Jump to content

Recommended Posts

Hi Fred,

:welcome: My name is Matt and I will be helping you clean up your computer.

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    TDSSKillermain.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
    TDSSKillerSuspicious.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Link to post
Share on other sites

2011/04/16 15:54:48.0484 4472 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28

2011/04/16 15:54:49.0406 4472 ================================================================================

2011/04/16 15:54:49.0406 4472 SystemInfo:

2011/04/16 15:54:49.0406 4472

2011/04/16 15:54:49.0406 4472 OS Version: 5.1.2600 ServicePack: 3.0

2011/04/16 15:54:49.0406 4472 Product type: Workstation

2011/04/16 15:54:49.0406 4472 ComputerName: MINE-E06B998C2B

2011/04/16 15:54:49.0406 4472 UserName: Bonnie

2011/04/16 15:54:49.0406 4472 Windows directory: C:\WINDOWS

2011/04/16 15:54:49.0406 4472 System windows directory: C:\WINDOWS

2011/04/16 15:54:49.0406 4472 Processor architecture: Intel x86

2011/04/16 15:54:49.0406 4472 Number of processors: 2

2011/04/16 15:54:49.0406 4472 Page size: 0x1000

2011/04/16 15:54:49.0406 4472 Boot type: Normal boot

2011/04/16 15:54:49.0406 4472 ================================================================================

2011/04/16 15:54:52.0093 4472 Initialize success

2011/04/16 15:55:01.0453 2952 ================================================================================

2011/04/16 15:55:01.0453 2952 Scan started

2011/04/16 15:55:01.0453 2952 Mode: Manual;

2011/04/16 15:55:01.0453 2952 ================================================================================

2011/04/16 15:55:02.0015 2952 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/04/16 15:55:02.0062 2952 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/04/16 15:55:02.0390 2952 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/04/16 15:55:02.0453 2952 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys

2011/04/16 15:55:02.0843 2952 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2011/04/16 15:55:03.0296 2952 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/04/16 15:55:03.0359 2952 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/04/16 15:55:03.0593 2952 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/04/16 15:55:03.0765 2952 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/04/16 15:55:03.0812 2952 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/04/16 15:55:04.0000 2952 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/04/16 15:55:04.0062 2952 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2011/04/16 15:55:04.0296 2952 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/04/16 15:55:04.0359 2952 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/04/16 15:55:04.0406 2952 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/04/16 15:55:04.0921 2952 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/04/16 15:55:05.0093 2952 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2011/04/16 15:55:05.0203 2952 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2011/04/16 15:55:05.0406 2952 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/04/16 15:55:05.0484 2952 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/04/16 15:55:05.0718 2952 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/04/16 15:55:05.0906 2952 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/04/16 15:55:06.0000 2952 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

2011/04/16 15:55:06.0156 2952 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2011/04/16 15:55:06.0265 2952 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

2011/04/16 15:55:06.0421 2952 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2011/04/16 15:55:06.0515 2952 fssfltr (e0087225b137e57239ff40f8ae82059b) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys

2011/04/16 15:55:06.0656 2952 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/04/16 15:55:06.0750 2952 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/04/16 15:55:06.0906 2952 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2011/04/16 15:55:06.0968 2952 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/04/16 15:55:07.0125 2952 hcwPP2 (9436fbf3ca45a0fb726856b409734d7a) C:\WINDOWS\system32\DRIVERS\hcwPP2.sys

2011/04/16 15:55:07.0218 2952 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2011/04/16 15:55:07.0359 2952 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/04/16 15:55:07.0609 2952 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/04/16 15:55:07.0875 2952 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/04/16 15:55:07.0984 2952 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/04/16 15:55:08.0328 2952 IntcAzAudAddService (a30685283f90ae02f1cd50972c6065e3) C:\WINDOWS\system32\drivers\RtkHDAud.sys

2011/04/16 15:55:08.0421 2952 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

2011/04/16 15:55:08.0562 2952 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/04/16 15:55:08.0640 2952 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2011/04/16 15:55:08.0812 2952 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/04/16 15:55:08.0890 2952 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/04/16 15:55:09.0031 2952 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/04/16 15:55:09.0125 2952 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/04/16 15:55:09.0375 2952 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/04/16 15:55:09.0421 2952 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/04/16 15:55:09.0515 2952 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/04/16 15:55:09.0640 2952 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2011/04/16 15:55:09.0718 2952 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/04/16 15:55:09.0906 2952 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/04/16 15:55:10.0156 2952 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/04/16 15:55:10.0218 2952 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2011/04/16 15:55:10.0390 2952 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/04/16 15:55:10.0468 2952 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/04/16 15:55:10.0625 2952 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/04/16 15:55:10.0687 2952 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\WINDOWS\system32\DRIVERS\MpFilter.sys

2011/04/16 15:55:10.0781 2952 MpKsl942b8800 (5f53edfead46fa7adb78eee9ecce8fdf) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EDEF30F0-96CD-479B-92F4-CCBA60771163}\MpKsl942b8800.sys

2011/04/16 15:55:11.0062 2952 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/04/16 15:55:11.0125 2952 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/04/16 15:55:11.0187 2952 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/04/16 15:55:11.0593 2952 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/04/16 15:55:11.0843 2952 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/04/16 15:55:11.0890 2952 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/04/16 15:55:12.0031 2952 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/04/16 15:55:12.0140 2952 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

2011/04/16 15:55:12.0218 2952 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2011/04/16 15:55:12.0296 2952 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2011/04/16 15:55:12.0468 2952 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/04/16 15:55:12.0593 2952 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2011/04/16 15:55:12.0656 2952 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/04/16 15:55:12.0796 2952 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/04/16 15:55:12.0906 2952 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/04/16 15:55:12.0953 2952 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/04/16 15:55:13.0093 2952 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/04/16 15:55:13.0187 2952 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/04/16 15:55:13.0265 2952 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2011/04/16 15:55:13.0312 2952 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/04/16 15:55:13.0468 2952 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/04/16 15:55:13.0562 2952 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys

2011/04/16 15:55:13.0656 2952 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/04/16 15:55:14.0046 2952 nv (30913cbf518396912e54c2c9f1dd0f09) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2011/04/16 15:55:14.0421 2952 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2011/04/16 15:55:14.0562 2952 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2011/04/16 15:55:14.0593 2952 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/04/16 15:55:14.0656 2952 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/04/16 15:55:14.0718 2952 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/04/16 15:55:14.0890 2952 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys

2011/04/16 15:55:14.0968 2952 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/04/16 15:55:15.0406 2952 pfc (6c1618a07b49e3873582b6449e744088) C:\WINDOWS\system32\drivers\pfc.sys

2011/04/16 15:55:15.0593 2952 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/04/16 15:55:15.0656 2952 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/04/16 15:55:15.0703 2952 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/04/16 15:55:16.0093 2952 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/04/16 15:55:16.0250 2952 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/04/16 15:55:16.0312 2952 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/04/16 15:55:16.0437 2952 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/04/16 15:55:16.0546 2952 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/04/16 15:55:16.0625 2952 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/04/16 15:55:16.0781 2952 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/04/16 15:55:16.0859 2952 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/04/16 15:55:16.0953 2952 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/04/16 15:55:17.0156 2952 RTL8023xp (3529828ec571fb2f64f6b142f9109993) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys

2011/04/16 15:55:17.0312 2952 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS

2011/04/16 15:55:17.0515 2952 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/04/16 15:55:17.0578 2952 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

2011/04/16 15:55:17.0765 2952 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/04/16 15:55:17.0906 2952 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2011/04/16 15:55:18.0140 2952 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/04/16 15:55:18.0203 2952 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/04/16 15:55:18.0453 2952 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/04/16 15:55:18.0562 2952 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2011/04/16 15:55:18.0718 2952 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/04/16 15:55:18.0781 2952 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/04/16 15:55:19.0109 2952 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/04/16 15:55:19.0250 2952 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/04/16 15:55:19.0421 2952 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/04/16 15:55:19.0500 2952 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/04/16 15:55:19.0531 2952 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/04/16 15:55:19.0781 2952 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/04/16 15:55:20.0031 2952 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/04/16 15:55:20.0218 2952 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys

2011/04/16 15:55:20.0343 2952 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/04/16 15:55:20.0500 2952 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/04/16 15:55:20.0578 2952 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/04/16 15:55:20.0640 2952 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/04/16 15:55:20.0812 2952 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/04/16 15:55:20.0875 2952 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/04/16 15:55:21.0078 2952 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/04/16 15:55:21.0156 2952 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/04/16 15:55:21.0328 2952 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

2011/04/16 15:55:21.0625 2952 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/04/16 15:55:21.0859 2952 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2011/04/16 15:55:21.0937 2952 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/04/16 15:55:22.0000 2952 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/04/16 15:55:22.0078 2952 ================================================================================

2011/04/16 15:55:22.0078 2952 Scan finished

2011/04/16 15:55:22.0078 2952 ================================================================================

2011/04/16 15:56:12.0125 1984 ================================================================================

2011/04/16 15:56:12.0125 1984 Scan started

2011/04/16 15:56:12.0125 1984 Mode: Manual;

2011/04/16 15:56:12.0125 1984 ================================================================================

2011/04/16 15:56:12.0687 1984 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/04/16 15:56:12.0734 1984 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/04/16 15:56:12.0828 1984 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/04/16 15:56:12.0921 1984 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys

2011/04/16 15:56:13.0265 1984 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2011/04/16 15:56:13.0468 1984 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/04/16 15:56:13.0640 1984 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/04/16 15:56:13.0750 1984 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/04/16 15:56:13.0921 1984 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/04/16 15:56:14.0000 1984 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/04/16 15:56:14.0078 1984 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/04/16 15:56:14.0250 1984 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2011/04/16 15:56:14.0328 1984 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/04/16 15:56:14.0406 1984 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/04/16 15:56:14.0578 1984 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/04/16 15:56:14.0765 1984 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/04/16 15:56:14.0828 1984 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2011/04/16 15:56:14.0890 1984 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2011/04/16 15:56:15.0046 1984 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/04/16 15:56:15.0125 1984 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/04/16 15:56:15.0375 1984 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/04/16 15:56:15.0468 1984 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/04/16 15:56:15.0640 1984 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

2011/04/16 15:56:15.0718 1984 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2011/04/16 15:56:15.0750 1984 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

2011/04/16 15:56:15.0921 1984 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2011/04/16 15:56:16.0015 1984 fssfltr (e0087225b137e57239ff40f8ae82059b) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys

2011/04/16 15:56:16.0093 1984 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/04/16 15:56:16.0265 1984 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/04/16 15:56:16.0343 1984 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2011/04/16 15:56:16.0421 1984 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/04/16 15:56:16.0593 1984 hcwPP2 (9436fbf3ca45a0fb726856b409734d7a) C:\WINDOWS\system32\DRIVERS\hcwPP2.sys

2011/04/16 15:56:16.0671 1984 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2011/04/16 15:56:16.0750 1984 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/04/16 15:56:16.0984 1984 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/04/16 15:56:17.0265 1984 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/04/16 15:56:17.0296 1984 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/04/16 15:56:17.0515 1984 IntcAzAudAddService (a30685283f90ae02f1cd50972c6065e3) C:\WINDOWS\system32\drivers\RtkHDAud.sys

2011/04/16 15:56:17.0703 1984 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

2011/04/16 15:56:17.0781 1984 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/04/16 15:56:17.0843 1984 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2011/04/16 15:56:18.0015 1984 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/04/16 15:56:18.0109 1984 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/04/16 15:56:18.0328 1984 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/04/16 15:56:18.0468 1984 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/04/16 15:56:18.0562 1984 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/04/16 15:56:18.0593 1984 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/04/16 15:56:18.0718 1984 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/04/16 15:56:18.0828 1984 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2011/04/16 15:56:18.0890 1984 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/04/16 15:56:19.0031 1984 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/04/16 15:56:19.0296 1984 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/04/16 15:56:19.0390 1984 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2011/04/16 15:56:19.0531 1984 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/04/16 15:56:19.0625 1984 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/04/16 15:56:19.0703 1984 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/04/16 15:56:19.0843 1984 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\WINDOWS\system32\DRIVERS\MpFilter.sys

2011/04/16 15:56:19.0953 1984 MpKsl942b8800 (5f53edfead46fa7adb78eee9ecce8fdf) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EDEF30F0-96CD-479B-92F4-CCBA60771163}\MpKsl942b8800.sys

2011/04/16 15:56:20.0203 1984 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/04/16 15:56:20.0281 1984 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/04/16 15:56:20.0328 1984 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/04/16 15:56:20.0468 1984 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/04/16 15:56:20.0546 1984 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/04/16 15:56:20.0609 1984 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/04/16 15:56:20.0671 1984 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/04/16 15:56:20.0812 1984 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

2011/04/16 15:56:20.0890 1984 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2011/04/16 15:56:20.0968 1984 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2011/04/16 15:56:21.0000 1984 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/04/16 15:56:21.0140 1984 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2011/04/16 15:56:21.0281 1984 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/04/16 15:56:21.0328 1984 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/04/16 15:56:21.0343 1984 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/04/16 15:56:21.0500 1984 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/04/16 15:56:21.0562 1984 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/04/16 15:56:21.0640 1984 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/04/16 15:56:21.0796 1984 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2011/04/16 15:56:21.0906 1984 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/04/16 15:56:21.0937 1984 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/04/16 15:56:22.0015 1984 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys

2011/04/16 15:56:22.0171 1984 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/04/16 15:56:22.0546 1984 nv (30913cbf518396912e54c2c9f1dd0f09) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2011/04/16 15:56:22.0765 1984 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2011/04/16 15:56:22.0859 1984 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2011/04/16 15:56:22.0984 1984 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/04/16 15:56:23.0046 1984 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/04/16 15:56:23.0156 1984 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/04/16 15:56:23.0390 1984 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys

2011/04/16 15:56:23.0500 1984 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/04/16 15:56:23.0828 1984 pfc (6c1618a07b49e3873582b6449e744088) C:\WINDOWS\system32\drivers\pfc.sys

2011/04/16 15:56:23.0937 1984 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/04/16 15:56:24.0046 1984 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/04/16 15:56:24.0093 1984 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/04/16 15:56:24.0640 1984 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/04/16 15:56:24.0718 1984 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/04/16 15:56:24.0890 1984 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/04/16 15:56:24.0937 1984 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/04/16 15:56:25.0015 1984 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/04/16 15:56:25.0171 1984 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/04/16 15:56:25.0250 1984 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/04/16 15:56:25.0328 1984 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/04/16 15:56:25.0500 1984 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/04/16 15:56:25.0609 1984 RTL8023xp (3529828ec571fb2f64f6b142f9109993) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys

2011/04/16 15:56:25.0781 1984 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS

2011/04/16 15:56:25.0859 1984 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/04/16 15:56:26.0031 1984 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

2011/04/16 15:56:26.0109 1984 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/04/16 15:56:26.0359 1984 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2011/04/16 15:56:26.0593 1984 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/04/16 15:56:26.0656 1984 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/04/16 15:56:26.0843 1984 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/04/16 15:56:26.0921 1984 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2011/04/16 15:56:27.0093 1984 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/04/16 15:56:27.0171 1984 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/04/16 15:56:27.0500 1984 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/04/16 15:56:27.0703 1984 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/04/16 15:56:27.0765 1984 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/04/16 15:56:27.0953 1984 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/04/16 15:56:28.0031 1984 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/04/16 15:56:28.0296 1984 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/04/16 15:56:28.0390 1984 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/04/16 15:56:28.0593 1984 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys

2011/04/16 15:56:28.0656 1984 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/04/16 15:56:28.0796 1984 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/04/16 15:56:28.0906 1984 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/04/16 15:56:29.0031 1984 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/04/16 15:56:29.0140 1984 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/04/16 15:56:29.0171 1984 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/04/16 15:56:29.0437 1984 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/04/16 15:56:29.0609 1984 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/04/16 15:56:29.0703 1984 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

2011/04/16 15:56:29.0906 1984 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/04/16 15:56:30.0125 1984 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2011/04/16 15:56:30.0265 1984 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/04/16 15:56:30.0312 1984 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/04/16 15:56:30.0390 1984 ================================================================================

2011/04/16 15:56:30.0390 1984 Scan finished

2011/04/16 15:56:30.0390 1984 ================================================================================

Link to post
Share on other sites

ComboFix 11-04-15.06 - Bonnie 04/16/2011 16:13:38.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2943.2078 [GMT -5:00]

Running from: c:\documents and settings\Bonnie\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\autopatcher\AutoPatcher.exe

c:\documents and settings\Administrator\WINDOWS

c:\documents and settings\Bonnie\Application Data\PriceGong

c:\documents and settings\Bonnie\Application Data\PriceGong\Data\1.xml

c:\documents and settings\Bonnie\Application Data\PriceGong\Data\a.xml

c:\documents and settings\Bonnie\Application Data\PriceGong\Data\b.xml

c:\documents and settings\Bonnie\Application Data\PriceGong\Data\c.xml

c:\documents and settings\Bonnie\Application Data\PriceGong\Data\d.xml

c:\documents and settings\Bonnie\Application Data\PriceGong\Data\e.xml

c:\documents and settings\Bonnie\Application Data\PriceGong\Data\f.xml

c:\documents and settings\Bonnie\Application Data\PriceGong\Data\g.xml

c:\documents and settings\Bonnie\Application Data\PriceGong\Data\h.xml

c:\documents and settings\Bonnie\Application Data\PriceGong\Data\i.xml

c:\documents and settings\Bonnie\Application Data\PriceGong\Data\J.xml

c:\documents and settings\Bonnie\Application Data\PriceGong\Data\k.xml

c:\documents and settings\Bonnie\Application Data\PriceGong\Data\l.xml

c:\documents and settings\Bonnie\Application Data\PriceGong\Data\m.xml

c:\documents and settings\Bonnie\Application Data\PriceGong\Data\mru.xml

c:\documents and settings\Bonnie\Application Data\PriceGong\Data\n.xml

c:\documents and settings\Bonnie\Application Data\PriceGong\Data\o.xml

c:\documents and settings\Bonnie\Application Data\PriceGong\Data\p.xml

c:\documents and settings\Bonnie\Application Data\PriceGong\Data\q.xml

c:\documents and settings\Bonnie\Application Data\PriceGong\Data\r.xml

c:\documents and settings\Bonnie\Application Data\PriceGong\Data\s.xml

c:\documents and settings\Bonnie\Application Data\PriceGong\Data\t.xml

c:\documents and settings\Bonnie\Application Data\PriceGong\Data\u.xml

c:\documents and settings\Bonnie\Application Data\PriceGong\Data\v.xml

c:\documents and settings\Bonnie\Application Data\PriceGong\Data\w.xml

c:\documents and settings\Bonnie\Application Data\PriceGong\Data\x.xml

c:\documents and settings\Bonnie\Application Data\PriceGong\Data\y.xml

c:\documents and settings\Bonnie\Application Data\PriceGong\Data\z.xml

c:\documents and settings\Bonnie\WINDOWS

c:\documents and settings\Fred\Application Data\PriceGong

c:\documents and settings\Fred\Application Data\PriceGong\Data\1.xml

c:\documents and settings\Fred\Application Data\PriceGong\Data\a.xml

c:\documents and settings\Fred\Application Data\PriceGong\Data\b.xml

c:\documents and settings\Fred\Application Data\PriceGong\Data\c.xml

c:\documents and settings\Fred\Application Data\PriceGong\Data\d.xml

c:\documents and settings\Fred\Application Data\PriceGong\Data\e.xml

c:\documents and settings\Fred\Application Data\PriceGong\Data\f.xml

c:\documents and settings\Fred\Application Data\PriceGong\Data\g.xml

c:\documents and settings\Fred\Application Data\PriceGong\Data\h.xml

c:\documents and settings\Fred\Application Data\PriceGong\Data\i.xml

c:\documents and settings\Fred\Application Data\PriceGong\Data\J.xml

c:\documents and settings\Fred\Application Data\PriceGong\Data\k.xml

c:\documents and settings\Fred\Application Data\PriceGong\Data\l.xml

c:\documents and settings\Fred\Application Data\PriceGong\Data\m.xml

c:\documents and settings\Fred\Application Data\PriceGong\Data\mru.xml

c:\documents and settings\Fred\Application Data\PriceGong\Data\n.xml

c:\documents and settings\Fred\Application Data\PriceGong\Data\o.xml

c:\documents and settings\Fred\Application Data\PriceGong\Data\p.xml

c:\documents and settings\Fred\Application Data\PriceGong\Data\q.xml

c:\documents and settings\Fred\Application Data\PriceGong\Data\r.xml

c:\documents and settings\Fred\Application Data\PriceGong\Data\s.xml

c:\documents and settings\Fred\Application Data\PriceGong\Data\t.xml

c:\documents and settings\Fred\Application Data\PriceGong\Data\u.xml

c:\documents and settings\Fred\Application Data\PriceGong\Data\v.xml

c:\documents and settings\Fred\Application Data\PriceGong\Data\w.xml

c:\documents and settings\Fred\Application Data\PriceGong\Data\x.xml

c:\documents and settings\Fred\Application Data\PriceGong\Data\y.xml

c:\documents and settings\Fred\Application Data\PriceGong\Data\z.xml

c:\documents and settings\Fred\Local Settings\Application Data\qog.exe

c:\documents and settings\Fred\WINDOWS

.

