documents and settings\__\Application Data\Microsoft\Installer\{269D9C87-36E2-453E-A58D-B39BD617917C}\NewShortcut7_B56E5B51EA954C948003CC703E2AFAD5.exe

2010-11-28 04:10 . 2010-11-28 04:10 57344 ----a-r- e:\documents and settings\__\Application Data\Microsoft\Installer\{269D9C87-36E2-453E-A58D-B39BD617917C}\NewShortcut1_9046FC1E1C604E8F87F08E640274C274.exe

2010-11-28 04:10 . 2010-11-28 04:10 -------- d-----w- e:\program files\Serato

2010-11-18 04:01 . 2010-11-18 04:01 -------- dc-h--w- e:\documents and settings\All Users\Application Data\{A0DFE2A5-DE68-41F3-8861-73E954C1D41D}

2010-11-18 04:00 . 2010-11-18 04:00 -------- dc-h--w- e:\documents and settings\All Users\Application Data\{BB25779E-744C-48F3-94DE-CD6F60A5AC55}

2010-11-18 03:59 . 2010-11-18 03:59 -------- dc-h--w- e:\documents and settings\All Users\Application Data\{A6DB2A6F-FF9D-453F-99D6-C1AA54BC0C14}

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-10-19 20:51 . 2010-09-02 06:30 222080 ------w- e:\windows\system32\MpSigStub.exe

2010-09-18 20:23 . 2007-04-03 06:44 974848 ----a-w- e:\windows\system32\mfc42u.dll

2010-09-18 06:53 . 2008-04-14 03:41 974848 ----a-w- e:\windows\system32\mfc42.dll

2010-09-18 06:53 . 2008-04-14 03:41 953856 ----a-w- e:\windows\system32\mfc40u.dll

2010-09-18 06:53 . 2001-08-23 12:00 954368 ----a-w- e:\windows\system32\mfc40.dll

.

------- Sigcheck -------

[-] 2010-04-29 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . e:\windows\system32\sfcfiles.dll

.

((((((((((((((((((((((((((((( SnapShot@2010-12-06_00.25.39 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-12-16 08:58 . 2010-12-16 08:58 16384 e:\windows\temp\Perflib_Perfdata_bb4.dat

+ 2010-12-16 08:58 . 2010-12-16 08:58 16384 e:\windows\temp\Perflib_Perfdata_a3c.dat

+ 2010-07-22 00:47 . 2008-07-06 12:06 89088 e:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll

+ 2008-04-14 03:42 . 2008-05-19 14:33 18944 e:\windows\system32\msisip.dll

+ 2008-04-14 03:42 . 2008-05-19 09:57 95744 e:\windows\system32\msiexec.exe

+ 2008-04-14 03:42 . 2008-05-19 14:33 18944 e:\windows\system32\dllcache\msisip.dll

+ 2008-04-14 03:42 . 2008-05-19 09:57 95744 e:\windows\system32\dllcache\msiexec.exe

+ 2007-03-23 03:24 . 2008-07-06 12:06 89088 e:\windows\system32\dllcache\filterpipelineprintproc.dll

- 2010-04-29 05:53 . 2010-12-06 00:01 32768 e:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

+ 2010-04-29 05:53 . 2010-12-06 03:23 32768 e:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

- 2010-04-29 05:53 . 2010-12-06 00:01 32768 e:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

+ 2010-04-29 05:53 . 2010-12-06 03:23 32768 e:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

+ 2010-12-05 23:28 . 2010-12-06 03:23 16384 e:\windows\system32\config\systemprofile\Cookies\index.dat

- 2010-12-05 23:28 . 2010-12-06 00:01 16384 e:\windows\system32\config\systemprofile\Cookies\index.dat

+ 2010-12-06 01:19 . 2010-12-06 01:19 37888 e:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\423f794d1f4ed6e120fbb02e436491cb\System.Windows.Presentation.ni.dll

+ 2010-12-06 01:18 . 2010-12-06 01:18 36864 e:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\19ca1747c1ea18a3b639b302bca8df93\System.Web.DynamicData.Design.ni.dll

+ 2010-12-06 01:16 . 2010-12-06 01:16 94208 e:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\532438e2acfcadc469a4d468c51f8451\System.ComponentModel.DataAnnotations.ni.dll

+ 2010-12-06 01:16 . 2010-12-06 01:16 82944 e:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\597b20e1b053d6a510cfe033c07a63e6\System.AddIn.Contract.ni.dll

+ 2010-12-06 01:17 . 2010-12-06 01:17 55296 e:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\790cf1edb17ee41b59be62ecbd59613b\Microsoft.Vsa.ni.dll

+ 2010-12-06 01:16 . 2010-12-06 01:16 65024 e:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e9aba2eab90d647356f65e66053da02b\Microsoft.Build.Framework.ni.dll

+ 2010-12-06 01:16 . 2010-12-06 01:16 74752 e:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\28343d470d992f169ca0e7cdb3cc3117\Microsoft.Build.Framework.ni.dll

+ 2010-12-06 01:16 . 2010-12-06 01:16 14336 e:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\f4e38208e88cb4cc314a1d6543b9fcc6\dfsvc.ni.exe

+ 2010-12-06 01:15 . 2010-12-06 01:15 25600 e:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\11eb4f6606ba01e5128805759121ea6c\Accessibility.ni.dll

+ 2008-04-13 19:09 . 2008-04-17 09:43 2560 e:\windows\system32\msimsg.dll

+ 2008-04-13 19:09 . 2008-04-17 09:43 2560 e:\windows\system32\dllcache\msimsg.dll

+ 2007-03-23 13:07 . 2008-07-06 12:06 575488 e:\windows\system32\xpsshhdr.dll

+ 2010-07-22 00:47 . 2008-07-06 12:06 147456 e:\windows\system32\spool\prtprocs\x64\filterpipelineprintproc.dll

+ 2007-03-23 03:25 . 2008-07-06 10:50 597504 e:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

+ 2007-03-23 03:25 . 2008-07-06 12:06 117760 e:\windows\system32\prntvpt.dll

+ 2008-04-14 03:42 . 2008-05-19 14:33 332800 e:\windows\system32\msihnd.dll

+ 2007-03-23 13:07 . 2008-07-06 12:06 575488 e:\windows\system32\dllcache\xpsshhdr.dll

+ 2007-03-23 03:25 . 2008-07-06 10:50 597504 e:\windows\system32\dllcache\printfilterpipelinesvc.exe

+ 2008-04-14 03:42 . 2008-05-19 14:33 332800 e:\windows\system32\dllcache\msihnd.dll

+ 2010-12-06 01:15 . 2010-12-06 01:15 321536 e:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\2ef5bc3a2edd7570bb23886a4f32294a\WsatConfig.ni.exe

+ 2010-12-06 01:19 . 2010-12-06 01:19 400896 e:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\c338a470b14851ce5987bb0f0869c310\System.Xml.Linq.ni.dll

+ 2010-12-06 01:18 . 2010-12-06 01:18 129536 e:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\bb77ea11f46ab438b2b7ed7c180011a1\System.Web.Routing.ni.dll

+ 2010-12-06 01:18 . 2010-12-06 01:18 202240 e:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\6ee255220d90dcbe80c990e443051cc5\System.Web.RegularExpressions.ni.dll

+ 2010-12-06 01:18 . 2010-12-06 01:18 859648 e:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\58f62044fa702ea6f936071aa5520baa\System.Web.Extensions.Design.ni.dll

+ 2010-12-06 01:18 . 2010-12-06 01:18 328704 e:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\79c29ac85dd57dd485ab60118ac292ff\System.Web.Entity.ni.dll

+ 2010-12-06 01:18 . 2010-12-06 01:18 301056 e:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\d3d65e34fa60f0b6c72ca0d12ec89933\System.Web.Entity.Design.ni.dll

+ 2010-12-06 01:18 . 2010-12-06 01:18 547328 e:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\b7891f5659db299dbd1b3c72db7edb9f\System.Web.DynamicData.ni.dll

+ 2010-12-06 01:18 . 2010-12-06 01:18 141312 e:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\00ec08741a765c707bd9169346064a81\System.Web.Abstractions.ni.dll

+ 2010-12-06 01:18 . 2010-12-06 01:18 627200 e:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\5a555c9ae6984c40157cf940bb519f7c\System.Transactions.ni.dll

+ 2010-12-06 01:18 . 2010-12-06 01:18 212992 e:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\ea3366939280c1715f1c620e33ee3c8a\System.ServiceProcess.ni.dll

+ 2010-12-06 01:16 . 2010-12-06 01:16 676352 e:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\1c8df2da33222c048d683017f2095f04\System.Security.ni.dll

+ 2010-12-06 01:17 . 2010-12-06 01:17 311296 e:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\bfd6e16d8c3589cd2bd3f8d46f0a5402\System.Runtime.Serialization.Formatters.Soap.ni.dll

+ 2010-12-06 01:17 . 2010-12-06 01:17 621056 e:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\519d9c618341b136f9b963ffb7495308\System.Net.ni.dll

+ 2010-12-06 01:17 . 2010-12-06 01:17 998400 e:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\8642fdfbf02a6cb6f01169fe6fdb5d11\System.Management.ni.dll

+ 2010-12-06 01:17 . 2010-12-06 01:17 330752 e:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\1d3fbbd23ce1e8637ef4f40a8d23cd32\System.Management.Instrumentation.ni.dll

+ 2010-12-06 01:14 . 2010-12-06 01:14 381440 e:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\7c367a96b10d626ec8cbf8149272d845\System.IO.Log.ni.dll

