Need to check if I got malware

Forum Guidelines

Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Posted Image

Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.

Posted Image

DO NOT RUN ComboFix unless requested to.

Posted Image

Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

Posted Image

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Posted Image

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

Page 1 of 1

You cannot start a new topic
This topic is locked

Need to check if I got malware Recovering from really bad problem.

#1 orion311976

Member

Group: Members
Posts: 16
Joined: 02-September 11

Posted 11 September 2011 - 09:26 AM

A few weeks back my stepdaughters computer wouldn't boot to nothing, no good asking her cause I already knew the answer "I didn't do anything, it just did it itself!" Her moms got the same answer when she messes things up. I finally got it to Windows and stabilized it (sorta), need U guys to check if I still got virus or malware or corrupted sys files. Thanks in advance for ya'lls help.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_27
Run by MissMousie at 6:21:20 on 2011-09-11
.
============== Running Processes ===============
.
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\locator.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\MissMousie.HEATHER\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.sony.com/vaiopeople
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [Switcher.exe] c:\program files\sony\wireless switch setting utility\Switcher.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
Trusted Zone: trymedia.com
DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} - hxxp://esupport.sony.com/VaioInfo.CAB
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1246370114596
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1246370177663
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{58B8EA80-B589-4D24-9BB4-A7609A9DF833} : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\missmousie.heather\application data\mozilla\firefox\profiles\1qqp0h4e.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.sony.com/vaiopeople
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPStreamPlug.dll
.
============= SERVICES / DRIVERS ===============
.
R? Ambfilt;Ambfilt
R? appliand;Applian Network Service
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? cpuz134;cpuz134
R? fsbl-standalone;F-Secure BlackLight Beta Engine Driver
R? MpKsl12c088eb;MpKsl12c088eb
R? MpKsl14bcb724;MpKsl14bcb724
R? MpKsl1b0401be;MpKsl1b0401be
R? MpKsl2ab0cfb8;MpKsl2ab0cfb8
R? MpKsl2af0411f;MpKsl2af0411f
R? MpKsl44f0cf8e;MpKsl44f0cf8e
R? MpKsl4abde046;MpKsl4abde046
R? MpKsl67c2683c;MpKsl67c2683c
R? MpKsl74c83c0c;MpKsl74c83c0c
R? MpKsl794fb173;MpKsl794fb173
R? MpKsl856668a7;MpKsl856668a7
R? MpKsl93deba9f;MpKsl93deba9f
R? MpKsla5f0f19f;MpKsla5f0f19f
R? MpKsla9b78e5d;MpKsla9b78e5d
R? MpKslc18672f6;MpKslc18672f6
R? MpKsleb5a943e;MpKsleb5a943e
R? MpKslfc61f03d;MpKslfc61f03d
R? MpKslffe628f3;MpKslffe628f3
R? vdrive;vdrive
R? WinRM;Windows Remote Management (WS-Management)
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? appliandMP;appliandMP
S? McrdSvc;Media Center Extender Service
S? MpFilter;Microsoft Malware Protection Driver
S? MpKsl8430e932;MpKsl8430e932
S? MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB
S? SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB
S? ti21sony;ti21sony
.
=============== Created Last 30 ================
.
2011-09-11 11:49:28 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5a37d456-4d8f-454c-a813-eaf7213b71be}\MpKsl8430e932.sys
2011-09-11 02:27:32 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2011-09-11 02:27:27 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2011-09-11 02:27:26 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2011-09-11 02:27:21 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2011-09-11 02:27:16 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2011-09-11 02:26:21 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2011-09-11 02:25:50 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2011-09-11 02:25:46 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2011-09-11 02:25:32 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2011-09-11 02:25:31 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2011-09-11 02:25:17 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2011-09-10 21:34:53 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys
2011-09-10 21:34:49 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys
2011-09-10 21:34:44 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys
2011-09-10 21:34:28 771581 -c--a-w- c:\windows\system32\dllcache\winacisa.sys
2011-09-10 21:34:21 53760 -c--a-w- c:\windows\system32\dllcache\wiamsmud.dll
2011-09-10 21:34:16 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2011-09-10 21:34:07 701386 -c--a-w- c:\windows\system32\dllcache\wdhaalba.sys
2011-09-10 21:34:06 23615 -c--a-w- c:\windows\system32\dllcache\wch7xxnt.sys
2011-09-10 21:34:04 31744 -c--a-w- c:\windows\system32\dllcache\wceusbsh.sys
2011-09-10 21:34:00 35871 -c--a-w- c:\windows\system32\dllcache\wbfirdma.sys
2011-09-10 21:32:59 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2011-09-10 21:31:57 94720 -c--a-w- c:\windows\system32\dllcache\umaxud32.dll
2011-09-10 21:31:52 28160 -c--a-w- c:\windows\system32\dllcache\umaxu40.dll
2011-09-10 21:31:48 26624 -c--a-w- c:\windows\system32\dllcache\umaxu22.dll
2011-09-10 21:31:43 69632 -c--a-w- c:\windows\system32\dllcache\umaxu12.dll
2011-09-10 21:31:39 50688 -c--a-w- c:\windows\system32\dllcache\umaxscan.dll
2011-09-10 21:31:34 22912 -c--a-w- c:\windows\system32\dllcache\umaxpcls.sys
2011-09-10 21:31:30 50176 -c--a-w- c:\windows\system32\dllcache\umaxp60.dll
2011-09-10 21:31:26 47616 -c--a-w- c:\windows\system32\dllcache\umaxcam.dll
2011-09-10 21:31:21 211968 -c--a-w- c:\windows\system32\dllcache\um54scan.dll
2011-09-10 21:31:16 216064 -c--a-w- c:\windows\system32\dllcache\um34scan.dll
2011-09-10 21:31:12 36736 -c--a-w- c:\windows\system32\dllcache\ultra.sys
2011-09-10 21:31:05 11520 -c--a-w- c:\windows\system32\dllcache\twotrack.sys
2011-09-10 21:30:55 166784 -c--a-w- c:\windows\system32\dllcache\tridxpm.sys
2011-09-10 21:30:51 525568 -c--a-w- c:\windows\system32\dllcache\tridxp.dll
2011-09-10 21:30:46 159232 -c--a-w- c:\windows\system32\dllcache\tridkbm.sys
2011-09-10 21:30:42 440576 -c--a-w- c:\windows\system32\dllcache\tridkb.dll
2011-09-10 21:30:38 222336 -c--a-w- c:\windows\system32\dllcache\trid3dm.sys
2011-09-10 21:30:33 315520 -c--a-w- c:\windows\system32\dllcache\trid3d.dll
2011-09-10 21:30:28 34375 -c--a-w- c:\windows\system32\dllcache\tpro4.sys
2011-09-10 21:30:23 42496 -c--a-w- c:\windows\system32\dllcache\tp4res.dll
2011-09-10 21:30:22 82944 -c--a-w- c:\windows\system32\dllcache\tp4mon.exe
2011-09-10 21:30:18 31744 -c--a-w- c:\windows\system32\dllcache\tp4.dll
2011-09-10 21:30:08 4992 -c--a-w- c:\windows\system32\dllcache\toside.sys
2011-09-10 21:30:04 230912 -c--a-w- c:\windows\system32\dllcache\tosdvd03.sys
2011-09-10 21:29:59 241664 -c--a-w- c:\windows\system32\dllcache\tosdvd02.sys
2011-09-10 21:29:54 28232 -c--a-w- c:\windows\system32\dllcache\tos4mo.sys
2011-09-10 21:29:48 123995 -c--a-w- c:\windows\system32\dllcache\tjisdn.sys
2011-09-10 21:29:40 138528 -c--a-w- c:\windows\system32\dllcache\tgiulnt5.sys
2011-09-10 21:29:36 81408 -c--a-w- c:\windows\system32\dllcache\tgiul50.dll
2011-09-10 21:29:34 149376 -c--a-w- c:\windows\system32\dllcache\tffsport.sys
2011-09-10 21:29:29 17129 -c--a-w- c:\windows\system32\dllcache\tdkcd31.sys
2011-09-10 21:29:24 37961 -c--a-w- c:\windows\system32\dllcache\tdk100b.sys
2011-09-10 21:29:17 30464 -c--a-w- c:\windows\system32\dllcache\tbatm155.sys
2011-09-10 21:29:11 7040 -c--a-w- c:\windows\system32\dllcache\tandqic.sys
2011-09-10 21:29:07 36640 -c--a-w- c:\windows\system32\dllcache\t2r4mini.sys
2011-09-10 21:29:03 172768 -c--a-w- c:\windows\system32\dllcache\t2r4disp.dll
2011-09-10 21:27:57 285760 -c--a-w- c:\windows\system32\dllcache\stlnata.sys
2011-09-10 21:27:53 16896 -c--a-w- c:\windows\system32\dllcache\stcusb.sys
2011-09-10 21:27:46 48736 -c--a-w- c:\windows\system32\dllcache\srwlnd5.sys
2011-09-10 21:27:41 99328 -c--a-w- c:\windows\system32\dllcache\srusd.dll
2011-09-10 21:27:33 24660 -c--a-w- c:\windows\system32\dllcache\spxupchk.dll