.

((((((((((((((((((((((((( Files Created from 2011-03-16 to 2011-04-16 )))))))))))))))))))))))))))))))

.

.

2011-04-16 14:41 . 2011-04-16 14:41 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EDEF30F0-96CD-479B-92F4-CCBA60771163}\MpKsl942b8800.sys

2011-04-16 12:58 . 2011-03-15 04:05 6792528 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EDEF30F0-96CD-479B-92F4-CCBA60771163}\mpengine.dll

2011-04-15 04:31 . 2008-06-20 11:51 361600 ------w- c:\windows\system32\dllcache\tcpip.sys

2011-04-15 04:28 . 2011-02-17 13:18 455936 ------w- c:\windows\system32\dllcache\mrxsmb.sys

2011-04-15 04:27 . 2011-03-04 06:37 726528 ------w- c:\windows\system32\dllcache\jscript.dll

2011-04-15 04:27 . 2011-03-04 06:37 420864 ------w- c:\windows\system32\dllcache\vbscript.dll

2011-04-06 02:05 . 2005-06-01 09:10 495616 ----a-w- c:\windows\system32\PICSDK2.dll

2011-04-06 02:05 . 2005-06-01 08:10 77824 ----a-w- c:\windows\system32\PICEntry.dll

2011-04-06 02:05 . 2005-06-01 05:10 73728 ----a-w- c:\windows\system32\PICSDK.dll

2011-04-06 02:05 . 2004-03-03 11:10 65536 ----a-w- c:\windows\system32\EPPicMgr.dll

2011-04-06 02:05 . 2004-03-03 11:10 114688 ----a-w- c:\windows\system32\EpPicPrt.dll

2011-04-06 02:05 . 2011-04-06 02:05 -------- d-----w- c:\program files\Panasonic

2011-04-06 02:04 . 2003-09-03 07:28 724992 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iKernel.dll

2011-04-06 02:04 . 2003-09-03 07:27 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\ctor.dll

2011-04-06 02:04 . 2003-09-03 07:26 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iscript.dll

2011-04-06 02:04 . 2003-09-03 07:26 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iuser.dll

2011-04-06 02:04 . 2003-09-03 07:25 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\DotNetInstaller.exe

2011-04-06 02:04 . 2003-09-03 07:23 32768 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\Objectps.dll

2011-04-06 02:04 . 2011-04-06 02:04 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\Setup.dll

2011-04-06 02:04 . 2011-04-06 02:04 184452 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iGdi.dll

2011-04-06 02:04 . 2011-04-06 02:04 -------- d-----w- c:\program files\Common Files\ArcSoft

2011-04-06 02:04 . 2003-09-20 13:45 21248 ----a-w- c:\windows\system32\drivers\pfc.sys

2011-04-06 02:04 . 2005-03-16 18:45 143360 ----a-w- c:\windows\system32\PhotoBase Screen Saver.scr

2011-04-06 02:04 . 1995-08-01 09:44 212480 ----a-w- c:\windows\PCDLIB32.DLL

2011-03-24 22:13 . 2011-03-24 22:16 -------- d-----w- c:\documents and settings\Zach

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-04-06 00:37 . 2008-11-19 17:15 1409 ----a-w- c:\windows\Fonts\AFORM105.fot

2011-04-06 00:37 . 1995-12-01 18:01 1409 ----a-w- c:\windows\Fonts\ALAMODE.fot

2011-04-06 00:37 . 1995-12-01 18:01 1409 ----a-w- c:\windows\Fonts\AFORM120.fot

2011-04-06 00:37 . 1995-12-01 18:01 1409 ----a-w- c:\windows\Fonts\AFORM112.fot

2011-04-06 00:37 . 1995-12-01 18:01 1409 ----a-w- c:\windows\Fonts\AFORM100.fot

2011-04-06 00:37 . 1995-12-01 18:01 1409 ----a-w- c:\windows\Fonts\AFORM09B.fot

2011-04-06 00:37 . 1995-12-01 18:01 1409 ----a-w- c:\windows\Fonts\AFORM090.fot

2011-04-06 00:37 . 1995-12-01 18:01 1409 ----a-w- c:\windows\Fonts\AFORM080.fot

2011-04-06 00:37 . 1995-12-01 18:01 1409 ----a-w- c:\windows\Fonts\ADATA095.fot

2011-03-21 01:15 . 2010-06-19 02:27 81920 ----a-w- c:\windows\ALCFDRTM.VER

2011-03-15 04:05 . 2010-07-05 23:51 6792528 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-03-13 23:52 . 2010-11-11 01:04 398760 ----a-r- c:\windows\system32\cpnprt2.cid

2011-03-07 05:33 . 2010-06-09 18:56 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-04 06:37 . 2002-12-31 13:00 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-03-03 13:21 . 2002-12-31 13:00 1857920 ----a-w- c:\windows\system32\win32k.sys

2011-02-22 23:06 . 2002-12-31 13:00 916480 ----a-w- c:\windows\system32\wininet.dll

2011-02-22 23:06 . 2002-12-31 13:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-02-22 23:06 . 2002-12-31 13:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-02-22 11:41 . 2002-12-31 13:00 385024 ----a-w- c:\windows\system32\html.iec

2011-02-17 13:18 . 2002-12-31 13:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-02-17 13:18 . 2002-12-31 13:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys

2011-02-17 12:32 . 2010-06-10 22:30 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2011-02-15 12:56 . 2002-12-31 13:00 290432 ----a-w- c:\windows\system32\atmfd.dll

2011-02-09 13:53 . 2002-12-31 13:00 270848 ----a-w- c:\windows\system32\sbe.dll

2011-02-09 13:53 . 2002-12-31 13:00 186880 ----a-w- c:\windows\system32\encdec.dll

2011-02-08 13:33 . 2002-12-31 13:00 978944 ----a-w- c:\windows\system32\mfc42.dll

2011-02-08 13:33 . 2002-12-31 13:00 974848 ----a-w- c:\windows\system32\mfc42u.dll

2011-02-02 23:11 . 2010-07-04 20:09 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-02-02 07:58 . 2010-06-09 18:54 2067456 ----a-w- c:\windows\system32\mstscax.dll

2011-01-27 11:57 . 2010-06-09 18:54 677888 ----a-w- c:\windows\system32\mstsc.exe

2011-01-21 14:44 . 2002-12-31 13:00 439296 ----a-w- c:\windows\system32\shimgvw.dll

.

.

------- Sigcheck -------

.

[7] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll

.

c:\windows\System32\regsvc.dll ... is missing !!

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-06-19 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMan"="SOUNDMAN.EXE" [2005-09-21 86016]

"AlcWzrd"="ALCWZRD.EXE" [2005-09-21 2807808]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-04 110696]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-04 13670504]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-14 221184]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-14 81920]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2010-12-05 274608]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Billminder.lnk - c:\quickenw\BILLMIND.EXE [2010-6-18 30208]

LUMIX Simple Viewer.lnk - c:\program files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [2011-4-5 57344]

Quicken Startup.lnk - c:\quickenw\QWDLLS.EXE [2010-6-18 27136]

Snagit 10.lnk - c:\program files\TechSmith\Snagit 10\Snagit32.exe [2010-4-13 7046984]

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk

backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Fred^Start Menu^Programs^Startup^Check for OneTouch Updates.lnk]

path=c:\documents and settings\Fred\Start Menu\Programs\Startup\Check for OneTouch Updates.lnk

backup=c:\windows\pss\Check for OneTouch Updates.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2001-07-09 16:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OneTouch Monitor]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2010-06-19 23:06 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"1035:TCP"= 1035:TCP:Akamai NetSession Interface

"5000:UDP"= 5000:UDP:Akamai NetSession Interface

.

R1 MpKsl942b8800;MpKsl942b8800;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EDEF30F0-96CD-479B-92F4-CCBA60771163}\MpKsl942b8800.sys [4/16/2011 9:41 AM 28752]

R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [12/31/2002 8:00 AM 14336]

S1 MpKsle04a1819;MpKsle04a1819;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{358E2811-4CA3-4E21-83FF-8CBC21BD6650}\MpKsle04a1819.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{358E2811-4CA3-4E21-83FF-8CBC21BD6650}\MpKsle04a1819.sys [?]

S1 MpKsle2a75a25;MpKsle2a75a25;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BA60671F-C88C-41AA-986F-6490C8993877}\MpKsle2a75a25.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BA60671F-C88C-41AA-986F-6490C8993877}\MpKsle2a75a25.sys [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/19/2010 8:56 PM 135664]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - KLMD25

*NewlyCreated* - MPKSL942B8800

*Deregistered* - klmd25

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

getPlusHelper REG_MULTI_SZ getPlusHelper

Akamai REG_MULTI_SZ Akamai

.

Contents of the 'Scheduled Tasks' folder

.

2011-04-09 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]

.

2011-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-20 01:56]

.

2011-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-20 01:56]

.

2011-04-16 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 18:26]

.

2011-04-16 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-842925246-1801674531-682003330-1004.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 17:33]

.

2011-04-16 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-842925246-1801674531-682003330-1005.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 17:33]

.

2011-04-16 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-842925246-1801674531-682003330-1006.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 17:33]

.

2011-04-16 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-842925246-1801674531-682003330-1004.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 17:33]

.

2011-04-16 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-842925246-1801674531-682003330-1005.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 17:33]

.

2011-04-13 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-842925246-1801674531-682003330-1006.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 17:33]

.

2011-04-15 c:\windows\Tasks\User_Feed_Synchronization-{9DA549B8-356D-49D4-B335-757A58E8148D}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://my.yahoo.com/

IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

DPF: {24075344-C216-4EDF-B001-D2147ACC9883} - file:///C:/Win2000/Content/cabs/alaWeb.CAB

DPF: {AED6797A-D608-11D4-89D2-00105AA3C57F} - file:///C:/Win2000/Content/cabs/alaGrid.CAB

.

.

------- File Associations -------

.

.scr=DWGTrueViewScriptFile

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)

WebBrowser-{22E03916-85C5-44B0-8DC9-1830C11238D9} - (no file)

WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)

HKLM-Run-nwiz - nwiz.exe

MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe

AddRemove-OneTouch Version 3.0 - c:\progra~1\VISION~1\UNWISE.EXE

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-04-16 16:20

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

Completion time: 2011-04-16 16:22:46

ComboFix-quarantined-files.txt 2011-04-16 21:22

.