+ 2010-12-06 01:14 . 2010-12-06 01:14 212992 e:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\68e71147704ef0d34d9a4bece7767fc5\System.IdentityModel.Selectors.ni.dll

+ 2010-12-06 01:17 . 2010-12-06 01:17 280064 e:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4267bd908175603006c6c90bb5d900c7\System.EnterpriseServices.Wrapper.dll

+ 2010-12-06 01:17 . 2010-12-06 01:17 627712 e:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4267bd908175603006c6c90bb5d900c7\System.EnterpriseServices.ni.dll

+ 2010-12-06 01:17 . 2010-12-06 01:17 455680 e:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c434a07332ce490711c27fd0edb7562f\System.DirectoryServices.Protocols.ni.dll

+ 2010-12-06 01:17 . 2010-12-06 01:17 881152 e:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\8b3bb7a2c2f3ffe94c866283f1cd5957\System.DirectoryServices.AccountManagement.ni.dll

+ 2010-12-06 01:17 . 2010-12-06 01:17 939008 e:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\a4b887f476fa4b8746a93a9fc2208560\System.Data.Services.Client.ni.dll

+ 2010-12-06 01:17 . 2010-12-06 01:17 354816 e:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\1cf3acad6553d6c59df576794f4e8bd6\System.Data.Services.Design.ni.dll

+ 2010-12-06 01:17 . 2010-12-06 01:17 756736 e:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\392de34573f9f8ec885714f2f3e7f07f\System.Data.Entity.Design.ni.dll

+ 2010-12-06 01:16 . 2010-12-06 01:16 135680 e:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\1db495ff00bbd14df4af6680c4de0653\System.Data.DataSetExtensions.ni.dll

+ 2010-12-06 01:16 . 2010-12-06 01:16 971264 e:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\b82c00e2d24305ad6cb08556e3779b75\System.Configuration.ni.dll

+ 2010-12-06 01:17 . 2010-12-06 01:17 141312 e:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\de514e484e49b04b016949d57ffac03e\System.Configuration.Install.ni.dll

+ 2010-12-06 01:16 . 2010-12-06 01:16 633856 e:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\ce984d754e3c0b6be4504b785cc43574\System.AddIn.ni.dll

+ 2010-12-06 01:15 . 2010-12-06 01:15 366080 e:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\045dd501b7257b1cc26083538ae69045\SMSvcHost.ni.exe

+ 2010-12-06 01:15 . 2010-12-06 01:15 256000 e:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\9790551187e294b4ed3aaa1c221891c7\SMDiagnostics.ni.dll

+ 2010-12-06 01:15 . 2010-12-06 01:15 320512 e:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\10a0c9707876fc1f65e64b811a28b020\ServiceModelReg.ni.exe

+ 2010-12-06 01:16 . 2010-12-06 01:16 133632 e:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\6d38e317128608bc4516ea46ab94590e\MSBuild.ni.exe

+ 2010-12-06 01:15 . 2010-12-06 01:15 386560 e:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\1820d6a012fc0e16c3e1d29d973cd2d0\Microsoft.Transactions.Bridge.Dtc.ni.dll

+ 2010-12-06 01:16 . 2010-12-06 01:16 144384 e:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\55b9eff9e23359faed4351386c062238\Microsoft.Build.Utilities.ni.dll

+ 2010-12-06 01:16 . 2010-12-06 01:16 175104 e:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\4217124db1ea5de5f1a1f3eea75e8d32\Microsoft.Build.Utilities.v3.5.ni.dll

+ 2010-12-06 01:16 . 2010-12-06 01:16 839680 e:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\96825c34d7e1f7df1923ff2123bed8da\Microsoft.Build.Engine.ni.dll

+ 2010-12-06 01:16 . 2010-12-06 01:16 222720 e:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\9b321ebf67587237f576df6104a32588\Microsoft.Build.Conversion.v3.5.ni.dll

+ 2010-12-06 01:16 . 2010-12-06 01:16 220672 e:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\9bea05938bee3555c5aa8763d89a68f9\CustomMarshalers.ni.dll

+ 2010-12-06 01:15 . 2010-12-06 01:15 410112 e:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\12629e2f3e315459bee67cbbaac85cb2\ComSvcConfig.ni.exe

+ 2010-12-06 01:16 . 2010-12-06 01:16 842240 e:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\b5b2feadc3943e3976daebc0bcd2b5e2\AspNetMMCExt.ni.dll

+ 2007-03-23 13:07 . 2008-07-06 12:06 1676288 e:\windows\system32\xpssvcs.dll

+ 2008-04-14 03:42 . 2008-05-19 14:33 4445184 e:\windows\system32\msi.dll

- 2010-04-28 22:43 . 2010-12-05 23:47 2009632 e:\windows\system32\FNTCACHE.DAT

+ 2010-04-28 22:43 . 2010-12-06 02:39 2009632 e:\windows\system32\FNTCACHE.DAT

+ 2007-03-23 13:07 . 2008-07-06 12:06 1676288 e:\windows\system32\dllcache\xpssvcs.dll

+ 2008-04-14 03:42 . 2008-05-19 14:33 4445184 e:\windows\system32\dllcache\msi.dll

+ 2010-12-06 01:19 . 2010-12-06 01:19 1356288 e:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\ac1750e78d79520dcf19195772eff1b6\System.WorkflowServices.ni.dll

+ 2010-12-06 01:19 . 2010-12-06 01:19 1908224 e:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\d265da36954fcb4cb7ad5adc693ea0f2\System.Workflow.Runtime.ni.dll

+ 2010-12-06 01:19 . 2010-12-06 01:19 4514304 e:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\693a8fbe6f7ad6e4e429052da4317e59\System.Workflow.ComponentModel.ni.dll

+ 2010-12-06 01:19 . 2010-12-06 01:19 2992640 e:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\cc99fbbac0b6e4e9ca62093e49b0c16b\System.Workflow.Activities.ni.dll

+ 2010-12-06 01:19 . 2010-12-06 01:19 1840640 e:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\b57bb002a655920cbfa2bee29d1e22b7\System.Web.Services.ni.dll

+ 2010-12-06 01:18 . 2010-12-06 01:18 2209280 e:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\81197e32ec931f439b3114e9031b65d6\System.Web.Mobile.ni.dll

+ 2010-12-06 01:18 . 2010-12-06 01:18 2403328 e:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\7f64c9d25471b72e1e957bdfe67947c8\System.Web.Extensions.ni.dll

+ 2010-12-06 01:18 . 2010-12-06 01:18 1917440 e:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\63cf639b6e0a3c25c1643c85016e7422\System.Speech.ni.dll

+ 2010-12-06 01:18 . 2010-12-06 01:18 1706496 e:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\340cad17fe57947eacbc8fa2cea780da\System.ServiceModel.Web.ni.dll

+ 2010-12-06 01:15 . 2010-12-06 01:15 2338304 e:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\034c91b133dee73d452652c52767b5ea\System.Runtime.Serialization.ni.dll

+ 2010-12-06 01:14 . 2010-12-06 01:14 1056768 e:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\c2de8479e54852f56996f79bc93acb13\System.IdentityModel.ni.dll

+ 2010-12-06 01:17 . 2010-12-06 01:17 1116672 e:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\543aced762f6b0c3f8e037955941afc6\System.DirectoryServices.ni.dll

+ 2010-12-06 01:17 . 2010-12-06 01:17 1801216 e:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\a6b58624486714fa71e5e35186850ff0\System.Deployment.ni.dll

+ 2010-12-06 01:16 . 2010-12-06 01:16 2510336 e:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\826b09ab0d0e36f4d631b4cd335df511\System.Data.SqlXml.ni.dll

+ 2010-12-06 01:17 . 2010-12-06 01:17 1328128 e:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\956a513dcbd44d5a6801840ef2b0b47b\System.Data.Services.ni.dll

+ 2010-12-06 01:17 . 2010-12-06 01:17 9924096 e:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\6479f975b105808a8d9e7a7fdc762551\System.Data.Entity.ni.dll

+ 2010-12-06 01:16 . 2010-12-06 01:16 1712128 e:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\1c86afc399d0fdd8e069266ffbe748d1\Microsoft.VisualBasic.ni.dll

+ 2010-12-06 01:15 . 2010-12-06 01:15 1093120 e:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\6b2f62f5e981913fce1d223f645d9ddf\Microsoft.Transactions.Bridge.ni.dll

+ 2010-12-06 01:17 . 2010-12-06 01:17 2332160 e:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\b261961046545831aa60963e84905968\Microsoft.JScript.ni.dll

+ 2010-12-06 01:16 . 2010-12-06 01:16 1620992 e:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\bd241492d96db39f20e758c13c845033\Microsoft.Build.Tasks.ni.dll

+ 2010-12-06 01:16 . 2010-12-06 01:16 1966080 e:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\a47100d8f4574bed2d49d83d0ab8964e\Microsoft.Build.Tasks.v3.5.ni.dll

+ 2010-12-06 01:16 . 2010-12-06 01:16 1888768 e:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\6cfe582681724965fb817e8ece5f0909\Microsoft.Build.Engine.ni.dll

+ 2010-12-06 01:18 . 2010-12-06 01:18 11796992 e:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\3963ce03d445a8619abbf388d590134b\System.Web.ni.dll

+ 2010-12-06 01:15 . 2010-12-06 01:15 17317888 e:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\85a68b5908535729e0458a1a58001df3\System.ServiceModel.ni.dll

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAAnotif"="e:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]