2011-09-10 21:27:26 61824 -c--a-w- c:\windows\system32\dllcache\speed.sys
2011-09-10 21:27:22 106584 -c--a-w- c:\windows\system32\dllcache\spdports.dll
2011-09-10 21:27:18 19072 -c--a-w- c:\windows\system32\dllcache\sparrow.sys
2011-09-10 21:27:13 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys
2011-09-10 21:27:09 37040 -c--a-w- c:\windows\system32\dllcache\sonypi.sys
2011-09-10 21:27:05 114688 -c--a-w- c:\windows\system32\dllcache\sonypi.dll
2011-09-10 21:27:01 9600 -c--a-w- c:\windows\system32\dllcache\sonymc.sys
2011-09-10 21:27:00 7552 -c--a-w- c:\windows\system32\dllcache\sonyait.sys
2011-09-10 21:25:56 11136 -c--a-w- c:\windows\system32\dllcache\slip.sys
2011-09-10 21:25:54 63547 -c--a-w- c:\windows\system32\dllcache\sla30nd5.sys
2011-09-10 21:25:50 91294 -c--a-w- c:\windows\system32\dllcache\skfpwin.sys
2011-09-10 21:25:46 94698 -c--a-w- c:\windows\system32\dllcache\sk98xwin.sys
2011-09-10 21:25:42 157696 -c--a-w- c:\windows\system32\dllcache\sisv256.dll
2011-09-10 21:25:38 50432 -c--a-w- c:\windows\system32\dllcache\sisv.sys
2011-09-10 21:25:36 32768 -c--a-w- c:\windows\system32\dllcache\sisnic.sys
2011-09-10 21:25:33 238592 -c--a-w- c:\windows\system32\dllcache\sisgrv.dll
2011-09-10 21:25:29 104064 -c--a-w- c:\windows\system32\dllcache\sisgrp.sys
2011-09-10 21:25:24 150144 -c--a-w- c:\windows\system32\dllcache\sis6306v.dll
2011-09-10 21:25:20 68608 -c--a-w- c:\windows\system32\dllcache\sis6306p.sys
2011-09-10 21:25:16 252032 -c--a-w- c:\windows\system32\dllcache\sis300iv.dll
2011-09-10 21:25:12 101760 -c--a-w- c:\windows\system32\dllcache\sis300ip.sys
2011-09-10 21:23:56 495616 -c--a-w- c:\windows\system32\dllcache\sblfx.dll
2011-09-10 21:22:58 79872 -c--a-w- c:\windows\system32\dllcache\rwia430.dll
2011-09-10 21:22:56 29696 -c--a-w- c:\windows\system32\dllcache\rw450ext.dll
2011-09-10 21:22:55 27648 -c--a-w- c:\windows\system32\dllcache\rw430ext.dll
2011-09-10 21:22:52 20992 -c--a-w- c:\windows\system32\dllcache\rtl8139.sys
2011-09-10 21:22:48 19017 -c--a-w- c:\windows\system32\dllcache\rtl8029.sys
2011-09-10 21:22:44 30720 -c--a-w- c:\windows\system32\dllcache\rthwcls.sys
2011-09-10 21:22:37 9216 -c--a-w- c:\windows\system32\dllcache\rsmgrstr.dll
2011-09-10 21:22:33 3840 -c--a-w- c:\windows\system32\dllcache\rpfun.sys
2011-09-10 21:22:29 79104 -c--a-w- c:\windows\system32\dllcache\rocket.sys
2011-09-10 21:22:24 37563 -c--a-w- c:\windows\system32\dllcache\rlnet5.sys
2011-09-10 21:22:20 86097 -c--a-w- c:\windows\system32\dllcache\reslog32.dll
2011-09-10 21:22:06 19584 -c--a-w- c:\windows\system32\dllcache\rasirda.sys
2011-09-10 21:22:00 714762 -c--a-w- c:\windows\system32\dllcache\r2mdmkxx.sys
2011-09-10 21:20:58 35328 -c--a-w- c:\windows\system32\dllcache\psisload.dll
2011-09-10 21:20:54 16128 -c--a-w- c:\windows\system32\dllcache\pscr.sys
2011-09-10 21:20:49 17664 -c--a-w- c:\windows\system32\dllcache\ppa3.sys
2011-09-10 21:20:45 17792 -c--a-w- c:\windows\system32\dllcache\ppa.sys
2011-09-10 21:20:43 8832 -c--a-w- c:\windows\system32\dllcache\powerfil.sys
2011-09-10 21:20:37 7168 -c--a-w- c:\windows\system32\dllcache\pnrmc.sys
2011-09-10 21:20:26 121344 -c--a-w- c:\windows\system32\dllcache\phvfwext.dll
2011-09-10 21:20:21 19840 -c--a-w- c:\windows\system32\dllcache\philtune.sys
2011-09-10 21:20:17 92416 -c--a-w- c:\windows\system32\dllcache\phildec.sys
2011-09-10 21:20:13 173696 -c--a-w- c:\windows\system32\dllcache\philcam2.sys
2011-09-10 21:20:09 75776 -c--a-w- c:\windows\system32\dllcache\philcam1.sys
2011-09-10 21:20:06 16384 -c--a-w- c:\windows\system32\dllcache\philcam1.dll
2011-09-10 21:20:00 259328 -c--a-w- c:\windows\system32\dllcache\perm3dd.dll
2011-09-10 21:18:59 39424 -c--a-w- c:\windows\system32\dllcache\ovcoms.exe
2011-09-10 21:18:55 20480 -c--a-w- c:\windows\system32\dllcache\ovcomc.dll
2011-09-10 21:18:52 351616 -c--a-w- c:\windows\system32\dllcache\ovcodek2.sys
2011-09-10 21:18:48 116736 -c--a-w- c:\windows\system32\dllcache\ovcodec2.dll
2011-09-10 21:18:44 31872 -c--a-w- c:\windows\system32\dllcache\ovce.sys
2011-09-10 21:18:41 28032 -c--a-w- c:\windows\system32\dllcache\ovcd.sys
2011-09-10 21:18:36 48000 -c--a-w- c:\windows\system32\dllcache\ovcam2.sys
2011-09-10 21:18:33 25088 -c--a-w- c:\windows\system32\dllcache\ovca.sys