Pre-Run: 146,114,613,248 bytes free

Post-Run: 147,954,417,664 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - 225C0CE8404FA6857B61145A48156A77

Link to post
Share on other sites

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Run ESET Online Scan

  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the esetOnline.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    1. Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.

    3. Check esetAcceptTerms.png
    4. Click the esetStart.png button.
    5. Accept any security warnings from your browser.
    6. Check esetScanArchives.png
    7. Push the Start button.
    8. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    9. When the scan completes, push esetListThreats.png
    10. Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    11. Push the esetBack.png button.
    12. Push esetFinish.png

      You can refer to this animation by neomage if needed.
Link to post
Share on other sites

You're welcome.

Depending on the turn out of those scans, you may not be able to us your log in anymore due to the malware. But, we will travel down that path when the times comes ;)

Please post the scan results when they are finished.

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6377

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

4/16/2011 6:36:24 PM

mbam-log-2011-04-16 (18-36-24).txt

Scan type: Quick scan

Objects scanned: 200717

Time elapsed: 6 minute(s), 58 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

C:\Documents and Settings\Fred\Application Data\Sun\Java\Deployment\cache\6.0\57\4ed53739-64f5111f a variant of Win32/Kryptik.MRQ trojan cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Documents and Settings\Fred\Local Settings\Application Data\qog.exe.vir a variant of Win32/Kryptik.MRQ trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{C723B882-D103-4993-A591-C1988299F44F}\RP447\A0038187.exe a variant of Win32/Kryptik.MRQ trojan cleaned by deleting - quarantined

Link to post
Share on other sites

Thank you for the reports.

Now on your wife's account,

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

aswmbrscan.gif

Click the "Scan" button to start scan

aswmbrsavelog.gif

On completion of the scan click save log, save it to your desktop and post in your next reply

Link to post
Share on other sites

aswMBR version 0.9.4 Copyright© 2011 AVAST Software

Run date: 2011-04-17 06:54:27

-----------------------------

06:54:27.000 OS Version: Windows 5.1.2600 Service Pack 3

06:54:27.000 Number of processors: 2 586 0x403

06:54:27.000 ComputerName: MINE-E06B998C2B UserName: Bonnie

06:54:28.609 Initialize success

06:54:33.218 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

06:54:33.218 Disk 0 Vendor: Maxtor_6B200M0 BANC1B10 Size: 190782MB BusType: 3

06:54:35.218 Disk 0 MBR read successfully

06:54:35.218 Disk 0 MBR scan

06:54:37.218 Disk 0 scanning sectors +390700800

06:54:37.234 Disk 0 scanning C:\WINDOWS\system32\drivers

06:54:41.453 Service scanning

06:54:42.390 Disk 0 trace - called modules:

06:54:42.406 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS

06:54:42.406 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a3fcab8]

06:54:42.406 3 CLASSPNP.SYS[b8108fd7] -> nt!IofCallDriver -> \Device\00000061[0x8a45f3b8]

06:54:42.406 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a3ffd98]

06:54:42.406 Scan finished successfully

Link to post
Share on other sites

Hi Fred,

Thank you for the log. Now, please log into your account this time, the one that is badly infected, and follow these instructions:

Download Combofix from any of the links below but rename it to Iexplorer.com before saving it to your desktop.

* IMPORTANT !!! Save Iexplorer.com to your Desktop

Link 1

Link 2<--Right Click and use Save As if using this link.

Double click on the Iexplorer.com ComboFix.exe & follow the prompts.

  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt so we can continue cleaning the system.

Link to post
Share on other sites

ComboFix 11-04-17.02 - Bonnie 04/18/2011 5:21.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2943.2136 [GMT -5:00]

Running from: c:\documents and settings\Bonnie\Desktop\Iexplorer.com

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

.

((((((((((((((((((((((((( Files Created from 2011-03-18 to 2011-04-18 )))))))))))))))))))))))))))))))

.

.

2011-04-18 00:49 . 2011-04-18 00:49 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4D3ECFEF-3380-48C1-A95D-F60D6274AD46}\MpKsle4fe38fd.sys

2011-04-17 01:05 . 2011-03-15 04:05 6792528 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4D3ECFEF-3380-48C1-A95D-F60D6274AD46}\mpengine.dll

2011-04-16 23:40 . 2011-04-16 23:40 -------- d-----w- c:\program files\ESET

2011-04-16 23:27 . 2011-04-16 23:27 -------- d-----w- c:\documents and settings\Bonnie\Application Data\Malwarebytes

2011-04-16 23:26 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-04-16 23:26 . 2011-04-16 23:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-04-16 23:26 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-04-16 23:26 . 2011-04-16 23:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-04-16 22:52 . 2011-04-16 22:52 -------- d-----w- c:\documents and settings\Fred2

2011-04-06 02:05 . 2005-06-01 09:10 495616 ----a-w- c:\windows\system32\PICSDK2.dll

2011-04-06 02:05 . 2005-06-01 08:10 77824 ----a-w- c:\windows\system32\PICEntry.dll

2011-04-06 02:05 . 2005-06-01 05:10 73728 ----a-w- c:\windows\system32\PICSDK.dll

2011-04-06 02:05 . 2004-03-03 11:10 65536 ----a-w- c:\windows\system32\EPPicMgr.dll

2011-04-06 02:05 . 2004-03-03 11:10 114688 ----a-w- c:\windows\system32\EpPicPrt.dll

2011-04-06 02:05 . 2011-04-06 02:05 -------- d-----w- c:\program files\Panasonic

2011-04-06 02:04 . 2003-09-03 07:28 724992 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iKernel.dll

2011-04-06 02:04 . 2003-09-03 07:27 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\ctor.dll

2011-04-06 02:04 . 2003-09-03 07:26 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iscript.dll

2011-04-06 02:04 . 2003-09-03 07:26 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iuser.dll

2011-04-06 02:04 . 2003-09-03 07:25 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\DotNetInstaller.exe

2011-04-06 02:04 . 2003-09-03 07:23 32768 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\Objectps.dll

2011-04-06 02:04 . 2011-04-06 02:04 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\Setup.dll

2011-04-06 02:04 . 2011-04-06 02:04 184452 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iGdi.dll

2011-04-06 02:04 . 2011-04-06 02:04 -------- d-----w- c:\program files\Common Files\ArcSoft

2011-04-06 02:04 . 2003-09-20 13:45 21248 ----a-w- c:\windows\system32\drivers\pfc.sys

2011-04-06 02:04 . 2005-03-16 18:45 143360 ----a-w- c:\windows\system32\PhotoBase Screen Saver.scr

2011-04-06 02:04 . 1995-08-01 09:44 212480 ----a-w- c:\windows\PCDLIB32.DLL

2011-03-24 22:13 . 2011-03-24 22:16 -------- d-----w- c:\documents and settings\Zach

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-04-06 00:37 . 2008-11-19 17:15 1409 ----a-w- c:\windows\Fonts\AFORM105.fot

2011-04-06 00:37 . 1995-12-01 18:01 1409 ----a-w- c:\windows\Fonts\ALAMODE.fot

2011-04-06 00:37 . 1995-12-01 18:01 1409 ----a-w- c:\windows\Fonts\AFORM120.fot

2011-04-06 00:37 . 1995-12-01 18:01 1409 ----a-w- c:\windows\Fonts\AFORM112.fot

2011-04-06 00:37 . 1995-12-01 18:01 1409 ----a-w- c:\windows\Fonts\AFORM100.fot

2011-04-06 00:37 . 1995-12-01 18:01 1409 ----a-w- c:\windows\Fonts\AFORM09B.fot

2011-04-06 00:37 . 1995-12-01 18:01 1409 ----a-w- c:\windows\Fonts\AFORM090.fot

2011-04-06 00:37 . 1995-12-01 18:01 1409 ----a-w- c:\windows\Fonts\AFORM080.fot

2011-04-06 00:37 . 1995-12-01 18:01 1409 ----a-w- c:\windows\Fonts\ADATA095.fot

2011-03-21 01:15 . 2010-06-19 02:27 81920 ----a-w- c:\windows\ALCFDRTM.VER

2011-03-15 04:05 . 2010-07-05 23:51 6792528 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-03-13 23:52 . 2010-11-11 01:04 398760 ----a-r- c:\windows\system32\cpnprt2.cid

2011-03-07 05:33 . 2010-06-09 18:56 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-04 06:37 . 2002-12-31 13:00 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-03-03 13:21 . 2002-12-31 13:00 1857920 ----a-w- c:\windows\system32\win32k.sys

2011-02-22 23:06 . 2002-12-31 13:00 916480 ----a-w- c:\windows\system32\wininet.dll

2011-02-22 23:06 . 2002-12-31 13:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-02-22 23:06 . 2002-12-31 13:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-02-22 11:41 . 2002-12-31 13:00 385024 ----a-w- c:\windows\system32\html.iec

2011-02-17 13:18 . 2002-12-31 13:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-02-17 13:18 . 2002-12-31 13:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys

2011-02-17 12:32 . 2010-06-10 22:30 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2011-02-15 12:56 . 2002-12-31 13:00 290432 ----a-w- c:\windows\system32\atmfd.dll

2011-02-09 13:53 . 2002-12-31 13:00 270848 ----a-w- c:\windows\system32\sbe.dll

2011-02-09 13:53 . 2002-12-31 13:00 186880 ----a-w- c:\windows\system32\encdec.dll

2011-02-08 13:33 . 2002-12-31 13:00 978944 ----a-w- c:\windows\system32\mfc42.dll

2011-02-08 13:33 . 2002-12-31 13:00 974848 ----a-w- c:\windows\system32\mfc42u.dll

2011-02-02 23:11 . 2010-07-04 20:09 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-02-02 07:58 . 2010-06-09 18:54 2067456 ----a-w- c:\windows\system32\mstscax.dll

2011-01-27 11:57 . 2010-06-09 18:54 677888 ----a-w- c:\windows\system32\mstsc.exe

2011-01-21 14:44 . 2002-12-31 13:00 439296 ----a-w- c:\windows\system32\shimgvw.dll

.

.

------- Sigcheck -------

.

[7] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll

.

c:\windows\System32\regsvc.dll ... is missing !!

.