"JMB36X IDE Setup"="e:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]

"36X Raid Configurer"="e:\windows\system32\xRaidSetup.exe" [2007-11-19 1966080]

"Norton Ghost 14.0"="e:\program files\Norton Ghost\Agent\VProTray.exe" [2008-01-20 2245984]

"NeroFilterCheck"="e:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"PrnStatusMX"="e:\program files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe" [2007-08-29 1077248]

"AdobeCS4ServiceManager"="e:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]

"Adobe Acrobat Speed Launcher"="e:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]

"RTHDCPL"="RTHDCPL.EXE" [2010-05-01 19523616]

"SunJavaUpdateSched"="e:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"AppleSyncNotifier"="e:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-22 47904]

"QuickTime Task"="e:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]

"iTunesHelper"="e:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]

"Malwarebytes' Anti-Malware"="e:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-11-30 443728]

"Broadcom Wireless Manager"="e:\windows\system32\wltray.exe" [2007-03-02 1282048]

"avgnt"="e:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-06 281768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="e:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

e:\documents and settings\All Users\Start Menu\Programs\Startup\

Dynex Wireless Networking Utility.lnk - e:\program files\Dynex G Desktop Card Adapter\DynexWCUI.exe [2010-12-5 1462272]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]

2008-06-12 05:43 640376 ----a-w- e:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"e:\\Program Files\\DC++\\DCPlusPlus.exe"=

"e:\\Program Files\\EA GAMES\\Battlefield 2 Demo\\BF2.exe"=

"e:\\Program Files\\uTorrent\\uTorrent.exe"=

"e:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"e:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=

"e:\\Program Files\\iTunes\\iTunes.exe"=

"e:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

"e:\\Program Files\\Guillemot\\tools\\giWebUpdater.exe"=

"e:\\WINDOWS\\system32\\dpvsetup.exe"=

"e:\\WINDOWS\\system32\\sessmgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5353:TCP"= 5353:TCP:*:Disabled:Adobe CSI CS4

"3689:TCP"= 3689:TCP:iTunes Sharing

R2 AntiVirMailService;Avira AntiVir MailGuard;e:\program files\Avira\AntiVir Desktop\avmailc.exe [12/5/2010 1:34 PM 339624]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;e:\program files\Avira\AntiVir Desktop\sched.exe [12/5/2010 1:34 PM 135336]

R2 AntiVirWebService;Avira AntiVir WebGuard;e:\program files\Avira\AntiVir Desktop\avwebgrd.exe [12/5/2010 1:34 PM 403624]

R2 MBAMService;MBAMService;e:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/5/2010 12:14 AM 363344]

R2 NIHardwareService;NIHardwareService;e:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [10/19/2010 9:34 AM 3791872]

R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;e:\windows\system32\dllhost.exe [4/13/2008 7:42 PM 5120]

R3 MBAMProtector;MBAMProtector;e:\windows\system32\drivers\mbam.sys [12/5/2010 12:14 AM 20952]

R3 SymSnapService;SymSnapService;e:\program files\Norton Ghost\Shared\Drivers\SymSnapService.exe [12/20/2007 4:13 PM 1553896]

R3 WDC_SAM;WD SCSI Pass Thru driver;e:\windows\system32\drivers\wdcsam.sys [5/6/2008 3:06 PM 11520]

S3 Ambfilt;Ambfilt;e:\windows\system32\drivers\Ambfilt.sys [4/28/2010 10:34 PM 1691480]

S3 Bulk;HDJBulk;e:\windows\system32\Drivers\HDJBulk.sys --> e:\windows\system32\Drivers\HDJBulk.sys [?]

S3 HDJAsioK;HDJAsioK;e:\windows\system32\Drivers\HDJAsioK.sys --> e:\windows\system32\Drivers\HDJAsioK.sys [?]

S3 HDJMidi;Hercules DJ Console Rmx MIDI;e:\windows\system32\DRIVERS\HDJMidi.sys --> e:\windows\system32\DRIVERS\HDJMidi.sys [?]

S3 MAUSBFASTTRACK;Service for M-Audio FastTrack;e:\windows\system32\DRIVERS\MAudioFastTrack.sys --> e:\windows\system32\DRIVERS\MAudioFastTrack.sys [?]

S3 MAUSBMIDI;Service for M-Audio USB MIDI Series;e:\windows\system32\DRIVERS\MAudioUSBMIDI.sys --> e:\windows\system32\DRIVERS\MAudioUSBMIDI.sys [?]

S3 MEMSWEEP2;MEMSWEEP2;\??\e:\windows\system32\14.tmp --> e:\windows\system32\14.tmp [?]

S4 sptd;sptd;e:\windows\system32\drivers\sptd.sys [4/29/2010 12:50 AM 691696]

.

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = *.local

IE: Append Link Target to Existing PDF - e:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - e:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - e:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - e:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - e:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

LSP: e:\program files\Avira\AntiVir Desktop\avsda.dll

FF - ProfilePath - e:\documents and settings\__\Application Data\Mozilla\Firefox\Profiles\rjaoickg.default\

FF - prefs.js: browser.startup.homepage - hxxP://WWW.DJBEEJ.COM

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - e:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - e:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - e:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - e:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}

FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}

FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-12-16 01:07

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: Intel___ rev.1.0. -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2

device: opened successfully

user: MBR read successfully

Disk trace:

called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys iaStor.sys hal.dll

e:\docume~1\__\LOCALS~1\Temp\catchme.sys

e:\windows\system32\drivers\iaStor.sys Intel Corporation Intel Matrix Storage Manager driver

1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8AE62700]

3 CLASSPNP[0xBA108FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Ide\IAAStorageDevice-3[0x8A89D028]

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; }

user != kernel MBR !!!

sectors 290437118 (+255): user != kernel

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]

"ImagePath"="\??\e:\windows\system32\14.tmp"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@e:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="e:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(776)

e:\windows\system32\Ati2evxx.dll

e:\windows\system32\atiadlxx.dll

- - - - - - - > 'lsass.exe'(836)

e:\program files\Avira\AntiVir Desktop\avsda.dll

- - - - - - - > 'explorer.exe'(3424)

e:\windows\system32\WININET.dll

e:\windows\system32\ieframe.dll

e:\windows\system32\msi.dll

e:\windows\system32\webcheck.dll

e:\windows\system32\WPDShServiceObj.dll

e:\windows\system32\PortableDeviceTypes.dll

e:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2010-12-16 01:09:22

ComboFix-quarantined-files.txt 2010-12-16 09:09

ComboFix2.txt 2010-12-06 00:33

ComboFix3.txt 2010-12-06 00:27

Pre-Run: 8,017,989,632 bytes free

Post-Run: 8,016,961,536 bytes free

- - End Of File - - 4166DEF6DB57631FCCF851772773502D

Link to post
Share on other sites

Hi,

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    TDSSKillermain.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
    TDSSKillerSuspicious.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Download this tool to desktop:

http://www2.gmer.net/mbr/mbr.exe

Double click it & post the log it creates on desktop. (mbr.log)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please go to: VirusTotal

  • virustotal2-SWI.png
  • Click the Browse button and search for the following file: e:\windows\system32\psbase3.dll
  • Click Open
  • Then click Send File
  • Please be patient while the file is scanned.
  • Once the scan results appear, please provide them in your next reply.

If it says already scanned -- click "reanalyze now"

Please post the results in your next reply.

Link to post
Share on other sites

Please post the results in your next reply.

This is very scary. I have a 2TB RAID 0 config that has not been working since the trojan/rootkit began (2 total drives). During startup my raid utility shows one of those HDDs as being non raid formatted.

TDSSKiller has found a problem in what appears to be:

Malicious Objects

Rootkit.Win32.TDSS.tdl4

Physical Drive

Name: \HardDisk0

I'm a musician and all my life's work is on one of those 2 HDDs. Do I stand the chance of losing it after the fix? It seems to be tied in to my MBR. I see there's an option to "copy to quarantine". Copy or cure my friend? =)

Link to post
Share on other sites

2010/12/18 13:14:59.0031 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46

2010/12/18 13:14:59.0031 ================================================================================

2010/12/18 13:14:59.0031 SystemInfo:

2010/12/18 13:14:59.0031

2010/12/18 13:14:59.0031 OS Version: 5.1.2600 ServicePack: 3.0

2010/12/18 13:14:59.0031 Product type: Workstation

2010/12/18 13:14:59.0031 ComputerName: _

2010/12/18 13:14:59.0031 UserName: __

2010/12/18 13:14:59.0031 Windows directory: E:\WINDOWS

2010/12/18 13:14:59.0031 System windows directory: E:\WINDOWS

2010/12/18 13:14:59.0031 Processor architecture: Intel x86

2010/12/18 13:14:59.0031 Number of processors: 4

2010/12/18 13:14:59.0031 Page size: 0x1000

2010/12/18 13:14:59.0031 Boot type: Normal boot

2010/12/18 13:14:59.0031 ================================================================================

2010/12/18 13:15:11.0062 Initialize success

2010/12/18 13:15:27.0437 ================================================================================

2010/12/18 13:15:27.0437 Scan started

2010/12/18 13:15:27.0437 Mode: Manual;

2010/12/18 13:15:27.0437 ================================================================================

2010/12/18 13:15:27.0625 ACPI (8fd99680a539792a30e97944fdaecf17) E:\WINDOWS\system32\DRIVERS\ACPI.sys

2010/12/18 13:15:27.0656 ACPIEC (9859c0f6936e723e4892d7141b1327d5) E:\WINDOWS\system32\drivers\ACPIEC.sys