2011-09-10 21:18:29 54186 -c--a-w- c:\windows\system32\dllcache\otcsercb.sys
2011-09-10 21:18:25 43689 -c--a-w- c:\windows\system32\dllcache\otceth5.sys
2011-09-10 21:18:21 27209 -c--a-w- c:\windows\system32\dllcache\otc06x5.sys
2011-09-10 21:18:16 54528 -c--a-w- c:\windows\system32\dllcache\opl3sax.sys
2011-09-10 21:18:01 198144 -c--a-w- c:\windows\system32\dllcache\nv3.sys
2011-09-10 21:17:57 123776 -c--a-w- c:\windows\system32\dllcache\nv3.dll
2011-09-10 21:17:46 51552 -c--a-w- c:\windows\system32\dllcache\ntgrip.sys
2011-09-10 21:17:40 9344 -c--a-w- c:\windows\system32\dllcache\ntapm.sys
2011-09-10 21:17:36 7552 -c--a-w- c:\windows\system32\dllcache\nsmmc.sys
2011-09-10 21:17:34 28672 -c--a-w- c:\windows\system32\dllcache\nscirda.sys
2011-09-10 21:17:27 87040 -c--a-w- c:\windows\system32\dllcache\nm6wdm.sys
2011-09-10 21:17:23 126080 -c--a-w- c:\windows\system32\dllcache\nm5a2wdm.sys
2011-09-10 21:17:17 32840 -c--a-w- c:\windows\system32\dllcache\ngrpci.sys
2011-09-10 21:17:15 132695 -c--a-w- c:\windows\system32\dllcache\netwlan5.sys
2011-09-10 21:17:02 65278 -c--a-w- c:\windows\system32\dllcache\netflx3.sys
2011-09-10 21:15:59 19968 -c--a-w- c:\windows\system32\dllcache\mxicfg.dll
2011-09-10 21:15:55 21888 -c--a-w- c:\windows\system32\dllcache\mxcard.sys
2011-09-10 21:15:50 103296 -c--a-w- c:\windows\system32\dllcache\mtxvideo.sys
2011-09-10 21:15:25 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2011-09-10 21:15:24 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys
2011-09-10 21:15:17 12416 -c--a-w- c:\windows\system32\dllcache\msriffwv.sys
2011-09-10 21:15:03 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
2011-09-10 21:15:01 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys
2011-09-10 21:14:39 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2011-09-10 21:14:35 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
2011-09-10 21:14:34 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys
2011-09-10 21:14:19 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys
2011-09-10 21:13:29 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys
2011-09-10 21:13:19 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
2011-09-10 21:13:08 6528 -c--a-w- c:\windows\system32\dllcache\miniqic.sys
2011-09-10 21:11:59 727786 -c--a-w- c:\windows\system32\dllcache\ltck000c.sys
2011-09-10 21:11:54 4992 -c--a-w- c:\windows\system32\dllcache\loop.sys
2011-09-10 21:11:47 70730 -c--a-w- c:\windows\system32\dllcache\lne100tx.sys
2011-09-10 21:11:44 20573 -c--a-w- c:\windows\system32\dllcache\lne100.sys
2011-09-10 21:11:41 25065 -c--a-w- c:\windows\system32\dllcache\lmndis3.sys
2011-09-10 21:11:37 15744 -c--a-w- c:\windows\system32\dllcache\lit220p.sys
2011-09-10 21:11:35 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2011-09-10 21:11:31 26442 -c--a-w- c:\windows\system32\dllcache\lanepic5.sys
2011-09-10 21:11:27 19016 -c--a-w- c:\windows\system32\dllcache\ktc111.sys
2011-09-10 21:11:20 37376 -c--a-w- c:\windows\system32\dllcache\kousd.dll
2011-09-10 21:11:15 48640 -c--a-w- c:\windows\system32\dllcache\kdsui.dll
2011-09-10 21:11:15 253952 -c--a-w- c:\windows\system32\dllcache\kdsusd.dll
2011-09-10 21:09:40 372824 -c--a-w- c:\windows\system32\dllcache\iconf32.dll
2011-09-10 21:08:57 161020 -c--a-w- c:\windows\system32\dllcache\i81xnt5.sys
2011-09-10 21:07:59 289887 -c--a-w- c:\windows\system32\dllcache\hsf_fall.sys
2011-09-10 21:06:59 2688 -c--a-w- c:\windows\system32\dllcache\hidswvd.sys
2011-09-10 21:05:57 444416 -c--a-w- c:\windows\system32\dllcache\fpcibase.sys
2011-09-10 21:04:58 347550 -c--a-w- c:\windows\system32\dllcache\es56tpi.sys
2011-09-10 21:03:58 69692 -c--a-w- c:\windows\system32\dllcache\el575nd5.sys
2011-09-10 21:02:59 31305 -c--a-w- c:\windows\system32\dllcache\disrvpp.dll
2011-09-10 21:01:59 117760 -c--a-w- c:\windows\system32\dllcache\d100ib5.sys
2011-09-10 21:00:56 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2011-09-10 20:59:53 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
2011-09-10 20:40:26 7152464 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5a37d456-4d8f-454c-a813-eaf7213b71be}\mpengine.dll