((((((((((((((((((((((((((((( SnapShot@2011-04-16_21.20.34 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-06-11 19:14 . 2011-04-16 22:53 17685 c:\windows\system32\Lang\WzrdLang.bin

- 2010-06-11 19:14 . 2011-03-24 22:14 17685 c:\windows\system32\Lang\WzrdLang.bin

+ 2010-06-11 19:14 . 2011-04-16 22:53 10246 c:\windows\system32\Lang\TradChin.bin

- 2010-06-11 19:14 . 2011-03-24 22:14 10246 c:\windows\system32\Lang\TradChin.bin

+ 2010-06-11 19:14 . 2011-04-16 22:53 12264 c:\windows\system32\Lang\Thai.bin

- 2010-06-11 19:14 . 2011-03-24 22:14 12264 c:\windows\system32\Lang\Thai.bin

+ 2010-06-11 19:14 . 2011-04-16 22:53 13565 c:\windows\system32\Lang\SWEDISH.bin

- 2010-06-11 19:14 . 2011-03-24 22:14 13565 c:\windows\system32\Lang\SWEDISH.bin

- 2010-06-11 19:14 . 2011-03-24 22:14 15521 c:\windows\system32\Lang\Spanish.bin

+ 2010-06-11 19:14 . 2011-04-16 22:53 15521 c:\windows\system32\Lang\Spanish.bin

+ 2010-06-11 19:14 . 2011-04-16 22:53 15530 c:\windows\system32\Lang\Russian.bin

- 2010-06-11 19:14 . 2011-03-24 22:14 15530 c:\windows\system32\Lang\Russian.bin

- 2010-06-11 19:14 . 2011-03-24 22:14 14672 c:\windows\system32\Lang\Portuguese.bin

+ 2010-06-11 19:14 . 2011-04-16 22:53 14672 c:\windows\system32\Lang\Portuguese.bin

- 2010-06-11 19:14 . 2011-03-24 22:14 11441 c:\windows\system32\Lang\Korean.bin

+ 2010-06-11 19:14 . 2011-04-16 22:53 11441 c:\windows\system32\Lang\Korean.bin

+ 2010-06-11 19:14 . 2011-04-16 22:53 13377 c:\windows\system32\Lang\Japanese.bin

- 2010-06-11 19:14 . 2011-03-24 22:14 13377 c:\windows\system32\Lang\Japanese.bin

- 2010-06-11 19:14 . 2011-03-24 22:14 15739 c:\windows\system32\Lang\Italian.bin

+ 2010-06-11 19:14 . 2011-04-16 22:53 15739 c:\windows\system32\Lang\Italian.bin

- 2010-06-11 19:14 . 2011-03-24 22:14 14920 c:\windows\system32\Lang\German.bin

+ 2010-06-11 19:14 . 2011-04-16 22:53 14920 c:\windows\system32\Lang\German.bin

- 2010-06-11 19:14 . 2011-03-24 22:14 15407 c:\windows\system32\Lang\French.bin

+ 2010-06-11 19:14 . 2011-04-16 22:53 15407 c:\windows\system32\Lang\French.bin

- 2010-06-11 19:14 . 2011-03-24 22:14 12220 c:\windows\system32\Lang\English.bin

+ 2010-06-11 19:14 . 2011-04-16 22:53 12220 c:\windows\system32\Lang\English.bin

+ 2010-06-11 19:14 . 2011-04-16 22:53 14502 c:\windows\system32\Lang\Dutch.bin

- 2010-06-11 19:14 . 2011-03-24 22:14 14502 c:\windows\system32\Lang\Dutch.bin

+ 2010-06-11 19:14 . 2011-04-16 22:53 13851 c:\windows\system32\Lang\Danish.bin

- 2010-06-11 19:14 . 2011-03-24 22:14 13851 c:\windows\system32\Lang\Danish.bin

+ 2010-06-11 19:14 . 2011-04-16 22:53 11835 c:\windows\system32\Lang\Arabic.bin

- 2010-06-11 19:14 . 2011-03-24 22:14 11835 c:\windows\system32\Lang\Arabic.bin

+ 2011-04-18 00:48 . 2011-04-18 00:48 16384 c:\windows\system32\config\systemprofile\Local Settings\Temp\Perflib_Perfdata_7cc.dat

+ 2011-04-18 00:48 . 2011-04-18 00:48 16384 c:\windows\system32\config\systemprofile\Local Settings\Temp\Perflib_Perfdata_6ec.dat

- 2010-06-11 19:14 . 2011-03-24 22:14 9522 c:\windows\system32\Lang\SimChin.bin

+ 2010-06-11 19:14 . 2011-04-16 22:53 9522 c:\windows\system32\Lang\SimChin.bin

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-06-19 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMan"="SOUNDMAN.EXE" [2005-09-21 86016]

"AlcWzrd"="ALCWZRD.EXE" [2005-09-21 2807808]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-04 110696]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-04 13670504]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-14 221184]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-14 81920]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2010-12-05 274608]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Billminder.lnk - c:\quickenw\BILLMIND.EXE [2010-6-18 30208]

LUMIX Simple Viewer.lnk - c:\program files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [2011-4-5 57344]

Quicken Startup.lnk - c:\quickenw\QWDLLS.EXE [2010-6-18 27136]

Snagit 10.lnk - c:\program files\TechSmith\Snagit 10\Snagit32.exe [2010-4-13 7046984]

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk

backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Fred^Start Menu^Programs^Startup^Check for OneTouch Updates.lnk]

path=c:\documents and settings\Fred\Start Menu\Programs\Startup\Check for OneTouch Updates.lnk

backup=c:\windows\pss\Check for OneTouch Updates.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2001-07-09 16:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OneTouch Monitor]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2010-06-19 23:06 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"4147:TCP"= 4147:TCP:Akamai NetSession Interface

"5000:UDP"= 5000:UDP:Akamai NetSession Interface

.

R1 MpKsle4fe38fd;MpKsle4fe38fd;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4D3ECFEF-3380-48C1-A95D-F60D6274AD46}\MpKsle4fe38fd.sys [4/17/2011 7:49 PM 28752]

R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [12/31/2002 8:00 AM 14336]

S1 MpKsle04a1819;MpKsle04a1819;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{358E2811-4CA3-4E21-83FF-8CBC21BD6650}\MpKsle04a1819.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{358E2811-4CA3-4E21-83FF-8CBC21BD6650}\MpKsle04a1819.sys [?]

S1 MpKsle2a75a25;MpKsle2a75a25;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BA60671F-C88C-41AA-986F-6490C8993877}\MpKsle2a75a25.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BA60671F-C88C-41AA-986F-6490C8993877}\MpKsle2a75a25.sys [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/19/2010 8:56 PM 135664]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - MPKSLE4FE38FD

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

getPlusHelper REG_MULTI_SZ getPlusHelper

Akamai REG_MULTI_SZ Akamai

.

Contents of the 'Scheduled Tasks' folder

.

2011-04-16 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]

.

2011-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-20 01:56]

.

2011-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-20 01:56]

.

2011-04-18 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 18:26]

.

2011-04-18 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-842925246-1801674531-682003330-1004.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 17:33]

.

2011-04-18 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-842925246-1801674531-682003330-1005.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 17:33]

.

2011-04-18 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-842925246-1801674531-682003330-1006.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 17:33]

.

2011-04-18 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-842925246-1801674531-682003330-1004.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 17:33]

.

2011-04-18 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-842925246-1801674531-682003330-1005.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 17:33]

.

2011-04-13 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-842925246-1801674531-682003330-1006.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 17:33]

.

2011-04-18 c:\windows\Tasks\User_Feed_Synchronization-{9DA549B8-356D-49D4-B335-757A58E8148D}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://my.yahoo.com/

IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

DPF: {24075344-C216-4EDF-B001-D2147ACC9883} - file:///C:/Win2000/Content/cabs/alaWeb.CAB

DPF: {AED6797A-D608-11D4-89D2-00105AA3C57F} - file:///C:/Win2000/Content/cabs/alaGrid.CAB

.

.

------- File Associations -------

.

.scr=DWGTrueViewScriptFile

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-04-18 05:26

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(1428)

c:\windows\system32\WININET.dll

c:\windows\system32\AcSignIcon.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll

c:\program files\Common Files\Autodesk Shared\AcSignCore16.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

- - - - - - - > 'explorer.exe'(2264)

c:\windows\system32\WININET.dll

c:\windows\system32\AcSignIcon.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll

c:\progra~1\WINDOW~2\wmpband.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\IEFRAME.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2011-04-18 05:28:46

ComboFix-quarantined-files.txt 2011-04-18 10:28

ComboFix2.txt 2011-04-16 21:22

.

Pre-Run: 147,700,350,976 bytes free

Post-Run: 147,734,368,256 bytes free

.

- - End Of File - - 993E29D6EEF72AD11BA911B325A5E98A

Link to post
Share on other sites

Please log into your account now and try the following:

Step #1

Scan with exeHelper:

Please download exeHelper to your desktop.

  • Double-click on exeHelper.com to run the fix.
  • A black window should pop up, press any key to close once the fix is completed.
  • Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)

Note: If the window shows a message that says "Error deleting file", please re-run the program

Step #2

Download and Run RKill:

Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1

Link 2

Link 3

Link 4

  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply

Do not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.

If you continue having problems running rkill.com, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.

Step #3

Please try running ComboFix from your account now as well.

Link to post
Share on other sites

exeHelper by Raktor

Build 20100414

Run at 18:07:50 on 04/19/11

Now searching...

Checking for numerical processes...

Checking for sysguard processes...

Checking for bad processes...

Checking for bad files...

Checking for bad registry entries...

Resetting filetype association for .exe

Resetting filetype association for .com

Resetting userinit and shell values...

Resetting policies...

--Finished--

---------------------------------------------------------------------------------------------------------

This log file is located at C:\rkill.log.

Please post this only if requested to by the person helping you.

Otherwise you can close this log when you wish.

Rkill was run on 04/19/2011 at 18:10:34.

Operating System: Microsoft Windows XP

Processes terminated by Rkill or while it was running:

Rkill completed on 04/19/2011 at 18:10:39.

Link to post
Share on other sites

I was able to run combofix under my profile. Here's the results

ComboFix 11-04-19.01 - Fred 04/19/2011 18:20:16.3.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2943.2068 [GMT -5:00]

Running from: c:\documents and settings\Fred\Desktop\Iexplorer.com

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

.

((((((((((((((((((((((((( Files Created from 2011-03-19 to 2011-04-19 )))))))))))))))))))))))))))))))

.

.