2010/12/18 13:15:27.0687 adfs (6d7f09cd92a9fef3a8efce66231fdd79) E:\WINDOWS\system32\drivers\adfs.sys

2010/12/18 13:15:27.0766 aec (8bed39e3c35d6a489438b8141717a557) E:\WINDOWS\system32\drivers\aec.sys

2010/12/18 13:15:27.0812 AFD (7e775010ef291da96ad17ca4b17137d7) E:\WINDOWS\System32\drivers\afd.sys

2010/12/18 13:15:27.0937 Ambfilt (267fc636801edc5ab28e14036349e3be) E:\WINDOWS\system32\drivers\Ambfilt.sys

2010/12/18 13:15:28.0078 Arp1394 (b5b8a80875c1dededa8b02765642c32f) E:\WINDOWS\system32\DRIVERS\arp1394.sys

2010/12/18 13:15:28.0172 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) E:\WINDOWS\system32\DRIVERS\asyncmac.sys

2010/12/18 13:15:28.0187 atapi (9f3a2f5aa6875c72bf062c712cfa2674) E:\WINDOWS\system32\DRIVERS\atapi.sys

2010/12/18 13:15:28.0328 ati2mtag (c026951271d59ff97deb2a6b4895b416) E:\WINDOWS\system32\DRIVERS\ati2mtag.sys

2010/12/18 13:15:28.0375 AtiHdmiService (dc6957811ff95f2dd3004361b20d8d3f) E:\WINDOWS\system32\drivers\AtiHdmi.sys

2010/12/18 13:15:28.0422 Atmarpc (9916c1225104ba14794209cfa8012159) E:\WINDOWS\system32\DRIVERS\atmarpc.sys

2010/12/18 13:15:28.0453 audstub (d9f724aa26c010a217c97606b160ed68) E:\WINDOWS\system32\DRIVERS\audstub.sys

2010/12/18 13:15:28.0516 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) E:\Program Files\Avira\AntiVir Desktop\avgio.sys

2010/12/18 13:15:28.0562 avgntflt (47b879406246ffdced59e18d331a0e7d) E:\WINDOWS\system32\DRIVERS\avgntflt.sys

2010/12/18 13:15:28.0594 avipbb (7c834dccb56c121854feee82a1f00196) E:\WINDOWS\system32\DRIVERS\avipbb.sys

2010/12/18 13:15:28.0656 Beep (da1f27d85e0d1525f6621372e7b685e9) E:\WINDOWS\system32\drivers\Beep.sys

2010/12/18 13:15:28.0750 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) E:\WINDOWS\system32\drivers\cbidf2k.sys

2010/12/18 13:15:28.0812 Cdaudio (c1b486a7658353d33a10cc15211a873b) E:\WINDOWS\system32\drivers\Cdaudio.sys

2010/12/18 13:15:28.0844 Cdfs (c885b02847f5d2fd45a24e219ed93b32) E:\WINDOWS\system32\drivers\Cdfs.sys

2010/12/18 13:15:28.0859 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) E:\WINDOWS\system32\DRIVERS\cdrom.sys

2010/12/18 13:15:29.0000 CrystalSysInfo (f054744f67576a01139885173392502b) E:\Program Files\MediaCoder Audio Edition\SysInfo.sys

2010/12/18 13:15:29.0062 Disk (044452051f3e02e7963599fc8f4f3e25) E:\WINDOWS\system32\DRIVERS\disk.sys

2010/12/18 13:15:29.0094 dmboot (d992fe1274bde0f84ad826acae022a41) E:\WINDOWS\system32\drivers\dmboot.sys

2010/12/18 13:15:29.0187 dmio (7c824cf7bbde77d95c08005717a95f6f) E:\WINDOWS\system32\drivers\dmio.sys

2010/12/18 13:15:29.0250 dmload (e9317282a63ca4d188c0df5e09c6ac5f) E:\WINDOWS\system32\drivers\dmload.sys

2010/12/18 13:15:29.0297 DMusic (8a208dfcf89792a484e76c40e5f50b45) E:\WINDOWS\system32\drivers\DMusic.sys

2010/12/18 13:15:29.0344 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) E:\WINDOWS\system32\drivers\drmkaud.sys

2010/12/18 13:15:29.0391 Fastfat (38d332a6d56af32635675f132548343e) E:\WINDOWS\system32\drivers\Fastfat.sys

2010/12/18 13:15:29.0422 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) E:\WINDOWS\system32\drivers\Fdc.sys

2010/12/18 13:15:29.0453 Fips (d45926117eb9fa946a6af572fbe1caa3) E:\WINDOWS\system32\drivers\Fips.sys

2010/12/18 13:15:29.0484 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) E:\WINDOWS\system32\drivers\Flpydisk.sys

2010/12/18 13:15:29.0531 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) E:\WINDOWS\system32\DRIVERS\fltMgr.sys

2010/12/18 13:15:29.0578 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) E:\WINDOWS\system32\drivers\Fs_Rec.sys

2010/12/18 13:15:29.0594 Ftdisk (6ac26732762483366c3969c9e4d2259d) E:\WINDOWS\system32\DRIVERS\ftdisk.sys

2010/12/18 13:15:29.0625 GEARAspiWDM (4ac51459805264affd5f6fdfb9d9235f) E:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2010/12/18 13:15:29.0656 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) E:\WINDOWS\system32\DRIVERS\msgpc.sys

2010/12/18 13:15:29.0687 HDAudBus (573c7d0a32852b48f3058cfd8026f511) E:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2010/12/18 13:15:29.0766 hidusb (ccf82c5ec8a7326c3066de870c06daf1) E:\WINDOWS\system32\DRIVERS\hidusb.sys

2010/12/18 13:15:29.0844 HTTP (f80a415ef82cd06ffaf0d971528ead38) E:\WINDOWS\system32\Drivers\HTTP.sys

2010/12/18 13:15:29.0906 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) E:\WINDOWS\system32\drivers\i8042prt.sys

2010/12/18 13:15:29.0953 iaStor (d483687eace0c065ee772481a96e05f5) E:\WINDOWS\system32\DRIVERS\iaStor.sys

2010/12/18 13:15:29.0984 Imapi (083a052659f5310dd8b6a6cb05edcf8e) E:\WINDOWS\system32\DRIVERS\imapi.sys

2010/12/18 13:15:30.0172 IntcAzAudAddService (7a9299f48d6f2e802e5b0e0dc508842a) E:\WINDOWS\system32\drivers\RtkHDAud.sys

2010/12/18 13:15:30.0234 intelppm (8c953733d8f36eb2133f5bb58808b66b) E:\WINDOWS\system32\DRIVERS\intelppm.sys

2010/12/18 13:15:30.0297 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) E:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

2010/12/18 13:15:30.0328 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) E:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2010/12/18 13:15:30.0375 IpInIp (b87ab476dcf76e72010632b5550955f5) E:\WINDOWS\system32\DRIVERS\ipinip.sys

2010/12/18 13:15:30.0406 IpNat (cc748ea12c6effde940ee98098bf96bb) E:\WINDOWS\system32\DRIVERS\ipnat.sys

2010/12/18 13:15:30.0422 IPSec (23c74d75e36e7158768dd63d92789a91) E:\WINDOWS\system32\DRIVERS\ipsec.sys

2010/12/18 13:15:30.0469 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) E:\WINDOWS\system32\DRIVERS\irenum.sys

2010/12/18 13:15:30.0484 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) E:\WINDOWS\system32\DRIVERS\isapnp.sys

2010/12/18 13:15:30.0531 Jraid (a324485106f133e751f4b7f47c4be3ea) E:\WINDOWS\system32\DRIVERS\jraid.sys

2010/12/18 13:15:30.0547 Kbdclass (463c1ec80cd17420a542b7f36a36f128) E:\WINDOWS\system32\DRIVERS\kbdclass.sys

2010/12/18 13:15:30.0578 kbdhid (9ef487a186dea361aa06913a75b3fa99) E:\WINDOWS\system32\DRIVERS\kbdhid.sys

2010/12/18 13:15:30.0625 kmixer (692bcf44383d056aed41b045a323d378) E:\WINDOWS\system32\drivers\kmixer.sys

2010/12/18 13:15:30.0672 KSecDD (b467646c54cc746128904e1654c750c1) E:\WINDOWS\system32\drivers\KSecDD.sys

2010/12/18 13:15:30.0766 MBAMProtector (9b5cc6c481bdd00a963829b892623247) E:\WINDOWS\system32\drivers\mbam.sys

2010/12/18 13:15:30.0844 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) E:\WINDOWS\system32\drivers\mnmdd.sys

2010/12/18 13:15:30.0891 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) E:\WINDOWS\system32\drivers\Modem.sys

2010/12/18 13:15:30.0953 Monfilt (c7d9f9717916b34c1b00dd4834af485c) E:\WINDOWS\system32\drivers\Monfilt.sys

2010/12/18 13:15:31.0000 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) E:\WINDOWS\system32\DRIVERS\mouclass.sys

2010/12/18 13:15:31.0078 mouhid (b1c303e17fb9d46e87a98e4ba6769685) E:\WINDOWS\system32\DRIVERS\mouhid.sys

2010/12/18 13:15:31.0109 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) E:\WINDOWS\system32\drivers\MountMgr.sys

2010/12/18 13:15:31.0156 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) E:\WINDOWS\system32\DRIVERS\mrxdav.sys