2011-09-10 20:29:59 26624 -c--a-w- c:\windows\system32\dllcache\ativxbar.sys
2011-09-10 20:28:58 46112 -c--a-w- c:\windows\system32\dllcache\adptsf50.sys
2011-09-10 20:26:40 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2011-09-09 05:58:05 7152464 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2011-09-07 12:11:03 -------- d-----w- c:\program files\Microsoft Security Client
2011-09-02 07:36:34 -------- dcsha-r- C:\cmdcons
2011-09-02 07:33:26 -------- dc----w- C:\ComboFix
2011-09-02 05:40:23 -------- d-----w- c:\documents and settings\missmousie.heather\local settings\application data\Eraser 6
2011-08-31 02:12:16 -------- d-----w- c:\program files\Cedelia
2011-08-31 00:56:50 -------- d-----w- c:\program files\VideoLAN
2011-08-26 05:37:36 -------- d-----w- c:\documents and settings\missmousie.heather\application data\ProgSense
2011-08-26 05:37:14 -------- dc----w- C:\downloads
2011-08-26 05:37:14 -------- d-----w- c:\documents and settings\missmousie.heather\application data\GrabPro
2011-08-26 05:37:04 -------- d-----w- c:\program files\Orbitdownloader
2011-08-25 21:46:38 -------- d-----w- c:\documents and settings\missmousie.heather\application data\DVDFab
2011-08-25 16:35:57 -------- d-----w- c:\documents and settings\missmousie.heather\application data\Exodus
2011-08-25 15:34:45 -------- d-----w- c:\documents and settings\missmousie.heather\application data\Spark
2011-08-25 13:17:17 40960 ----a-w- c:\windows\system32\ChCfg.exe
2011-08-25 13:17:17 135168 ----a-w- c:\windows\system32\RtlCPAPI.dll
2011-08-25 13:16:38 2879488 ----a-w- c:\windows\SkyTel.exe
2011-08-25 13:16:33 -------- d-----w- c:\program files\Realtek
2011-08-25 13:16:24 487424 ----a-w- c:\windows\RtlExUpd.dll
2011-08-25 11:40:43 -------- d-sh--w- c:\documents and settings\missmousie.heather\IECompatCache
2011-08-25 11:28:37 -------- d-----w- c:\windows\system32\RTCOM
2011-08-25 10:38:27 -------- d-----w- c:\documents and settings\missmousie.heather\application data\ElevatedDiagnostics
2011-08-25 09:37:38 60008 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2011-08-25 01:55:58 -------- d-----w- c:\documents and settings\missmousie.heather\local settings\application data\ESET
2011-08-25 01:55:58 -------- d-----w- c:\documents and settings\missmousie.heather\application data\ESET
2011-08-25 00:31:38 663552 ----a-w- c:\windows\system32\NETw5c32.dll
2011-08-25 00:31:38 4221952 ----a-w- c:\windows\system32\drivers\NETw5x32.sys
2011-08-25 00:31:38 2756608 ----a-w- c:\windows\system32\NETw5r32.dll
2011-08-24 23:04:24 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2011-08-24 23:04:24 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2011-08-24 23:04:18 -------- d-----w- c:\program files\VSO
2011-08-24 22:26:43 -------- d-----w- c:\documents and settings\missmousie.heather\local settings\application data\Jaksta_Technologies_Pty_L
2011-08-24 22:26:32 -------- d-----w- c:\documents and settings\missmousie.heather\application data\Replay Media Catcher 4
2011-08-24 21:39:49 28256 ----a-w- c:\windows\system32\drivers\appliand.sys
2011-08-24 21:39:28 -------- d-----w- c:\program files\Applian Technologies
2011-08-24 21:39:04 -------- d-----w- c:\documents and settings\all users\application data\Applian
2011-08-24 21:35:43 -------- d-----w- c:\program files\DVDFab 8
2011-08-24 20:51:22 -------- d-----w- c:\documents and settings\missmousie.heather\local settings\application data\Ares
2011-08-24 20:51:12 -------- d-----w- c:\program files\Ares
2011-08-24 19:30:03 -------- d-----w- c:\documents and settings\missmousie.heather\local settings\application data\Temp
2011-08-24 19:30:03 -------- d-----w- c:\documents and settings\missmousie.heather\local settings\application data\Adobe
2011-08-24 13:56:10 81920 ----a-w- c:\windows\ALCFDRTM.VER
2011-08-24 13:56:09 -------- d-----w- c:\windows\system32\Lang
2011-08-24 11:47:25 -------- d-----w- c:\documents and settings\missmousie.heather\application data\IObit
2011-08-24 11:34:54 -------- d-----w- c:\documents and settings\missmousie.heather\application data\Easeware
2011-08-24 08:20:26 -------- d-sh--w- c:\documents and settings\missmousie.heather\PrivacIE
2011-08-24 07:51:41 -------- d-----w- c:\documents and settings\missmousie.heather\local settings\application data\PCHealth