2011-04-18 00:49 . 2011-04-18 00:49 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4D3ECFEF-3380-48C1-A95D-F60D6274AD46}\MpKsle4fe38fd.sys

2011-04-17 01:05 . 2011-03-15 04:05 6792528 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4D3ECFEF-3380-48C1-A95D-F60D6274AD46}\mpengine.dll

2011-04-16 23:40 . 2011-04-16 23:40 -------- d-----w- c:\program files\ESET

2011-04-16 23:27 . 2011-04-16 23:27 -------- d-----w- c:\documents and settings\Bonnie\Application Data\Malwarebytes

2011-04-16 23:26 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-04-16 23:26 . 2011-04-16 23:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-04-16 23:26 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-04-16 23:26 . 2011-04-16 23:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-04-16 22:52 . 2011-04-16 22:52 -------- d-----w- c:\documents and settings\Fred2

2011-04-06 02:05 . 2005-06-01 09:10 495616 ----a-w- c:\windows\system32\PICSDK2.dll

2011-04-06 02:05 . 2005-06-01 08:10 77824 ----a-w- c:\windows\system32\PICEntry.dll

2011-04-06 02:05 . 2005-06-01 05:10 73728 ----a-w- c:\windows\system32\PICSDK.dll

2011-04-06 02:05 . 2004-03-03 11:10 65536 ----a-w- c:\windows\system32\EPPicMgr.dll

2011-04-06 02:05 . 2004-03-03 11:10 114688 ----a-w- c:\windows\system32\EpPicPrt.dll

2011-04-06 02:05 . 2011-04-06 02:05 -------- d-----w- c:\program files\Panasonic

2011-04-06 02:04 . 2003-09-03 07:28 724992 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iKernel.dll

2011-04-06 02:04 . 2003-09-03 07:27 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\ctor.dll

2011-04-06 02:04 . 2003-09-03 07:26 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iscript.dll

2011-04-06 02:04 . 2003-09-03 07:26 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iuser.dll

2011-04-06 02:04 . 2003-09-03 07:25 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\DotNetInstaller.exe

2011-04-06 02:04 . 2003-09-03 07:23 32768 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\Objectps.dll

2011-04-06 02:04 . 2011-04-06 02:04 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\Setup.dll

2011-04-06 02:04 . 2011-04-06 02:04 184452 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iGdi.dll

2011-04-06 02:04 . 2011-04-06 02:04 -------- d-----w- c:\program files\Common Files\ArcSoft

2011-04-06 02:04 . 2003-09-20 13:45 21248 ----a-w- c:\windows\system32\drivers\pfc.sys

2011-04-06 02:04 . 2005-03-16 18:45 143360 ----a-w- c:\windows\system32\PhotoBase Screen Saver.scr

2011-04-06 02:04 . 1995-08-01 09:44 212480 ----a-w- c:\windows\PCDLIB32.DLL

2011-03-24 22:13 . 2011-03-24 22:16 -------- d-----w- c:\documents and settings\Zach

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-04-06 00:37 . 2008-11-19 17:15 1409 ----a-w- c:\windows\Fonts\AFORM105.fot

2011-04-06 00:37 . 1995-12-01 18:01 1409 ----a-w- c:\windows\Fonts\ALAMODE.fot

2011-04-06 00:37 . 1995-12-01 18:01 1409 ----a-w- c:\windows\Fonts\AFORM120.fot

2011-04-06 00:37 . 1995-12-01 18:01 1409 ----a-w- c:\windows\Fonts\AFORM112.fot

2011-04-06 00:37 . 1995-12-01 18:01 1409 ----a-w- c:\windows\Fonts\AFORM100.fot

2011-04-06 00:37 . 1995-12-01 18:01 1409 ----a-w- c:\windows\Fonts\AFORM09B.fot

2011-04-06 00:37 . 1995-12-01 18:01 1409 ----a-w- c:\windows\Fonts\AFORM090.fot

2011-04-06 00:37 . 1995-12-01 18:01 1409 ----a-w- c:\windows\Fonts\AFORM080.fot

2011-04-06 00:37 . 1995-12-01 18:01 1409 ----a-w- c:\windows\Fonts\ADATA095.fot

2011-03-21 01:15 . 2010-06-19 02:27 81920 ----a-w- c:\windows\ALCFDRTM.VER

2011-03-15 04:05 . 2010-07-05 23:51 6792528 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-03-13 23:52 . 2010-11-11 01:04 398760 ----a-r- c:\windows\system32\cpnprt2.cid

2011-03-07 05:33 . 2010-06-09 18:56 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-04 06:37 . 2002-12-31 13:00 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-03-03 13:21 . 2002-12-31 13:00 1857920 ----a-w- c:\windows\system32\win32k.sys

2011-02-22 23:06 . 2002-12-31 13:00 916480 ----a-w- c:\windows\system32\wininet.dll

2011-02-22 23:06 . 2002-12-31 13:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-02-22 23:06 . 2002-12-31 13:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-02-22 11:41 . 2002-12-31 13:00 385024 ----a-w- c:\windows\system32\html.iec

2011-02-17 13:18 . 2002-12-31 13:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-02-17 13:18 . 2002-12-31 13:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys

2011-02-17 12:32 . 2010-06-10 22:30 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2011-02-15 12:56 . 2002-12-31 13:00 290432 ----a-w- c:\windows\system32\atmfd.dll

2011-02-09 13:53 . 2002-12-31 13:00 270848 ----a-w- c:\windows\system32\sbe.dll

2011-02-09 13:53 . 2002-12-31 13:00 186880 ----a-w- c:\windows\system32\encdec.dll

2011-02-08 13:33 . 2002-12-31 13:00 978944 ----a-w- c:\windows\system32\mfc42.dll

2011-02-08 13:33 . 2002-12-31 13:00 974848 ----a-w- c:\windows\system32\mfc42u.dll

2011-02-02 23:11 . 2010-07-04 20:09 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-02-02 07:58 . 2010-06-09 18:54 2067456 ----a-w- c:\windows\system32\mstscax.dll

2011-01-27 11:57 . 2010-06-09 18:54 677888 ----a-w- c:\windows\system32\mstsc.exe

2011-01-21 14:44 . 2002-12-31 13:00 439296 ----a-w- c:\windows\system32\shimgvw.dll

.

.

------- Sigcheck -------

.

[7] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll

.

c:\windows\System32\regsvc.dll ... is missing !!

.

((((((((((((((((((((((((((((( SnapShot@2011-04-16_21.20.34 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-06-11 19:14 . 2011-04-16 22:53 17685 c:\windows\system32\Lang\WzrdLang.bin

- 2010-06-11 19:14 . 2011-03-24 22:14 17685 c:\windows\system32\Lang\WzrdLang.bin

+ 2010-06-11 19:14 . 2011-04-16 22:53 10246 c:\windows\system32\Lang\TradChin.bin

- 2010-06-11 19:14 . 2011-03-24 22:14 10246 c:\windows\system32\Lang\TradChin.bin

+ 2010-06-11 19:14 . 2011-04-16 22:53 12264 c:\windows\system32\Lang\Thai.bin

- 2010-06-11 19:14 . 2011-03-24 22:14 12264 c:\windows\system32\Lang\Thai.bin

+ 2010-06-11 19:14 . 2011-04-16 22:53 13565 c:\windows\system32\Lang\SWEDISH.bin

- 2010-06-11 19:14 . 2011-03-24 22:14 13565 c:\windows\system32\Lang\SWEDISH.bin

- 2010-06-11 19:14 . 2011-03-24 22:14 15521 c:\windows\system32\Lang\Spanish.bin

+ 2010-06-11 19:14 . 2011-04-16 22:53 15521 c:\windows\system32\Lang\Spanish.bin

+ 2010-06-11 19:14 . 2011-04-16 22:53 15530 c:\windows\system32\Lang\Russian.bin

- 2010-06-11 19:14 . 2011-03-24 22:14 15530 c:\windows\system32\Lang\Russian.bin

- 2010-06-11 19:14 . 2011-03-24 22:14 14672 c:\windows\system32\Lang\Portuguese.bin

+ 2010-06-11 19:14 . 2011-04-16 22:53 14672 c:\windows\system32\Lang\Portuguese.bin

- 2010-06-11 19:14 . 2011-03-24 22:14 11441 c:\windows\system32\Lang\Korean.bin

+ 2010-06-11 19:14 . 2011-04-16 22:53 11441 c:\windows\system32\Lang\Korean.bin

+ 2010-06-11 19:14 . 2011-04-16 22:53 13377 c:\windows\system32\Lang\Japanese.bin

- 2010-06-11 19:14 . 2011-03-24 22:14 13377 c:\windows\system32\Lang\Japanese.bin

- 2010-06-11 19:14 . 2011-03-24 22:14 15739 c:\windows\system32\Lang\Italian.bin

+ 2010-06-11 19:14 . 2011-04-16 22:53 15739 c:\windows\system32\Lang\Italian.bin

- 2010-06-11 19:14 . 2011-03-24 22:14 14920 c:\windows\system32\Lang\German.bin

+ 2010-06-11 19:14 . 2011-04-16 22:53 14920 c:\windows\system32\Lang\German.bin

- 2010-06-11 19:14 . 2011-03-24 22:14 15407 c:\windows\system32\Lang\French.bin

+ 2010-06-11 19:14 . 2011-04-16 22:53 15407 c:\windows\system32\Lang\French.bin

- 2010-06-11 19:14 . 2011-03-24 22:14 12220 c:\windows\system32\Lang\English.bin

+ 2010-06-11 19:14 . 2011-04-16 22:53 12220 c:\windows\system32\Lang\English.bin

+ 2010-06-11 19:14 . 2011-04-16 22:53 14502 c:\windows\system32\Lang\Dutch.bin

- 2010-06-11 19:14 . 2011-03-24 22:14 14502 c:\windows\system32\Lang\Dutch.bin

+ 2010-06-11 19:14 . 2011-04-16 22:53 13851 c:\windows\system32\Lang\Danish.bin

- 2010-06-11 19:14 . 2011-03-24 22:14 13851 c:\windows\system32\Lang\Danish.bin

+ 2010-06-11 19:14 . 2011-04-16 22:53 11835 c:\windows\system32\Lang\Arabic.bin

- 2010-06-11 19:14 . 2011-03-24 22:14 11835 c:\windows\system32\Lang\Arabic.bin

+ 2011-04-18 00:48 . 2011-04-18 00:48 16384 c:\windows\system32\config\systemprofile\Local Settings\Temp\Perflib_Perfdata_7cc.dat

+ 2011-04-18 00:48 . 2011-04-18 00:48 16384 c:\windows\system32\config\systemprofile\Local Settings\Temp\Perflib_Perfdata_6ec.dat

- 2010-06-11 19:14 . 2011-03-24 22:14 9522 c:\windows\system32\Lang\SimChin.bin

+ 2010-06-11 19:14 . 2011-04-16 22:53 9522 c:\windows\system32\Lang\SimChin.bin

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-06-19 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMan"="SOUNDMAN.EXE" [2005-09-21 86016]

"AlcWzrd"="ALCWZRD.EXE" [2005-09-21 2807808]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-04 110696]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-04 13670504]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-14 221184]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-14 81920]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2010-12-05 274608]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Billminder.lnk - c:\quickenw\BILLMIND.EXE [2010-6-18 30208]

LUMIX Simple Viewer.lnk - c:\program files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [2011-4-5 57344]

Quicken Startup.lnk - c:\quickenw\QWDLLS.EXE [2010-6-18 27136]

Snagit 10.lnk - c:\program files\TechSmith\Snagit 10\Snagit32.exe [2010-4-13 7046984]

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk

backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Fred^Start Menu^Programs^Startup^Check for OneTouch Updates.lnk]

path=c:\documents and settings\Fred\Start Menu\Programs\Startup\Check for OneTouch Updates.lnk

backup=c:\windows\pss\Check for OneTouch Updates.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2001-07-09 16:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OneTouch Monitor]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2010-06-19 23:06 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"4183:TCP"= 4183:TCP:Akamai NetSession Interface

"5000:UDP"= 5000:UDP:Akamai NetSession Interface

.