2010/12/18 13:15:31.0187 MRxSmb (f3aefb11abc521122b67095044169e98) E:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2010/12/18 13:15:31.0234 Msfs (c941ea2454ba8350021d774daf0f1027) E:\WINDOWS\system32\drivers\Msfs.sys

2010/12/18 13:15:31.0266 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) E:\WINDOWS\system32\drivers\MSKSSRV.sys

2010/12/18 13:15:31.0297 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) E:\WINDOWS\system32\drivers\MSPCLOCK.sys

2010/12/18 13:15:31.0328 MSPQM (bad59648ba099da4a17680b39730cb3d) E:\WINDOWS\system32\drivers\MSPQM.sys

2010/12/18 13:15:31.0375 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) E:\WINDOWS\system32\DRIVERS\mssmbios.sys

2010/12/18 13:15:31.0391 Mup (2f625d11385b1a94360bfc70aaefdee1) E:\WINDOWS\system32\drivers\Mup.sys

2010/12/18 13:15:31.0422 NDIS (1df7f42665c94b825322fae71721130d) E:\WINDOWS\system32\drivers\NDIS.sys

2010/12/18 13:15:31.0453 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) E:\WINDOWS\system32\DRIVERS\ndistapi.sys

2010/12/18 13:15:31.0484 Ndisuio (f927a4434c5028758a842943ef1a3849) E:\WINDOWS\system32\DRIVERS\ndisuio.sys

2010/12/18 13:15:31.0516 NdisWan (edc1531a49c80614b2cfda43ca8659ab) E:\WINDOWS\system32\DRIVERS\ndiswan.sys

2010/12/18 13:15:31.0547 NDProxy (6215023940cfd3702b46abc304e1d45a) E:\WINDOWS\system32\drivers\NDProxy.sys

2010/12/18 13:15:31.0562 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) E:\WINDOWS\system32\DRIVERS\netbios.sys

2010/12/18 13:15:31.0594 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) E:\WINDOWS\system32\DRIVERS\netbt.sys

2010/12/18 13:15:31.0641 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) E:\WINDOWS\system32\DRIVERS\nic1394.sys

2010/12/18 13:15:31.0672 Npfs (3182d64ae053d6fb034f44b6def8034a) E:\WINDOWS\system32\drivers\Npfs.sys

2010/12/18 13:15:31.0703 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) E:\WINDOWS\system32\drivers\Ntfs.sys

2010/12/18 13:15:31.0750 Null (73c1e1f395918bc2c6dd67af7591a3ad) E:\WINDOWS\system32\drivers\Null.sys

2010/12/18 13:15:31.0781 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) E:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2010/12/18 13:15:31.0812 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) E:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2010/12/18 13:15:31.0828 ohci1394 (ca33832df41afb202ee7aeb05145922f) E:\WINDOWS\system32\DRIVERS\ohci1394.sys

2010/12/18 13:15:31.0859 Parport (5575faf8f97ce5e713d108c2a58d7c7c) E:\WINDOWS\system32\DRIVERS\parport.sys

2010/12/18 13:15:31.0891 PartMgr (beb3ba25197665d82ec7065b724171c6) E:\WINDOWS\system32\drivers\PartMgr.sys

2010/12/18 13:15:31.0922 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) E:\WINDOWS\system32\drivers\ParVdm.sys

2010/12/18 13:15:31.0953 PCI (a219903ccf74233761d92bef471a07b1) E:\WINDOWS\system32\DRIVERS\pci.sys

2010/12/18 13:15:32.0000 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) E:\WINDOWS\system32\DRIVERS\pciide.sys

2010/12/18 13:15:32.0016 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) E:\WINDOWS\system32\drivers\Pcmcia.sys

2010/12/18 13:15:32.0172 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) E:\WINDOWS\system32\DRIVERS\raspptp.sys

2010/12/18 13:15:32.0187 PSched (09298ec810b07e5d582cb3a3f9255424) E:\WINDOWS\system32\DRIVERS\psched.sys

2010/12/18 13:15:32.0219 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) E:\WINDOWS\system32\DRIVERS\ptilink.sys

2010/12/18 13:15:32.0328 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) E:\WINDOWS\system32\DRIVERS\rasacd.sys

2010/12/18 13:15:32.0344 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) E:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2010/12/18 13:15:32.0375 RasPppoe (5bc962f2654137c9909c3d4603587dee) E:\WINDOWS\system32\DRIVERS\raspppoe.sys

2010/12/18 13:15:32.0406 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) E:\WINDOWS\system32\DRIVERS\raspti.sys

2010/12/18 13:15:32.0437 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) E:\WINDOWS\system32\DRIVERS\rdbss.sys

2010/12/18 13:15:32.0453 RDPCDD (4912d5b403614ce99c28420f75353332) E:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2010/12/18 13:15:32.0500 rdpdr (15cabd0f7c00c47c70124907916af3f1) E:\WINDOWS\system32\DRIVERS\rdpdr.sys

2010/12/18 13:15:32.0547 RDPWD (6728e45b66f93c08f11de2e316fc70dd) E:\WINDOWS\system32\drivers\RDPWD.sys

2010/12/18 13:15:32.0594 redbook (f828dd7e1419b6653894a8f97a0094c5) E:\WINDOWS\system32\DRIVERS\redbook.sys

2010/12/18 13:15:32.0656 RTLE8023xp (6ebfbbf24fed8285928b825a46618f8a) E:\WINDOWS\system32\DRIVERS\Rtenicxp.sys

2010/12/18 13:15:32.0703 Secdrv (90a3935d05b494a5a39d37e71f09a677) E:\WINDOWS\system32\DRIVERS\secdrv.sys

2010/12/18 13:15:32.0719 serenum (0f29512ccd6bead730039fb4bd2c85ce) E:\WINDOWS\system32\DRIVERS\serenum.sys

2010/12/18 13:15:32.0750 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) E:\WINDOWS\system32\DRIVERS\serial.sys

2010/12/18 13:15:32.0781 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) E:\WINDOWS\system32\drivers\Sfloppy.sys

2010/12/18 13:15:32.0859 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) E:\WINDOWS\system32\drivers\splitter.sys

2010/12/18 13:15:32.0906 sptd (cdddec541bc3c96f91ecb48759673505) E:\WINDOWS\System32\Drivers\sptd.sys

2010/12/18 13:15:32.0984 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) E:\WINDOWS\system32\DRIVERS\sr.sys

2010/12/18 13:15:33.0062 Srv (0f6aefad3641a657e18081f52d0c15af) E:\WINDOWS\system32\DRIVERS\srv.sys

2010/12/18 13:15:33.0094 ssmdrv (a36ee93698802cd899f98bfd553d8185) E:\WINDOWS\system32\DRIVERS\ssmdrv.sys

2010/12/18 13:15:33.0125 swenum (3941d127aef12e93addf6fe6ee027e0f) E:\WINDOWS\system32\DRIVERS\swenum.sys

2010/12/18 13:15:33.0156 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) E:\WINDOWS\system32\drivers\swmidi.sys

2010/12/18 13:15:33.0219 symsnap (c9273531eac75ee225e3170fb6107fa3) E:\WINDOWS\system32\DRIVERS\symsnap.sys

2010/12/18 13:15:33.0297 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) E:\WINDOWS\system32\drivers\sysaudio.sys

2010/12/18 13:15:33.0328 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) E:\WINDOWS\system32\DRIVERS\tcpip.sys

2010/12/18 13:15:33.0375 TDPIPE (6471a66807f5e104e4885f5b67349397) E:\WINDOWS\system32\drivers\TDPIPE.sys

2010/12/18 13:15:33.0437 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) E:\WINDOWS\system32\drivers\TDTCP.sys

2010/12/18 13:15:33.0469 TermDD (88155247177638048422893737429d9e) E:\WINDOWS\system32\DRIVERS\termdd.sys

2010/12/18 13:15:33.0531 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) E:\WINDOWS\system32\drivers\Udfs.sys

2010/12/18 13:15:33.0625 Update (402ddc88356b1bac0ee3dd1580c76a31) E:\WINDOWS\system32\DRIVERS\update.sys

2010/12/18 13:15:33.0672 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) E:\WINDOWS\system32\Drivers\usbaapl.sys

2010/12/18 13:15:33.0703 usbaudio (e919708db44ed8543a7c017953148330) E:\WINDOWS\system32\drivers\usbaudio.sys

2010/12/18 13:15:33.0734 usbccgp (173f317ce0db8e21322e71b7e60a27e8) E:\WINDOWS\system32\DRIVERS\usbccgp.sys

2010/12/18 13:15:33.0766 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) E:\WINDOWS\system32\DRIVERS\usbehci.sys

2010/12/18 13:15:33.0812 usbhub (1ab3cdde553b6e064d2e754efe20285c) E:\WINDOWS\system32\DRIVERS\usbhub.sys

2010/12/18 13:15:33.0844 usbprint (a717c8721046828520c9edf31288fc00) E:\WINDOWS\system32\DRIVERS\usbprint.sys

2010/12/18 13:15:33.0875 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) E:\WINDOWS\system32\DRIVERS\usbscan.sys

2010/12/18 13:15:33.0906 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2010/12/18 13:15:33.0937 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) E:\WINDOWS\system32\DRIVERS\usbuhci.sys

2010/12/18 13:15:33.0953 v2imount (b4d63048d6358e7c6ab61b98b8cff263) E:\WINDOWS\system32\DRIVERS\v2imount.sys

2010/12/18 13:15:33.0984 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) E:\WINDOWS\System32\drivers\vga.sys

2010/12/18 13:15:34.0031 VolSnap (4c8fcb5cc53aab716d810740fe59d025) E:\WINDOWS\system32\drivers\VolSnap.sys

