Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

b.exe popruck virus/malware


  • This topic is locked This topic is locked
11 replies to this topic

#1 keithl322

keithl322

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:01 AM

Posted 20 October 2009 - 10:39 PM

So I seem to have picked up the virus from a youtube video link :(( anyways, it is redirecting my google links and causing my computer to run insanely slow. I did happen to find another topic(http://www.bleepingcomputer.com/forums/t/261573/i-have-a-virus-that-i-cant-get-rid-of/?p=1445552) and the person had this same virus...so I thought I would just be able to save some time and run the exact same steps as he did...which I did up until the point of having to upload the tatertot.sys file to the Jotti Virus Scanner website, as then I realized I do not have a tatertot.sys file on my PC, and am assuming it is computer specific...Apologies for taking steps in advance before trying to receive help from an HJT member in the forum :(( Thank you in advance for ALL help, and I must say it is pretty amazing that you guys help everyone on here doing this!! Here is my log from ComboFix though...:

ComboFix 09-10-19.01 - Keith 10/19/2009 18:04.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.893.168 [GMT -4:00]
Running from: c:\users\Keith\Desktop\ComboFix.exe
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2012173098-1469914568-2948075190-500
C:\LHT9F44.tmp
C:\LHTA0C.tmp
C:\LHTB737.tmp
C:\LHTE117.tmp
c:\windows\Installer\WMEncoder.msi

Infected copy of c:\windows\system32\cngaudit.dll was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}


((((((((((((((((((((((((( Files Created from 2009-09-19 to 2009-10-19 )))))))))))))))))))))))))))))))
.

2009-10-19 22:15 . 2009-10-19 22:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-19 22:15 . 2009-10-19 22:24 -------- d-----w- c:\users\Keith\AppData\Local\temp
2009-10-19 03:42 . 2009-10-19 04:07 -------- d-----w- C:\$AVG8.VAULT$
2009-10-19 03:40 . 2009-10-19 04:28 -------- d--h--w- c:\windows\PIF
2009-10-19 03:15 . 2009-10-19 03:15 -------- d-----w- c:\users\Keith\AppData\Roaming\Malwarebytes
2009-10-19 03:15 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-19 03:15 . 2009-10-19 04:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-19 03:15 . 2009-10-19 03:15 -------- d-----w- c:\programdata\Malwarebytes
2009-10-19 03:15 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-19 02:36 . 2009-10-19 02:36 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-10-19 02:36 . 2009-10-19 02:36 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-10-19 02:36 . 2009-10-19 21:57 -------- d-----w- c:\windows\system32\drivers\Avg
2009-10-19 02:36 . 2009-10-19 02:36 -------- d-----w- c:\program files\AVG
2009-10-19 02:36 . 2009-10-19 02:36 -------- d-----w- c:\programdata\avg8
2009-10-19 01:19 . 2009-10-19 01:19 -------- d-----w- c:\users\Keith\AppData\Local\Apps
2009-10-18 18:41 . 2009-10-19 04:55 0 ----a-r- c:\windows\win32k.sys
2009-10-15 05:05 . 2009-10-15 05:05 10628032 ----a-w- c:\users\Keith\AppData\Roaming\Azureus\tmp\AZU18200.tmp\Vuze_4.2.0.8b_win32.exe
2009-10-01 01:31 . 2009-10-01 01:31 -------- d-----w- c:\programdata\FLEXnet
2009-09-28 01:53 . 2009-09-28 01:53 -------- d-----w- c:\programdata\NCH Swift Sound
2009-09-28 01:53 . 2009-09-28 01:53 -------- d-----w- c:\users\Keith\AppData\Roaming\NCH Swift Sound
2009-09-28 01:52 . 2009-09-28 01:52 -------- d-----w- c:\program files\NCH Swift Sound
2009-09-27 21:57 . 2009-09-27 21:57 -------- d-----w- c:\program files\WinSCP
2009-09-25 16:41 . 2009-09-25 16:41 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-09-25 16:41 . 2009-09-25 16:41 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-09-25 16:41 . 2009-09-25 16:41 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-09-25 16:41 . 2009-09-25 16:41 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-09-25 16:41 . 2009-09-25 16:41 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-09-25 16:41 . 2009-09-25 16:41 696320 ----a-w- c:\windows\system32\DivX.dll
2009-09-25 03:42 . 2009-05-18 18:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-09-25 03:42 . 2008-04-17 17:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-09-25 03:40 . 2009-09-25 03:40 -------- d-----w- c:\program files\iPod
2009-09-25 03:40 . 2009-09-25 03:42 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-25 03:40 . 2009-09-25 03:42 -------- d-----w- c:\program files\iTunes
2009-09-25 03:21 . 2009-09-25 03:21 -------- d-----w- c:\program files\iPhone Configuration Utility