R1 MpKsle4fe38fd;MpKsle4fe38fd;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4D3ECFEF-3380-48C1-A95D-F60D6274AD46}\MpKsle4fe38fd.sys [4/17/2011 7:49 PM 28752]

R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [12/31/2002 8:00 AM 14336]

S1 MpKsle04a1819;MpKsle04a1819;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{358E2811-4CA3-4E21-83FF-8CBC21BD6650}\MpKsle04a1819.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{358E2811-4CA3-4E21-83FF-8CBC21BD6650}\MpKsle04a1819.sys [?]

S1 MpKsle2a75a25;MpKsle2a75a25;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BA60671F-C88C-41AA-986F-6490C8993877}\MpKsle2a75a25.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BA60671F-C88C-41AA-986F-6490C8993877}\MpKsle2a75a25.sys [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/19/2010 8:56 PM 135664]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - MPKSLE4FE38FD

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

getPlusHelper REG_MULTI_SZ getPlusHelper

Akamai REG_MULTI_SZ Akamai

.

Contents of the 'Scheduled Tasks' folder

.

2011-04-16 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]

.

2011-04-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-20 01:56]

.

2011-04-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-20 01:56]

.

2011-04-18 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 18:26]

.

2011-04-19 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-842925246-1801674531-682003330-1004.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 17:33]

.

2011-04-19 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-842925246-1801674531-682003330-1005.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 17:33]

.

2011-04-18 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-842925246-1801674531-682003330-1006.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 17:33]

.

2011-04-19 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-842925246-1801674531-682003330-1004.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 17:33]

.

2011-04-19 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-842925246-1801674531-682003330-1005.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 17:33]

.

2011-04-18 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-842925246-1801674531-682003330-1006.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 17:33]

.

2011-04-19 c:\windows\Tasks\User_Feed_Synchronization-{9DA549B8-356D-49D4-B335-757A58E8148D}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://my.yahoo.com/

uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch

uInternet Settings,ProxyOverride = *.local

IE: &Download All using 4shared Desktop - c:\program files\4shared Desktop\down_all.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

DPF: {24075344-C216-4EDF-B001-D2147ACC9883} - file:///C:/Win2000/Content/cabs/alaWeb.CAB

DPF: {AED6797A-D608-11D4-89D2-00105AA3C57F} - file:///C:/Win2000/Content/cabs/alaGrid.CAB

.

.

------- File Associations -------

.

.scr=DWGTrueViewScriptFile

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-04-19 18:24

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(4568)

c:\windows\system32\WININET.dll

c:\windows\system32\AcSignIcon.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll

c:\progra~1\WINDOW~2\wmpband.dll

c:\program files\Common Files\Autodesk Shared\AcSignCore16.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

- - - - - - - > 'explorer.exe'(3132)

c:\windows\system32\WININET.dll

c:\windows\system32\AcSignIcon.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll

c:\program files\Windows Desktop Search\deskbar.dll

c:\program files\Windows Desktop Search\en-us\dbres.dll.mui

c:\program files\Windows Desktop Search\dbres.dll

c:\program files\Windows Desktop Search\wordwheel.dll

c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui

c:\program files\Windows Desktop Search\msnlExtRes.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

- - - - - - - > 'explorer.exe'(4776)

c:\windows\system32\WININET.dll

c:\windows\system32\AcSignIcon.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2011-04-19 18:26:38

ComboFix-quarantined-files.txt 2011-04-19 23:26

ComboFix2.txt 2011-04-18 10:28

ComboFix3.txt 2011-04-16 21:22

.

Pre-Run: 147,581,014,016 bytes free

Post-Run: 147,664,715,776 bytes free

.

- - End Of File - - 1CF37048D6FD84E7DA2A596EB2AC4D28

Link to post
Share on other sites

Glad to hear you were able to run ComboFix under your own profile!

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

RegLock::

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

MIA::

c:\windows\System32\regsvc.dll

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites

ComboFix 11-04-20.01 - Bonnie 04/20/2011 16:34:50.4.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2943.2180 [GMT -5:00]

Running from: c:\documents and settings\Bonnie\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Bonnie\Desktop\CFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\System32\regsvc.dll was missing

Restored copy from - c:\windows\ServicePackFiles\i386\regsvc.dll

.

.

((((((((((((((((((((((((( Files Created from 2011-03-20 to 2011-04-20 )))))))))))))))))))))))))))))))

.

.

2011-04-20 21:41 . 2008-04-14 10:42 59904 ----a-w- c:\windows\system32\regsvc.dll

2011-04-20 21:41 . 2008-04-14 10:42 59904 ----a-w- c:\windows\system32\dllcache\regsvc.dll

2011-04-20 03:36 . 2011-04-20 03:36 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{78147EC1-FBBB-4D4A-B427-3FB280F817D2}\MpKsl00beb007.sys

2011-04-20 01:46 . 2011-04-20 01:46 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{78147EC1-FBBB-4D4A-B427-3FB280F817D2}\MpKsl7d67e380.sys

2011-04-20 01:46 . 2011-03-15 04:05 6792528 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{78147EC1-FBBB-4D4A-B427-3FB280F817D2}\mpengine.dll

2011-04-16 23:40 . 2011-04-16 23:40 -------- d-----w- c:\program files\ESET

2011-04-16 23:27 . 2011-04-16 23:27 -------- d-----w- c:\documents and settings\Bonnie\Application Data\Malwarebytes

2011-04-16 23:26 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-04-16 23:26 . 2011-04-16 23:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-04-16 23:26 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-04-16 23:26 . 2011-04-16 23:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-04-16 22:52 . 2011-04-16 22:52 -------- d-----w- c:\documents and settings\Fred2

2011-04-06 02:05 . 2005-06-01 09:10 495616 ----a-w- c:\windows\system32\PICSDK2.dll

2011-04-06 02:05 . 2005-06-01 08:10 77824 ----a-w- c:\windows\system32\PICEntry.dll

2011-04-06 02:05 . 2005-06-01 05:10 73728 ----a-w- c:\windows\system32\PICSDK.dll

2011-04-06 02:05 . 2004-03-03 11:10 65536 ----a-w- c:\windows\system32\EPPicMgr.dll

2011-04-06 02:05 . 2004-03-03 11:10 114688 ----a-w- c:\windows\system32\EpPicPrt.dll

2011-04-06 02:05 . 2011-04-06 02:05 -------- d-----w- c:\program files\Panasonic

2011-04-06 02:04 . 2003-09-03 07:28 724992 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iKernel.dll

2011-04-06 02:04 . 2003-09-03 07:27 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\ctor.dll

2011-04-06 02:04 . 2003-09-03 07:26 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iscript.dll

2011-04-06 02:04 . 2003-09-03 07:26 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iuser.dll

2011-04-06 02:04 . 2003-09-03 07:25 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\DotNetInstaller.exe

2011-04-06 02:04 . 2003-09-03 07:23 32768 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\Objectps.dll

2011-04-06 02:04 . 2011-04-06 02:04 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\Setup.dll

2011-04-06 02:04 . 2011-04-06 02:04 184452 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iGdi.dll

2011-04-06 02:04 . 2011-04-06 02:04 -------- d-----w- c:\program files\Common Files\ArcSoft

2011-04-06 02:04 . 2003-09-20 13:45 21248 ----a-w- c:\windows\system32\drivers\pfc.sys

2011-04-06 02:04 . 2005-03-16 18:45 143360 ----a-w- c:\windows\system32\PhotoBase Screen Saver.scr

2011-04-06 02:04 . 1995-08-01 09:44 212480 ----a-w- c:\windows\PCDLIB32.DLL

2011-03-24 22:13 . 2011-03-24 22:16 -------- d-----w- c:\documents and settings\Zach

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-04-06 00:37 . 2008-11-19 17:15 1409 ----a-w- c:\windows\Fonts\AFORM105.fot

2011-04-06 00:37 . 1995-12-01 18:01 1409 ----a-w- c:\windows\Fonts\ALAMODE.fot

2011-04-06 00:37 . 1995-12-01 18:01 1409 ----a-w- c:\windows\Fonts\AFORM120.fot

2011-04-06 00:37 . 1995-12-01 18:01 1409 ----a-w- c:\windows\Fonts\AFORM112.fot

2011-04-06 00:37 . 1995-12-01 18:01 1409 ----a-w- c:\windows\Fonts\AFORM100.fot

2011-04-06 00:37 . 1995-12-01 18:01 1409 ----a-w- c:\windows\Fonts\AFORM09B.fot

2011-04-06 00:37 . 1995-12-01 18:01 1409 ----a-w- c:\windows\Fonts\AFORM090.fot

2011-04-06 00:37 . 1995-12-01 18:01 1409 ----a-w- c:\windows\Fonts\AFORM080.fot

2011-04-06 00:37 . 1995-12-01 18:01 1409 ----a-w- c:\windows\Fonts\ADATA095.fot

2011-03-21 01:15 . 2010-06-19 02:27 81920 ----a-w- c:\windows\ALCFDRTM.VER

2011-03-15 04:05 . 2010-07-05 23:51 6792528 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-03-13 23:52 . 2010-11-11 01:04 398760 ----a-r- c:\windows\system32\cpnprt2.cid

2011-03-07 05:33 . 2010-06-09 18:56 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-04 06:37 . 2002-12-31 13:00 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-03-03 13:21 . 2002-12-31 13:00 1857920 ----a-w- c:\windows\system32\win32k.sys

2011-02-22 23:06 . 2002-12-31 13:00 916480 ----a-w- c:\windows\system32\wininet.dll