2010/12/18 13:15:34.0062 VProEventMonitor (e78781b2c86c92a0a738df566460f716) E:\WINDOWS\system32\DRIVERS\vproeventmonitor.sys

2010/12/18 13:15:34.0109 Wanarp (e20b95baedb550f32dd489265c1da1f6) E:\WINDOWS\system32\DRIVERS\wanarp.sys

2010/12/18 13:15:34.0125 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) E:\WINDOWS\system32\DRIVERS\wdcsam.sys

2010/12/18 13:15:34.0172 Wdf01000 (d918617b46457b9ac28027722e30f647) E:\WINDOWS\system32\Drivers\wdf01000.sys

2010/12/18 13:15:34.0250 wdmaud (6768acf64b18196494413695f0c3a00f) E:\WINDOWS\system32\drivers\wdmaud.sys

2010/12/18 13:15:34.0312 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) E:\WINDOWS\system32\DRIVERS\wimfltr.sys

2010/12/18 13:15:34.0375 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) E:\WINDOWS\System32\drivers\ws2ifsl.sys

2010/12/18 13:15:34.0422 WudfPf (f15feafffbb3644ccc80c5da584e6311) E:\WINDOWS\system32\DRIVERS\WudfPf.sys

2010/12/18 13:15:34.0469 WudfRd (28b524262bce6de1f7ef9f510ba3985b) E:\WINDOWS\system32\DRIVERS\wudfrd.sys

2010/12/18 13:15:34.0500 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)

2010/12/18 13:15:34.0672 ================================================================================

2010/12/18 13:15:34.0672 Scan finished

2010/12/18 13:15:34.0672 ================================================================================

2010/12/18 13:15:34.0672 Detected object count: 1

2010/12/18 13:16:47.0359 \HardDisk0 - processing error

2010/12/18 13:18:40.0781 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure

2010/12/18 13:19:24.0250 ================================================================================

2010/12/18 13:19:24.0250 Scan started

2010/12/18 13:19:24.0250 Mode: Manual;

2010/12/18 13:19:24.0250 ================================================================================

2010/12/18 13:19:24.0453 ACPI (8fd99680a539792a30e97944fdaecf17) E:\WINDOWS\system32\DRIVERS\ACPI.sys

2010/12/18 13:19:24.0500 ACPIEC (9859c0f6936e723e4892d7141b1327d5) E:\WINDOWS\system32\drivers\ACPIEC.sys

2010/12/18 13:19:24.0547 adfs (6d7f09cd92a9fef3a8efce66231fdd79) E:\WINDOWS\system32\drivers\adfs.sys

2010/12/18 13:19:24.0609 aec (8bed39e3c35d6a489438b8141717a557) E:\WINDOWS\system32\drivers\aec.sys

2010/12/18 13:19:24.0656 AFD (7e775010ef291da96ad17ca4b17137d7) E:\WINDOWS\System32\drivers\afd.sys

2010/12/18 13:19:24.0781 Ambfilt (267fc636801edc5ab28e14036349e3be) E:\WINDOWS\system32\drivers\Ambfilt.sys

2010/12/18 13:19:24.0828 Arp1394 (b5b8a80875c1dededa8b02765642c32f) E:\WINDOWS\system32\DRIVERS\arp1394.sys

2010/12/18 13:19:24.0922 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) E:\WINDOWS\system32\DRIVERS\asyncmac.sys

2010/12/18 13:19:24.0937 atapi (9f3a2f5aa6875c72bf062c712cfa2674) E:\WINDOWS\system32\DRIVERS\atapi.sys

2010/12/18 13:19:25.0078 ati2mtag (c026951271d59ff97deb2a6b4895b416) E:\WINDOWS\system32\DRIVERS\ati2mtag.sys

2010/12/18 13:19:25.0125 AtiHdmiService (dc6957811ff95f2dd3004361b20d8d3f) E:\WINDOWS\system32\drivers\AtiHdmi.sys

2010/12/18 13:19:25.0187 Atmarpc (9916c1225104ba14794209cfa8012159) E:\WINDOWS\system32\DRIVERS\atmarpc.sys

2010/12/18 13:19:25.0219 audstub (d9f724aa26c010a217c97606b160ed68) E:\WINDOWS\system32\DRIVERS\audstub.sys

2010/12/18 13:19:25.0266 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) E:\Program Files\Avira\AntiVir Desktop\avgio.sys

2010/12/18 13:19:25.0312 avgntflt (47b879406246ffdced59e18d331a0e7d) E:\WINDOWS\system32\DRIVERS\avgntflt.sys

2010/12/18 13:19:25.0344 avipbb (7c834dccb56c121854feee82a1f00196) E:\WINDOWS\system32\DRIVERS\avipbb.sys

2010/12/18 13:19:25.0391 Beep (da1f27d85e0d1525f6621372e7b685e9) E:\WINDOWS\system32\drivers\Beep.sys

2010/12/18 13:19:25.0500 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) E:\WINDOWS\system32\drivers\cbidf2k.sys

2010/12/18 13:19:25.0547 Cdaudio (c1b486a7658353d33a10cc15211a873b) E:\WINDOWS\system32\drivers\Cdaudio.sys

2010/12/18 13:19:25.0578 Cdfs (c885b02847f5d2fd45a24e219ed93b32) E:\WINDOWS\system32\drivers\Cdfs.sys

2010/12/18 13:19:25.0594 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) E:\WINDOWS\system32\DRIVERS\cdrom.sys

2010/12/18 13:19:25.0703 CrystalSysInfo (f054744f67576a01139885173392502b) E:\Program Files\MediaCoder Audio Edition\SysInfo.sys

2010/12/18 13:19:25.0766 Disk (044452051f3e02e7963599fc8f4f3e25) E:\WINDOWS\system32\DRIVERS\disk.sys

2010/12/18 13:19:25.0812 dmboot (d992fe1274bde0f84ad826acae022a41) E:\WINDOWS\system32\drivers\dmboot.sys

2010/12/18 13:19:25.0828 dmio (7c824cf7bbde77d95c08005717a95f6f) E:\WINDOWS\system32\drivers\dmio.sys

2010/12/18 13:19:25.0859 dmload (e9317282a63ca4d188c0df5e09c6ac5f) E:\WINDOWS\system32\drivers\dmload.sys

2010/12/18 13:19:25.0922 DMusic (8a208dfcf89792a484e76c40e5f50b45) E:\WINDOWS\system32\drivers\DMusic.sys

2010/12/18 13:19:25.0969 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) E:\WINDOWS\system32\drivers\drmkaud.sys

2010/12/18 13:19:26.0000 Fastfat (38d332a6d56af32635675f132548343e) E:\WINDOWS\system32\drivers\Fastfat.sys

2010/12/18 13:19:26.0031 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) E:\WINDOWS\system32\drivers\Fdc.sys

2010/12/18 13:19:26.0062 Fips (d45926117eb9fa946a6af572fbe1caa3) E:\WINDOWS\system32\drivers\Fips.sys

2010/12/18 13:19:26.0094 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) E:\WINDOWS\system32\drivers\Flpydisk.sys

2010/12/18 13:19:26.0125 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) E:\WINDOWS\system32\DRIVERS\fltMgr.sys

2010/12/18 13:19:26.0172 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) E:\WINDOWS\system32\drivers\Fs_Rec.sys

2010/12/18 13:19:26.0219 Ftdisk (6ac26732762483366c3969c9e4d2259d) E:\WINDOWS\system32\DRIVERS\ftdisk.sys

2010/12/18 13:19:26.0234 GEARAspiWDM (4ac51459805264affd5f6fdfb9d9235f) E:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2010/12/18 13:19:26.0281 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) E:\WINDOWS\system32\DRIVERS\msgpc.sys

2010/12/18 13:19:26.0297 HDAudBus (573c7d0a32852b48f3058cfd8026f511) E:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2010/12/18 13:19:26.0391 hidusb (ccf82c5ec8a7326c3066de870c06daf1) E:\WINDOWS\system32\DRIVERS\hidusb.sys

2010/12/18 13:19:26.0453 HTTP (f80a415ef82cd06ffaf0d971528ead38) E:\WINDOWS\system32\Drivers\HTTP.sys

2010/12/18 13:19:26.0516 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) E:\WINDOWS\system32\drivers\i8042prt.sys

2010/12/18 13:19:26.0547 iaStor (d483687eace0c065ee772481a96e05f5) E:\WINDOWS\system32\DRIVERS\iaStor.sys

2010/12/18 13:19:26.0594 Imapi (083a052659f5310dd8b6a6cb05edcf8e) E:\WINDOWS\system32\DRIVERS\imapi.sys

2010/12/18 13:19:26.0734 IntcAzAudAddService (7a9299f48d6f2e802e5b0e0dc508842a) E:\WINDOWS\system32\drivers\RtkHDAud.sys

2010/12/18 13:19:26.0781 intelppm (8c953733d8f36eb2133f5bb58808b66b) E:\WINDOWS\system32\DRIVERS\intelppm.sys

2010/12/18 13:19:26.0828 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) E:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

2010/12/18 13:19:26.0875 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) E:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2010/12/18 13:19:26.0891 IpInIp (b87ab476dcf76e72010632b5550955f5) E:\WINDOWS\system32\DRIVERS\ipinip.sys

2010/12/18 13:19:26.0922 IpNat (cc748ea12c6effde940ee98098bf96bb) E:\WINDOWS\system32\DRIVERS\ipnat.sys