2011-08-24 07:09:45 -------- d-----w- c:\windows\system32\Adobe
2011-08-24 05:30:02 33104 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll
2011-08-24 05:30:02 32656 ----a-w- c:\windows\system32\msonpmon.dll
2011-08-24 05:16:48 -------- d-----w- c:\windows\SHELLNEW
2011-08-24 04:45:58 -------- d-----w- c:\documents and settings\missmousie.heather\Spark
2011-08-24 04:03:01 -------- d-----w- c:\documents and settings\missmousie.heather\local settings\application data\Mozilla
2011-08-24 03:54:27 -------- d-sh--w- c:\documents and settings\missmousie.heather\IETldCache
2011-08-24 03:36:23 -------- d-----w- c:\documents and settings\missmousie.heather\local settings\application data\Microsoft Help
2011-08-24 03:36:23 -------- d-----w- c:\documents and settings\missmousie.heather\local settings\application data\{3248F0A6-6813-11D6-A77B-00B0D0150070}
2011-08-19 12:29:28 -------- d-----w- c:\program files\common files\AOL
2011-08-19 06:32:20 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-08-19 06:32:20 -------- d-----w- c:\windows\system32\wbem\Repository
2011-08-18 12:39:11 65602 ----a-w- c:\windows\system32\cook3260.dll
2011-08-18 12:39:11 217127 ----a-w- c:\windows\system32\drv43260.dll
2011-08-18 12:39:11 208935 ----a-w- c:\windows\system32\drv33260.dll
2011-08-18 12:39:11 176165 ----a-w- c:\windows\system32\drv23260.dll
2011-08-18 12:39:11 102439 ----a-w- c:\windows\system32\sipr3260.dll
2011-08-16 12:47:50 -------- d-----w- c:\program files\MSECache
2011-08-16 00:37:06 98816 ----a-w- c:\windows\sed.exe
2011-08-16 00:37:06 518144 ----a-w- c:\windows\SWREG.exe
2011-08-16 00:37:06 256000 ----a-w- c:\windows\PEV.exe
2011-08-16 00:37:06 208896 ----a-w- c:\windows\MBR.exe
2011-08-15 06:59:46 -------- dc----w- C:\111ee8ab9c6293740e1d
2011-08-15 05:52:05 -------- d-----w- c:\program files\iobituninstaller
2011-08-15 05:21:22 -------- d--h--w- c:\windows\PIF
2011-08-13 15:55:34 32827 -c--a-w- c:\windows\system32\dllcache\tcptest.exe
2011-08-13 15:55:34 16384 -c--a-w- c:\windows\system32\dllcache\tcptsat.dll
2011-08-13 15:55:12 8704 -c--a-w- c:\windows\system32\dllcache\snmptrap.exe
2011-08-13 15:55:11 6144 -c--a-w- c:\windows\system32\dllcache\snmpmib.dll
2011-08-13 15:55:11 39936 -c--a-w- c:\windows\system32\dllcache\snmpthrd.dll
2011-08-13 15:55:11 358400 -c--a-w- c:\windows\system32\dllcache\snmpincl.dll
2011-08-13 15:55:11 259072 -c--a-w- c:\windows\system32\dllcache\snmpcl.dll
2011-08-13 15:55:11 188416 -c--a-w- c:\windows\system32\dllcache\snmpsmir.dll
2011-08-13 15:55:10 33280 -c--a-w- c:\windows\system32\dllcache\snmp.exe
2011-08-13 15:55:08 236544 -c--a-w- c:\windows\system32\dllcache\smi2smir.exe
2011-08-13 15:55:04 20536 -c--a-w- c:\windows\system32\dllcache\shtml.dll
2011-08-13 15:55:04 16437 -c--a-w- c:\windows\system32\dllcache\shtml.exe
2011-08-13 15:54:52 29184 -c--a-w- c:\windows\system32\dllcache\rw330ext.dll
2011-08-13 15:54:52 27648 -c--a-w- c:\windows\system32\dllcache\rw001ext.dll
2011-08-13 15:54:43 20736 -c--a-w- c:\windows\system32\dllcache\ramdisk.sys
2011-08-13 15:53:37 119808 -c--a-w- c:\windows\system32\dllcache\mtstocom.exe
2011-08-13 15:51:46 7680 -c--a-w- c:\windows\system32\dllcache\migregdb.exe
2011-08-13 15:51:37 22528 -c--a-w- c:\windows\system32\dllcache\lpdsvc.dll
2011-08-13 15:51:37 18944 -c--a-w- c:\windows\system32\dllcache\lprmon.dll
2011-08-13 15:51:34 33792 -c--a-w- c:\windows\system32\dllcache\lmmib2.dll
2011-08-13 15:51:07 7168 -c--a-w- c:\windows\system32\dllcache\kbdibm02.dll
2011-08-13 15:51:07 6656 -c--a-w- c:\windows\system32\dllcache\kbdlk41a.dll
2011-08-13 15:51:07 6144 -c--a-w- c:\windows\system32\dllcache\kbdlk41j.dll
2011-08-13 15:51:07 6144 -c--a-w- c:\windows\system32\dllcache\kbdax2.dll
2011-08-13 15:51:07 6144 -c--a-w- c:\windows\system32\dllcache\kbd106n.dll
2011-08-13 15:51:07 6144 -c--a-w- c:\windows\system32\dllcache\kbd101.dll
2011-08-13 15:49:59 82035 -c--a-w- c:\windows\system32\dllcache\fp4anscp.dll
2011-08-13 15:48:57 20540 -c--a-w- c:\windows\system32\dllcache\admin.dll
2011-08-13 15:48:57 16439 -c--a-w- c:\windows\system32\dllcache\admin.exe
2011-08-13 11:39:50 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2011-08-13 10:37:54 -------- d-----w- C:\sh4ldr