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-19 03:34 . 2009-07-20 05:33 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-10-19 02:36 . 2008-02-05 21:10 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-10-17 21:11 . 2007-12-22 03:29 -------- d-----w- c:\program files\Warcraft III
2009-10-16 03:36 . 2009-07-20 05:33 -------- d-----w- c:\program files\DivX
2009-10-15 22:06 . 2009-07-30 20:15 -------- d-----w- c:\users\Keith\AppData\Roaming\Azureus
2009-10-09 02:27 . 2009-03-07 04:34 -------- d-----w- c:\users\Keith\AppData\Roaming\FrostWire
2009-09-28 02:05 . 2008-10-21 03:22 -------- d-----w- c:\program files\Curse
2009-09-28 01:59 . 2008-07-29 02:37 -------- d-----w- c:\program files\Common Files\Research in Motion
2009-09-25 04:07 . 2007-12-24 19:49 -------- d-----w- c:\users\Keith\AppData\Roaming\Apple Computer
2009-09-25 03:40 . 2007-12-24 19:36 -------- d-----w- c:\program files\Common Files\Apple
2009-09-25 03:37 . 2009-07-06 01:38 -------- d-----w- c:\program files\QuickTime
2009-09-23 22:57 . 2009-07-12 04:00 680 ----a-w- c:\users\Keith\AppData\Local\d3d9caps.dat
2009-09-17 21:12 . 2007-09-18 23:44 -------- d-----w- c:\programdata\Microsoft Help
2009-09-17 20:13 . 2009-09-17 20:13 249856 ------w- c:\windows\Setup1.exe
2009-09-17 20:13 . 2009-09-17 20:13 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-09-13 00:03 . 2007-12-20 23:04 85464 ----a-w- c:\users\Keith\AppData\Local\GDIPFONTCACHEV1.DAT
2009-09-12 21:05 . 2008-02-21 21:18 -------- d-----w- c:\program files\Common Files\Adobe
2009-09-12 21:05 . 2009-09-12 21:05 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-09-12 20:58 . 2009-09-12 20:59 43528 ------w- c:\windows\system32\drivers\PxHelp20.sys
2009-09-12 20:58 . 2009-09-12 20:59 118520 ------w- c:\windows\system32\pxinsi64.exe
2009-09-12 20:58 . 2009-09-12 20:59 116472 ------w- c:\windows\system32\pxcpyi64.exe
2009-09-12 20:58 . 2009-09-12 20:59 129784 ------w- c:\windows\system32\pxafs.dll
2009-09-10 17:39 . 2009-09-10 17:33 -------- d-----w- c:\program files\Canon
2009-09-10 17:38 . 2009-09-10 17:38 -------- d-----w- c:\program files\Common Files\CANON
2009-09-10 17:37 . 2009-09-10 17:37 -------- d--h--w- c:\programdata\CanonBJ
2009-09-10 17:34 . 2009-09-10 17:34 -------- d--h--w- c:\program files\CanonBJ
2009-09-08 01:24 . 2009-09-08 01:11 -------- d-----w- c:\users\Keith\AppData\Roaming\Move Networks
2009-09-08 01:11 . 2009-09-08 01:11 127872 ----a-w- c:\users\Keith\AppData\Roaming\Move Networks\uninstall.exe
2009-09-08 01:11 . 2009-06-16 06:35 4183416 ----a-w- c:\users\Keith\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
2009-08-28 23:42 . 2009-08-28 23:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-28 23:42 . 2009-08-28 23:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-25 17:27 . 2007-12-22 03:33 59159 ----a-w- c:\windows\War3Unin.dat
2009-08-06 22:00 . 2009-08-06 22:00 4141117 ----a-w- c:\users\Keith\AppData\Roaming\Azureus\plugins\vuzexcode\mediainfo.exe
2009-08-06 22:00 . 2009-08-06 21:59 6516755 ----a-w- c:\users\Keith\AppData\Roaming\Azureus\plugins\vuzexcode\ffmpeg.exe
2009-07-30 20:21 . 2009-07-30 20:19 175 ----a-w- c:\users\Keith\AppData\Roaming\Azureus\restart.bat
2009-07-25 23:42 . 2009-07-25 22:59 256 ----a-w- c:\windows\system32\pool.bin
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-19 2025752]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 411192]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-08-17 185896]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416]
"AT&T Communication Manager"="c:\program files\AT&T\Communication Manager\ATTCM.exe" [2008-12-01 33280]
"NDSTray.exe"="NDSTray.exe" [BU]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-08-03 1826816]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-08-10 4702208]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SecureZIP Attachments Status.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\SecureZIP Attachments Status.lnk
backup=c:\windows\pss\SecureZIP Attachments Status.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiSpywareOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2012173098-1469914568-2948075190-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [10/18/2009 10:36 PM 335240]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [10/18/2009 10:36 PM 297752]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [12/24/2007 3:25 PM 24652]
R3 FwLnk;FwLnk Driver;c:\windows\System32\drivers\FwLnk.sys [8/22/2007 3:53 PM 7168]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\System32\drivers\RTL8187B.sys [6/10/2009 5:52 AM 347648]
S3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files\AT&T\Communication Manager\RcAppSvc.exe [11/20/2008 10:07 PM 113152]
S3 CAATT;AT&T Con App Svc;c:\program files\AT&T\Communication Manager\ConAppsSvc.exe [11/20/2008 10:07 PM 125440]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\System32\drivers\npf.sys [11/6/2007 4:22 PM 34064]
S3 SWNC8U80;Sierra Wireless MUX NDIS Driver (UMTS80);c:\windows\System32\drivers\swnc8u80.sys [8/20/2008 1:35 PM 168192]
S3 SWUMX80;Sierra Wireless USB MUX Driver (UMTS80);c:\windows\System32\drivers\swumx80.sys [8/20/2008 1:36 PM 142976]
S3 sy04bus;SANYO USB Composite Device SY04 driver (WDM);c:\windows\System32\drivers\sy04bus.sys [7/28/2008 10:40 PM 83328]
S3 sy04mdfl;SANYO USB Modem SY04 Filter;c:\windows\System32\drivers\sy04mdfl.sys [7/28/2008 10:40 PM 14848]
S3 sy04mdm;SANYO USB Modem SY04 Drivers;c:\windows\System32\drivers\sy04mdm.sys [7/28/2008 10:40 PM 109824]
S3 sy04serd;SANYO USB Modem SY04 Diagnostic Serial Port (WDM);c:\windows\System32\drivers\sy04serd.sys [7/28/2008 10:40 PM 89856]
S3 uts_bus;UTStarcom USB Composite Device driver (WDM);c:\windows\System32\drivers\uts_bus.sys [3/3/2009 10:15 PM 84352]
S3 uts_mdfl;UTStarcom USB Modem Filter;c:\windows\System32\drivers\uts_mdfl.sys [3/3/2009 10:15 PM 14976]
S3 uts_mdm;UTStarcom USB Modem Drivers;c:\windows\System32\drivers\uts_mdm.sys [3/3/2009 10:15 PM 110848]
S3 uts_serd;UTStarcom USB Diagnostic Serial Port (WDM);c:\windows\System32\drivers\uts_serd.sys [3/3/2009 10:15 PM 90880]
S3 winbondcir;Winbond IR Transceiver;c:\windows\System32\drivers\winbondcir.sys [3/28/2007 10:51 AM 43008]
S3 zteusbser;ZTE USB Device for Legacy Serial Communication;c:\windows\System32\drivers\CT_ZTEMT_U_USBSER.sys [9/1/2008 5:41 PM 104320]
S4 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [9/16/2008 12:03 PM 169312]
S4 CASprint;Sprint Con App Svc;c:\program files\Sprint\Sprint SmartView\ConAppsSvc.exe [6/19/2008 11:58 AM 124184]
.
Contents of the 'Scheduled Tasks' folder