2010/12/18 13:19:26.0937 IPSec (23c74d75e36e7158768dd63d92789a91) E:\WINDOWS\system32\DRIVERS\ipsec.sys

2010/12/18 13:19:26.0984 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) E:\WINDOWS\system32\DRIVERS\irenum.sys

2010/12/18 13:19:27.0000 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) E:\WINDOWS\system32\DRIVERS\isapnp.sys

2010/12/18 13:19:27.0047 Jraid (a324485106f133e751f4b7f47c4be3ea) E:\WINDOWS\system32\DRIVERS\jraid.sys

2010/12/18 13:19:27.0062 Kbdclass (463c1ec80cd17420a542b7f36a36f128) E:\WINDOWS\system32\DRIVERS\kbdclass.sys

2010/12/18 13:19:27.0078 kbdhid (9ef487a186dea361aa06913a75b3fa99) E:\WINDOWS\system32\DRIVERS\kbdhid.sys

2010/12/18 13:19:27.0125 kmixer (692bcf44383d056aed41b045a323d378) E:\WINDOWS\system32\drivers\kmixer.sys

2010/12/18 13:19:27.0156 KSecDD (b467646c54cc746128904e1654c750c1) E:\WINDOWS\system32\drivers\KSecDD.sys

2010/12/18 13:19:27.0266 MBAMProtector (9b5cc6c481bdd00a963829b892623247) E:\WINDOWS\system32\drivers\mbam.sys

2010/12/18 13:19:27.0328 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) E:\WINDOWS\system32\drivers\mnmdd.sys

2010/12/18 13:19:27.0375 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) E:\WINDOWS\system32\drivers\Modem.sys

2010/12/18 13:19:27.0469 Monfilt (c7d9f9717916b34c1b00dd4834af485c) E:\WINDOWS\system32\drivers\Monfilt.sys

2010/12/18 13:19:27.0484 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) E:\WINDOWS\system32\DRIVERS\mouclass.sys

2010/12/18 13:19:27.0562 mouhid (b1c303e17fb9d46e87a98e4ba6769685) E:\WINDOWS\system32\DRIVERS\mouhid.sys

2010/12/18 13:19:27.0578 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) E:\WINDOWS\system32\drivers\MountMgr.sys

2010/12/18 13:19:27.0625 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) E:\WINDOWS\system32\DRIVERS\mrxdav.sys

2010/12/18 13:19:27.0656 MRxSmb (f3aefb11abc521122b67095044169e98) E:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2010/12/18 13:19:27.0687 Msfs (c941ea2454ba8350021d774daf0f1027) E:\WINDOWS\system32\drivers\Msfs.sys

2010/12/18 13:19:27.0719 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) E:\WINDOWS\system32\drivers\MSKSSRV.sys

2010/12/18 13:19:27.0781 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) E:\WINDOWS\system32\drivers\MSPCLOCK.sys

2010/12/18 13:19:27.0812 MSPQM (bad59648ba099da4a17680b39730cb3d) E:\WINDOWS\system32\drivers\MSPQM.sys

2010/12/18 13:19:27.0859 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) E:\WINDOWS\system32\DRIVERS\mssmbios.sys

2010/12/18 13:19:27.0891 Mup (2f625d11385b1a94360bfc70aaefdee1) E:\WINDOWS\system32\drivers\Mup.sys

2010/12/18 13:19:27.0922 NDIS (1df7f42665c94b825322fae71721130d) E:\WINDOWS\system32\drivers\NDIS.sys

2010/12/18 13:19:27.0953 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) E:\WINDOWS\system32\DRIVERS\ndistapi.sys

2010/12/18 13:19:27.0969 Ndisuio (f927a4434c5028758a842943ef1a3849) E:\WINDOWS\system32\DRIVERS\ndisuio.sys

2010/12/18 13:19:28.0000 NdisWan (edc1531a49c80614b2cfda43ca8659ab) E:\WINDOWS\system32\DRIVERS\ndiswan.sys

2010/12/18 13:19:28.0031 NDProxy (6215023940cfd3702b46abc304e1d45a) E:\WINDOWS\system32\drivers\NDProxy.sys

2010/12/18 13:19:28.0047 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) E:\WINDOWS\system32\DRIVERS\netbios.sys

2010/12/18 13:19:28.0078 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) E:\WINDOWS\system32\DRIVERS\netbt.sys

2010/12/18 13:19:28.0125 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) E:\WINDOWS\system32\DRIVERS\nic1394.sys

2010/12/18 13:19:28.0141 Npfs (3182d64ae053d6fb034f44b6def8034a) E:\WINDOWS\system32\drivers\Npfs.sys

2010/12/18 13:19:28.0172 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) E:\WINDOWS\system32\drivers\Ntfs.sys

2010/12/18 13:19:28.0203 Null (73c1e1f395918bc2c6dd67af7591a3ad) E:\WINDOWS\system32\drivers\Null.sys

2010/12/18 13:19:28.0266 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) E:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2010/12/18 13:19:28.0281 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) E:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2010/12/18 13:19:28.0297 ohci1394 (ca33832df41afb202ee7aeb05145922f) E:\WINDOWS\system32\DRIVERS\ohci1394.sys

2010/12/18 13:19:28.0328 Parport (5575faf8f97ce5e713d108c2a58d7c7c) E:\WINDOWS\system32\DRIVERS\parport.sys

2010/12/18 13:19:28.0359 PartMgr (beb3ba25197665d82ec7065b724171c6) E:\WINDOWS\system32\drivers\PartMgr.sys

2010/12/18 13:19:28.0391 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) E:\WINDOWS\system32\drivers\ParVdm.sys

2010/12/18 13:19:28.0437 PCI (a219903ccf74233761d92bef471a07b1) E:\WINDOWS\system32\DRIVERS\pci.sys

2010/12/18 13:19:28.0453 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) E:\WINDOWS\system32\DRIVERS\pciide.sys

2010/12/18 13:19:28.0484 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) E:\WINDOWS\system32\drivers\Pcmcia.sys

2010/12/18 13:19:28.0625 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) E:\WINDOWS\system32\DRIVERS\raspptp.sys

2010/12/18 13:19:28.0625 PSched (09298ec810b07e5d582cb3a3f9255424) E:\WINDOWS\system32\DRIVERS\psched.sys

2010/12/18 13:19:28.0656 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) E:\WINDOWS\system32\DRIVERS\ptilink.sys

2010/12/18 13:19:28.0781 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) E:\WINDOWS\system32\DRIVERS\rasacd.sys

2010/12/18 13:19:28.0797 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) E:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2010/12/18 13:19:28.0828 RasPppoe (5bc962f2654137c9909c3d4603587dee) E:\WINDOWS\system32\DRIVERS\raspppoe.sys

2010/12/18 13:19:28.0844 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) E:\WINDOWS\system32\DRIVERS\raspti.sys

2010/12/18 13:19:28.0875 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) E:\WINDOWS\system32\DRIVERS\rdbss.sys

2010/12/18 13:19:28.0891 RDPCDD (4912d5b403614ce99c28420f75353332) E:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2010/12/18 13:19:28.0922 rdpdr (15cabd0f7c00c47c70124907916af3f1) E:\WINDOWS\system32\DRIVERS\rdpdr.sys

2010/12/18 13:19:28.0969 RDPWD (6728e45b66f93c08f11de2e316fc70dd) E:\WINDOWS\system32\drivers\RDPWD.sys

2010/12/18 13:19:29.0016 redbook (f828dd7e1419b6653894a8f97a0094c5) E:\WINDOWS\system32\DRIVERS\redbook.sys

2010/12/18 13:19:29.0062 RTLE8023xp (6ebfbbf24fed8285928b825a46618f8a) E:\WINDOWS\system32\DRIVERS\Rtenicxp.sys

2010/12/18 13:19:29.0094 Secdrv (90a3935d05b494a5a39d37e71f09a677) E:\WINDOWS\system32\DRIVERS\secdrv.sys

2010/12/18 13:19:29.0141 serenum (0f29512ccd6bead730039fb4bd2c85ce) E:\WINDOWS\system32\DRIVERS\serenum.sys

2010/12/18 13:19:29.0156 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) E:\WINDOWS\system32\DRIVERS\serial.sys

2010/12/18 13:19:29.0187 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) E:\WINDOWS\system32\drivers\Sfloppy.sys

2010/12/18 13:19:29.0266 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) E:\WINDOWS\system32\drivers\splitter.sys

2010/12/18 13:19:29.0312 sptd (cdddec541bc3c96f91ecb48759673505) E:\WINDOWS\System32\Drivers\sptd.sys

2010/12/18 13:19:29.0359 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) E:\WINDOWS\system32\DRIVERS\sr.sys

2010/12/18 13:19:29.0406 Srv (0f6aefad3641a657e18081f52d0c15af) E:\WINDOWS\system32\DRIVERS\srv.sys

2010/12/18 13:19:29.0453 ssmdrv (a36ee93698802cd899f98bfd553d8185) E:\WINDOWS\system32\DRIVERS\ssmdrv.sys

2010/12/18 13:19:29.0469 swenum (3941d127aef12e93addf6fe6ee027e0f) E:\WINDOWS\system32\DRIVERS\swenum.sys

2010/12/18 13:19:29.0516 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) E:\WINDOWS\system32\drivers\swmidi.sys

2010/12/18 13:19:29.0578 symsnap (c9273531eac75ee225e3170fb6107fa3) E:\WINDOWS\system32\DRIVERS\symsnap.sys

2010/12/18 13:19:29.0656 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) E:\WINDOWS\system32\drivers\sysaudio.sys