2011-08-13 10:36:30 -------- d-----w- c:\windows\820C0EEB9B124AD5B39DD15ED1DBDD06.TMP
2011-08-13 10:36:24 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2011-08-13 01:46:27 -------- d-----w- c:\windows\IIS Temporary Compressed Files
2011-08-13 01:44:49 9216 -c--a-w- c:\windows\system32\dllcache\wamps51.dll
2011-08-13 01:41:33 1742336 ----a-w- c:\windows\system32\mypixdx.scr
2011-08-13 01:41:32 3343360 ----a-w- c:\windows\system32\nature.scr
2011-08-13 01:41:31 5068800 ----a-w- c:\windows\system32\davinci.scr
2011-08-13 01:41:28 7093760 ----a-w- c:\windows\system32\space.scr
2011-08-13 01:41:26 4396544 ----a-w- c:\windows\system32\wpgldfsh.scr
2011-08-13 01:41:17 -------- d-----w- C:\Inetpub
2011-08-12 22:13:14 2192768 -c--a-w- c:\windows\system32\dllcache\ntoskrnl.exe
2011-08-12 22:04:13 -------- d-----w- c:\program files\MSXML 6.0
2011-08-12 21:02:20 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-08-12 21:02:20 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-08-12 21:02:19 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-08-12 21:02:18 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-08-12 21:02:18 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-08-12 21:02:17 1991680 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-08-12 21:02:11 11081728 -c----w- c:\windows\system32\dllcache\ieframe.dll
2011-08-12 19:53:52 729 --s-a-r- c:\windows\system32\slmgr.vbs
2011-08-12 18:34:14 139264 ----a-w- c:\windows\system32\igfxres.dll
2011-08-12 18:08:58 101376 -c--a-w- c:\windows\system32\dllcache\srusbusd.dll
2011-08-12 18:07:58 229439 -c--a-w- c:\windows\system32\dllcache\multibox.dll
2011-08-12 18:06:57 10129408 -c--a-w- c:\windows\system32\dllcache\hwxkor.dll
2011-08-12 17:53:24 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2011-08-12 17:53:24 16384 ----a-w- c:\program files\internet explorer\connection wizard\isignup.exe
2011-08-12 17:52:47 32768 -c--a-w- c:\windows\system32\dllcache\icwdl.dll
2011-08-12 17:52:47 32768 ----a-w- c:\program files\internet explorer\connection wizard\icwdl.dll
2011-08-12 17:52:46 20480 -c--a-w- c:\windows\system32\dllcache\inetwiz.exe
2011-08-12 17:52:46 20480 ----a-w- c:\program files\internet explorer\connection wizard\inetwiz.exe
2011-08-12 17:35:17 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2011-08-12 17:35:17 24661 ----a-w- c:\windows\system32\spxcoins.dll
2011-08-12 17:35:17 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2011-08-12 17:35:17 13312 ----a-w- c:\windows\system32\irclass.dll
2011-08-12 17:34:58 10559 ----a-r- c:\windows\SETAD.tmp
2011-08-12 17:34:57 22339 ----a-r- c:\windows\SETAC.tmp
2011-08-12 17:34:46 13753 ----a-r- c:\windows\SET69.tmp
2011-08-12 17:34:41 1086058 ----a-r- c:\windows\SET5D.tmp
2011-08-12 17:34:40 106147 ----a-r- c:\windows\SET5C.tmp
2011-08-12 13:39:55 -------- d-----w- c:\windows\system32\NtmsData
.
==================== Find3M ====================
.
2011-09-03 10:17:37 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-08-31 02:01:57 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-24 23:04:41 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2011-07-19 12:05:24 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-19 09:40:05 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36:30 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36:30 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05:13 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: TOSHIBA_MK8032GSX rev.AS111G -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86CCD4C0]<<
_asm { MOV EAX, [ESP+0x4]; MOV ECX, [0x86cd48a4]; PUSH ESI; MOV ESI, [ESP+0xc]; PUSH EDI; MOV EDI, [ESI+0x60]; CMP EAX, [0x86cd4730]; JNZ 0x1f; MOV [ESP+0xc], ECX; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x87147030]
3 CLASSPNP[0xF751EFD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000093[0x871A32F8]
5 ACPI[0xF7395620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x87169940]
\Driver\atapi[0x87034D58] -> IRP_MJ_CREATE -> 0x86CCD4C0
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x86CCD2E0
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 6:24:46.29 ===============