2011-02-22 23:06 . 2002-12-31 13:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-02-22 23:06 . 2002-12-31 13:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-02-22 11:41 . 2002-12-31 13:00 385024 ----a-w- c:\windows\system32\html.iec

2011-02-17 13:18 . 2002-12-31 13:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-02-17 13:18 . 2002-12-31 13:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys

2011-02-17 12:32 . 2010-06-10 22:30 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2011-02-15 12:56 . 2002-12-31 13:00 290432 ----a-w- c:\windows\system32\atmfd.dll

2011-02-09 13:53 . 2002-12-31 13:00 270848 ----a-w- c:\windows\system32\sbe.dll

2011-02-09 13:53 . 2002-12-31 13:00 186880 ----a-w- c:\windows\system32\encdec.dll

2011-02-08 13:33 . 2002-12-31 13:00 978944 ----a-w- c:\windows\system32\mfc42.dll

2011-02-08 13:33 . 2002-12-31 13:00 974848 ----a-w- c:\windows\system32\mfc42u.dll

2011-02-02 23:11 . 2010-07-04 20:09 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-02-02 07:58 . 2010-06-09 18:54 2067456 ----a-w- c:\windows\system32\mstscax.dll

2011-01-27 11:57 . 2010-06-09 18:54 677888 ----a-w- c:\windows\system32\mstsc.exe

2011-01-21 14:44 . 2002-12-31 13:00 439296 ----a-w- c:\windows\system32\shimgvw.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2011-04-16_21.20.34 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-06-11 19:14 . 2011-04-16 22:53 17685 c:\windows\system32\Lang\WzrdLang.bin

- 2010-06-11 19:14 . 2011-03-24 22:14 17685 c:\windows\system32\Lang\WzrdLang.bin

+ 2010-06-11 19:14 . 2011-04-16 22:53 10246 c:\windows\system32\Lang\TradChin.bin

- 2010-06-11 19:14 . 2011-03-24 22:14 10246 c:\windows\system32\Lang\TradChin.bin

+ 2010-06-11 19:14 . 2011-04-16 22:53 12264 c:\windows\system32\Lang\Thai.bin

- 2010-06-11 19:14 . 2011-03-24 22:14 12264 c:\windows\system32\Lang\Thai.bin

+ 2010-06-11 19:14 . 2011-04-16 22:53 13565 c:\windows\system32\Lang\SWEDISH.bin

- 2010-06-11 19:14 . 2011-03-24 22:14 13565 c:\windows\system32\Lang\SWEDISH.bin

- 2010-06-11 19:14 . 2011-03-24 22:14 15521 c:\windows\system32\Lang\Spanish.bin

+ 2010-06-11 19:14 . 2011-04-16 22:53 15521 c:\windows\system32\Lang\Spanish.bin

+ 2010-06-11 19:14 . 2011-04-16 22:53 15530 c:\windows\system32\Lang\Russian.bin

- 2010-06-11 19:14 . 2011-03-24 22:14 15530 c:\windows\system32\Lang\Russian.bin

- 2010-06-11 19:14 . 2011-03-24 22:14 14672 c:\windows\system32\Lang\Portuguese.bin

+ 2010-06-11 19:14 . 2011-04-16 22:53 14672 c:\windows\system32\Lang\Portuguese.bin

- 2010-06-11 19:14 . 2011-03-24 22:14 11441 c:\windows\system32\Lang\Korean.bin

+ 2010-06-11 19:14 . 2011-04-16 22:53 11441 c:\windows\system32\Lang\Korean.bin

+ 2010-06-11 19:14 . 2011-04-16 22:53 13377 c:\windows\system32\Lang\Japanese.bin

- 2010-06-11 19:14 . 2011-03-24 22:14 13377 c:\windows\system32\Lang\Japanese.bin

- 2010-06-11 19:14 . 2011-03-24 22:14 15739 c:\windows\system32\Lang\Italian.bin

+ 2010-06-11 19:14 . 2011-04-16 22:53 15739 c:\windows\system32\Lang\Italian.bin

- 2010-06-11 19:14 . 2011-03-24 22:14 14920 c:\windows\system32\Lang\German.bin

+ 2010-06-11 19:14 . 2011-04-16 22:53 14920 c:\windows\system32\Lang\German.bin

- 2010-06-11 19:14 . 2011-03-24 22:14 15407 c:\windows\system32\Lang\French.bin

+ 2010-06-11 19:14 . 2011-04-16 22:53 15407 c:\windows\system32\Lang\French.bin

- 2010-06-11 19:14 . 2011-03-24 22:14 12220 c:\windows\system32\Lang\English.bin

+ 2010-06-11 19:14 . 2011-04-16 22:53 12220 c:\windows\system32\Lang\English.bin

+ 2010-06-11 19:14 . 2011-04-16 22:53 14502 c:\windows\system32\Lang\Dutch.bin

- 2010-06-11 19:14 . 2011-03-24 22:14 14502 c:\windows\system32\Lang\Dutch.bin

+ 2010-06-11 19:14 . 2011-04-16 22:53 13851 c:\windows\system32\Lang\Danish.bin

- 2010-06-11 19:14 . 2011-03-24 22:14 13851 c:\windows\system32\Lang\Danish.bin

+ 2010-06-11 19:14 . 2011-04-16 22:53 11835 c:\windows\system32\Lang\Arabic.bin

- 2010-06-11 19:14 . 2011-03-24 22:14 11835 c:\windows\system32\Lang\Arabic.bin

+ 2011-04-20 03:36 . 2011-04-20 03:36 16384 c:\windows\system32\config\systemprofile\Local Settings\Temp\Perflib_Perfdata_d0.dat

+ 2011-04-20 03:36 . 2011-04-20 03:36 16384 c:\windows\system32\config\systemprofile\Local Settings\Temp\Perflib_Perfdata_6fc.dat

- 2010-06-11 19:14 . 2011-03-24 22:14 9522 c:\windows\system32\Lang\SimChin.bin

+ 2010-06-11 19:14 . 2011-04-16 22:53 9522 c:\windows\system32\Lang\SimChin.bin

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-06-19 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMan"="SOUNDMAN.EXE" [2005-09-21 86016]

"AlcWzrd"="ALCWZRD.EXE" [2005-09-21 2807808]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-04 110696]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-04 13670504]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-14 221184]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-14 81920]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2010-12-05 274608]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Billminder.lnk - c:\quickenw\BILLMIND.EXE [2010-6-18 30208]

LUMIX Simple Viewer.lnk - c:\program files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [2011-4-5 57344]

Quicken Startup.lnk - c:\quickenw\QWDLLS.EXE [2010-6-18 27136]

Snagit 10.lnk - c:\program files\TechSmith\Snagit 10\Snagit32.exe [2010-4-13 7046984]

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk

backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Fred^Start Menu^Programs^Startup^Check for OneTouch Updates.lnk]

path=c:\documents and settings\Fred\Start Menu\Programs\Startup\Check for OneTouch Updates.lnk

backup=c:\windows\pss\Check for OneTouch Updates.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2001-07-09 16:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OneTouch Monitor]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2010-06-19 23:06 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"1792:TCP"= 1792:TCP:Akamai NetSession Interface

"5000:UDP"= 5000:UDP:Akamai NetSession Interface

.

R1 MpKsl00beb007;MpKsl00beb007;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{78147EC1-FBBB-4D4A-B427-3FB280F817D2}\MpKsl00beb007.sys [4/19/2011 10:36 PM 28752]

R1 MpKsl7d67e380;MpKsl7d67e380;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{78147EC1-FBBB-4D4A-B427-3FB280F817D2}\MpKsl7d67e380.sys [4/19/2011 8:46 PM 28752]

R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [12/31/2002 8:00 AM 14336]

S1 MpKsle04a1819;MpKsle04a1819;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{358E2811-4CA3-4E21-83FF-8CBC21BD6650}\MpKsle04a1819.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{358E2811-4CA3-4E21-83FF-8CBC21BD6650}\MpKsle04a1819.sys [?]

S1 MpKsle2a75a25;MpKsle2a75a25;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BA60671F-C88C-41AA-986F-6490C8993877}\MpKsle2a75a25.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BA60671F-C88C-41AA-986F-6490C8993877}\MpKsle2a75a25.sys [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/19/2010 8:56 PM 135664]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - MPKSL00BEB007

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

getPlusHelper REG_MULTI_SZ getPlusHelper

Akamai REG_MULTI_SZ Akamai

.

Contents of the 'Scheduled Tasks' folder

.

2011-04-16 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]

.

2011-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-20 01:56]

.

2011-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-20 01:56]

.

2011-04-20 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 18:26]

.

2011-04-20 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-842925246-1801674531-682003330-1004.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 17:33]

.

2011-04-20 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-842925246-1801674531-682003330-1005.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 17:33]

.

2011-04-20 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-842925246-1801674531-682003330-1006.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 17:33]

.

2011-04-20 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-842925246-1801674531-682003330-1004.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 17:33]

.

2011-04-20 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-842925246-1801674531-682003330-1005.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 17:33]

.

2011-04-18 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-842925246-1801674531-682003330-1006.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 17:33]

.

2011-04-20 c:\windows\Tasks\User_Feed_Synchronization-{9DA549B8-356D-49D4-B335-757A58E8148D}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://my.yahoo.com/

IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

DPF: {24075344-C216-4EDF-B001-D2147ACC9883} - file:///C:/Win2000/Content/cabs/alaWeb.CAB

DPF: {AED6797A-D608-11D4-89D2-00105AA3C57F} - file:///C:/Win2000/Content/cabs/alaGrid.CAB

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-04-20 16:41

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(2560)

c:\windows\system32\WININET.dll

c:\windows\system32\AcSignIcon.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll

c:\progra~1\WINDOW~2\wmpband.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

- - - - - - - > 'explorer.exe'(2624)

c:\windows\system32\WININET.dll

c:\windows\system32\AcSignIcon.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll

c:\program files\Common Files\Autodesk Shared\AcSignCore16.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2011-04-20 16:44:03

ComboFix-quarantined-files.txt 2011-04-20 21:44

ComboFix2.txt 2011-04-19 23:26

ComboFix3.txt 2011-04-18 10:28

ComboFix4.txt 2011-04-16 21:22

.

Pre-Run: 147,550,519,296 bytes free

Post-Run: 147,575,840,768 bytes free

.

- - End Of File - - 67349410673FEE32251D43417F9E444A

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6377

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

4/21/2011 5:52:40 PM

mbam-log-2011-04-21 (17-52-40).txt

Scan type: Quick scan

Objects scanned: 203494

Time elapsed: 4 minute(s), 22 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.