2010/12/18 13:19:29.0687 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) E:\WINDOWS\system32\DRIVERS\tcpip.sys

2010/12/18 13:19:29.0719 TDPIPE (6471a66807f5e104e4885f5b67349397) E:\WINDOWS\system32\drivers\TDPIPE.sys

2010/12/18 13:19:29.0781 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) E:\WINDOWS\system32\drivers\TDTCP.sys

2010/12/18 13:19:29.0812 TermDD (88155247177638048422893737429d9e) E:\WINDOWS\system32\DRIVERS\termdd.sys

2010/12/18 13:19:29.0859 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) E:\WINDOWS\system32\drivers\Udfs.sys

2010/12/18 13:19:29.0953 Update (402ddc88356b1bac0ee3dd1580c76a31) E:\WINDOWS\system32\DRIVERS\update.sys

2010/12/18 13:19:30.0000 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) E:\WINDOWS\system32\Drivers\usbaapl.sys

2010/12/18 13:19:30.0047 usbaudio (e919708db44ed8543a7c017953148330) E:\WINDOWS\system32\drivers\usbaudio.sys

2010/12/18 13:19:30.0078 usbccgp (173f317ce0db8e21322e71b7e60a27e8) E:\WINDOWS\system32\DRIVERS\usbccgp.sys

2010/12/18 13:19:30.0109 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) E:\WINDOWS\system32\DRIVERS\usbehci.sys

2010/12/18 13:19:30.0156 usbhub (1ab3cdde553b6e064d2e754efe20285c) E:\WINDOWS\system32\DRIVERS\usbhub.sys

2010/12/18 13:19:30.0187 usbprint (a717c8721046828520c9edf31288fc00) E:\WINDOWS\system32\DRIVERS\usbprint.sys

2010/12/18 13:19:30.0250 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) E:\WINDOWS\system32\DRIVERS\usbscan.sys

2010/12/18 13:19:30.0281 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2010/12/18 13:19:30.0312 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) E:\WINDOWS\system32\DRIVERS\usbuhci.sys

2010/12/18 13:19:30.0375 v2imount (b4d63048d6358e7c6ab61b98b8cff263) E:\WINDOWS\system32\DRIVERS\v2imount.sys

2010/12/18 13:19:30.0391 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) E:\WINDOWS\System32\drivers\vga.sys

2010/12/18 13:19:30.0453 VolSnap (4c8fcb5cc53aab716d810740fe59d025) E:\WINDOWS\system32\drivers\VolSnap.sys

2010/12/18 13:19:30.0469 VProEventMonitor (e78781b2c86c92a0a738df566460f716) E:\WINDOWS\system32\DRIVERS\vproeventmonitor.sys

2010/12/18 13:19:30.0500 Wanarp (e20b95baedb550f32dd489265c1da1f6) E:\WINDOWS\system32\DRIVERS\wanarp.sys

2010/12/18 13:19:30.0531 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) E:\WINDOWS\system32\DRIVERS\wdcsam.sys

2010/12/18 13:19:30.0547 Wdf01000 (d918617b46457b9ac28027722e30f647) E:\WINDOWS\system32\Drivers\wdf01000.sys

2010/12/18 13:19:30.0609 wdmaud (6768acf64b18196494413695f0c3a00f) E:\WINDOWS\system32\drivers\wdmaud.sys

2010/12/18 13:19:30.0672 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) E:\WINDOWS\system32\DRIVERS\wimfltr.sys

2010/12/18 13:19:30.0719 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) E:\WINDOWS\System32\drivers\ws2ifsl.sys

2010/12/18 13:19:30.0781 WudfPf (f15feafffbb3644ccc80c5da584e6311) E:\WINDOWS\system32\DRIVERS\WudfPf.sys

2010/12/18 13:19:30.0828 WudfRd (28b524262bce6de1f7ef9f510ba3985b) E:\WINDOWS\system32\DRIVERS\wudfrd.sys

2010/12/18 13:19:30.0844 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)

2010/12/18 13:19:30.0969 ================================================================================

2010/12/18 13:19:30.0969 Scan finished

2010/12/18 13:19:30.0969 ================================================================================

2010/12/18 13:19:30.0984 Detected object count: 1

2010/12/18 13:41:13.0344 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Skip

Link to post
Share on other sites

I tried "copy to quarantine" to no success. I ran TDSSK again and got this message when attempting to "cure": "Can't cure MBR. Write standard boot code?" Perhaps I'll back up the original MBR in the case something should go wrong. I failed to mention I have a total of 2 separate RAID 0 configurations running on the Intel and Motherboard chipsets. 2 Western Digital Raptors on the start-up volume which are working fine and 2 Samsung drives on the motherboard chipset that are not working or loading. I also have 2 additional drives attached to a few remaining SATA ports. :rolleyes:

According to MS:

The warning is just that. If you replace the current boot program with

the standard one, the standard one won't know about relocation of the

partition table. Some boot managers only use a small stub of code in

the 460-byte area to then run the rest of its program in the extended

MBR (so it can run a program larger than 460 bytes). There are

utilities around that will let you backup the 460-byte boot program onto

a floppy (so you could restore them). Google

for "MBR backup"; for

example, http://www.diydatarecovery.nl/mbrtool.htm is such a utility.

So you could backup the current boot program, run FIXMBR, and restore

the original boot program if FIXMBR didn't work.

I'll def backup just in case =)

Link to post
Share on other sites

Hi,

You can backup the MBR if you want.

I ran TDSSK again and got this message when attempting to "cure": "Can't cure MBR. Write standard boot code?"

Let TDSSKiller do that please.

After that, do this:

Download this tool to desktop:

http://www2.gmer.net/mbr/mbr.exe

Double click it & post the log it creates on desktop. (mbr.log)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please go to: VirusTotal

  • virustotal2-SWI.png
  • Click the Browse button and search for the following file: e:\windows\system32\psbase3.dll
  • Click Open
  • Then click Send File
  • Please be patient while the file is scanned.
  • Once the scan results appear, please provide them in your next reply.

If it says already scanned -- click "reanalyze now"

Please post the results in your next reply.

Link to post
Share on other sites

Hi,

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: Intel___ rev.1.0. -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2

device: opened successfully

user: MBR read successfully

kernel: MBR read successfully

user != kernel MBR !!!

sectors 290437118 (+255): user != kernel

The VirusTotal site doesn't seem to be working =(

Link to post
Share on other sites

Hi,

The link was broken. I've fixed the link:

Please go to: VirusTotal

  • virustotal2-SWI.png
  • Click the Browse button and search for the following file: e:\windows\system32\psbase3.dll
  • Click Open
  • Then click Send File
  • Please be patient while the file is scanned.
  • Once the scan results appear, please provide them in your next reply.

If it says already scanned -- click "reanalyze now"

Please post the results in your next reply.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

After that, please run TDSSKiller again and post the log file in your next reply. The log file can be found in your root directory, in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt

Link to post
Share on other sites

Hi,

The link was broken. I've fixed the link:

The URL works my friend but the site has been showing this message for the last two days :

Warning: VirusTotal is currently experiencing high workload. The scanning process of your file can take over 15 minutes. We suggest you use the email interface in these situations. Follow the instructions on the "Advanced" page to do so. If you wish you can still submit your sample via this interface.

Link to post
Share on other sites

Hi,

Are you still experiencing any problems?

Download TFC to your desktop

  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Start Malwarebytes' Anti-Malware

  • Once the program has loaded, click the "Update" tab and click the "Check For updates" button.
  • Once the updates were downloaded, click the "Scanner" tab, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I'd like us to scan your machine with ESET OnlineScan

  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the esetOnline.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    1. Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.

    3. Check esetAcceptTerms.png
    4. Click the esetStart.png button.
    5. Accept any security warnings from your browser.
    6. Check esetScanArchives.png
    7. Push the Start button.
    8. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    9. When the scan completes, push esetListThreats.png
    10. Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    11. Push the esetBack.png button.
    12. Push esetFinish.png

Link to post
Share on other sites

Hi,

Are you still experiencing any problems?

Still having problems. I'll get you that ESET scan asap....I still have that psbase3.dll (hidden) and it seems no flash media works at all =(

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 5401

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

12/26/2010 11:34:46 PM

mbam-log-2010-12-26 (23-34-46).txt

Scan type: Quick scan

Objects scanned: 142825

Time elapsed: 2 minute(s), 0 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Hi,

Are you still experiencing any problems?

When I first thought I had a virus I ran Norton Ghost and made a copy of my startup volume. Out of curiousity I ran the Ghost image file and recovered the psbase3.dll file to my desktop. Avira immediately alerted that this file is TR/Renos.54784 so it must mean the same psbase3.dll buried in my startup windows/system32 folder is in fact some kind of virus/trojan =(

Link to post
Share on other sites

Run the ESET Online Scan as well please. :lol:

avguard.exe has crashed twice in the past two hours and stalls my windows severly requiring a hard restart. During windows startup I have to wait close to 5 mins before I get to the windows desktop, I am going to try and remove Avirea in safemode and install NOD32 in instead.

Link to post
Share on other sites

Hi,

Please download the latest version of TDSSKiller and DDS and use them:

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    TDSSKillermain.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
    TDSSKillerSuspicious.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please download DDS and save it to your desktop.

  • Disable any script blocking protection.
  • Double click dds.com to run the tool..
  • When done, DDS will open two logs (DDS.txt and Attach.txt).
  • Save both reports to your desktop.

Please include the contents of DDS.txt in your next reply.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.