2009-10-19 c:\windows\Tasks\User_Feed_Synchronization-{188E13ED-3146-47F9-881E-45BEB445CCE6}.job
- c:\windows\system32\msfeedssync.exe [2008-03-18 03:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: bmnet.dll
FF - ProfilePath - c:\users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\ovndyyyc.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\users\Keith\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0014\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0015\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0016\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0017\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(748)
c:\windows\system32\bmnet.dll

- - - - - - - > 'Explorer.exe'(3572)
c:\program files\WinSCP\DragExt.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\System32\audiodg.exe
c:\program files\Toshiba\ConfigFree\CFSvcs.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\program files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\System32\TODDSrv.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\combofix\CF29376.exe
c:\program files\AVG\AVG8\avgtray.exe
c:\program files\Toshiba\ConfigFree\NDSTray.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Synaptics\SynTP\SynToshiba.exe
c:\program files\Toshiba\ConfigFree\CFSwMgr.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2009-10-19 18:31 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-19 22:30

Pre-Run: 57,842,290,688 bytes free
Post-Run: 61,109,157,888 bytes free

- - End Of File - - 8DF9B33AD560A3FAB8AE2DFE6CA0FCCB

BC AdBot (Login to Remove)

 


#2 keithl322

keithl322
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:01 AM

Posted 27 October 2009 - 08:16 PM

So, my computer has become infected, I *THINK* I stopped the virus halfway through because I killed the process a little while after it started and deleted some of the registries and files it made, although I still cannot run anti-virus programs.. Here are my Logs....