Attached File(s)

attach.txt (16.65K)
Number of downloads: 1
Ark.log (3.04K)
Number of downloads: 0

#2 HelpBot

Bleepin' Binary Bot

Group: Bots
Posts: 5,607
Joined: 05-October 07
Gender:Male

Posted 18 September 2011 - 09:30 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image

In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/418461 <<< CLICK THIS LINK

If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image

If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
- Please do this even if you have previously posted logs for us.
- If you were unable to produce the logs originally please try once more.
- If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
- If you are unsure about any of these characteristics just post what you can and we will guide you.
Please tell us if you have your original Windows CD/DVD available.
Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
- DDS.scr
- DDS.pif
Double click on the DDS icon, allow it to run.
A small box will open, with an explanation about the tool. No input is needed, the scan is running.
Notepad will open with the results.
Follow the instructions that pop up for posting the results.
Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 nasdaq

Forum Addict

Group: Malware Response Team
Posts: 5,053
Joined: 16-June 06
Gender:Male
Location:Montreal, QC. Canada

Posted 18 September 2011 - 09:31 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.

Click on the Start Scan button and wait for the scan and disinfection process to be over.
If an infected file is detected, the default action will be Cure, click on Continue
If a suspicious file is detected, the default action will be Skip, click on Continue
If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

===

Next:

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall
===

Please post the logs and let me know what problem persists.

#4 nasdaq

Forum Addict

Group: Malware Response Team
Posts: 5,053
Joined: 16-June 06
Gender:Male
Location:Montreal, QC. Canada

Posted 19 September 2011 - 07:45 AM

If you again use the PM (Personal Message) add the message in the appropriate box. DO not add it to my contacts. I cannot reply there.

Make sure you use the Add Reply button.

This reply option may be controlled via the Cookies. Make sure you accept cookies.
If you are accepting cookies delete all the cookies associated with this Forum.

#5 orion311976

Member

Group: Members
Posts: 16
Joined: 02-September 11

Posted 23 September 2011 - 07:26 PM

Okay, sorry guys. I really appreciated the help, but the more we got it work'n the more she itched to take it and get on it. Everything seems to be ok now, only problem was her DVD drive and several people had the same problem with that specific drive. Luckly or not for grandma her HP DV6700 had video problems so she donated it to my parts supply, so I used that DVD drive on hers and it seems to be working (Not exactly for sure how long...LOL), but thanks again for the advice and help!!!!!!

#6 nasdaq

Forum Addict

Group: Malware Response Team
Posts: 5,053
Joined: 16-June 06
Gender:Male
Location:Montreal, QC. Canada

Posted 24 September 2011 - 08:53 AM

Thank you for the feed back.

#7 nasdaq

Forum Addict

Group: Malware Response Team
Posts: 5,053
Joined: 16-June 06
Gender:Male
Location:Montreal, QC. Canada

Posted 29 September 2011 - 07:29 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.