--------------Win32kDiag.Txt---------------

Running from: C:\Users\Keith\Downloads\Win32kDiag.exe

Log file at : C:\Users\Keith\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\Windows'...



Found mount point : C:\Windows\AppPatch\Custom\Custom

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2DF2.tmp\ZAP2DF2.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP81A.tmp\ZAP81A.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE752.tmp\ZAPE752.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPEEF0.tmp\ZAPEEF0.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Driver Cache\Driver Cache

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ehome\CreateDisc\style\style

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Globalization\Globalization

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Help\Corporate\Corporate

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Help\OEM\OEM

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\000021091A0090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\000021091A0090400000000000F01FEC\12.0.6425\12.0.6425

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109411090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109440090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109440090400000000000F01FEC\12.0.6425\12.0.6425

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109510090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109510090400000000000F01FEC\12.0.6425\12.0.6425

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109511090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109610090400000000000F01FEC\12.0.6425\12.0.6425

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109711090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109810090400000000000F01FEC\12.0.6425\12.0.6425

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109910090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109910090400000000000F01FEC\12.0.6425\12.0.6425

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109A10090400000000000F01FEC\12.0.6425\12.0.6425

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109AB0090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109B10090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109B10090400000000000F01FEC\12.0.6425\12.0.6425

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Microsoft.NET\authman\authman

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\msdownld.tmp\msdownld.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\nap\configuration\configuration

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Options\Install\Install

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Panther\setup.exe\setup.exe

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\PCHEALTH\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\PCHEALTH\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\PIF\PIF

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\PLA\Templates\Templates

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\pss\pss

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\RegisteredPackages\{3695EB93-6443-448D-8E2E-1F6F4FC79BC1}\{3695EB93-6443-448D-8E2E-1F6F4FC79BC1}

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\RegisteredPackages\{89FDAB62-6F46-4C7E-A559-E00B9A0BACB6}\{89FDAB62-6F46-4C7E-A559-E00B9A0BACB6}

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SchCache\SchCache

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\security\templates\templates

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Temporary Internet Files

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\TfsStore\Tfs_DAV\Tfs_DAV

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Bytemobile\Optimization Client\Optimization Client

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Media Center Programs\Media Center Programs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\Certificates

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\Description Documents\Description Documents

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\Cookies

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Recent\Recent

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\Templates

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Desktop\Desktop

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Documents\Documents

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Downloads\Downloads

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Favorites\Favorites

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Links\Links

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Music\Music

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Pictures\Pictures

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Saved Games\Saved Games

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Videos\Videos

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Media Player\Shadow Files Cache\Shadow Files Cache

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows Media Player NSS\3.0\SCPD\SCPD

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Bytemobile\Optimization Client\Optimization Client

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Media Center Programs\Media Center Programs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\Certificates

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Recent\Recent

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\Templates

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Desktop\Desktop

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Documents\Documents

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Downloads\Downloads

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Favorites\Favorites

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Links\Links

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Music\Music

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Pictures\Pictures

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Saved Games\Saved Games

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Videos\Videos

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\PostRebootEventCache\PostRebootEventCache

Mount point destination : \Device\__max++>\^

Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl

[1] 2009-10-25 15:27:07 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl

[1] 2009-10-25 15:26:50 0 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl

[1] 2009-10-25 15:26:56 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl

[1] 2009-10-25 15:26:56 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession.etl

[1] 2009-10-25 15:28:08 0 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession.etl ()



Found mount point : C:\Windows\tracing\tracing

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\winsxs\InstallTemp\InstallTemp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\winsxs\Temp\PendingRenames\PendingRenames

Mount point destination : \Device\__max++>\^



Finished!


-------Log.txt------------------

Volume in drive C is SQ004513V03
Volume Serial Number is 7466-2DF5

Directory of C:\Windows\ERDNT\cache

01/18/2008 11:36 PM 177,152 scecli.dll

Directory of C:\Windows\ERDNT\cache

01/18/2008 11:35 PM 592,384 netlogon.dll
2 File(s) 769,536 bytes

Directory of C:\Windows\System32

01/18/2008 11:36 PM 177,152 scecli.dll

Directory of C:\Windows\System32

01/18/2008 11:35 PM 592,384 netlogon.dll
2 File(s) 769,536 bytes

Directory of C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e

11/02/2006 05:46 AM 176,640 scecli.dll
1 File(s) 176,640 bytes

Directory of C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12

01/18/2008 11:36 PM 177,152 scecli.dll
1 File(s) 177,152 bytes

Directory of C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783

11/02/2006 05:46 AM 559,616 netlogon.dll
1 File(s) 559,616 bytes

Directory of C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857

01/18/2008 11:35 PM 592,384 netlogon.dll
1 File(s) 592,384 bytes





Thanks in advance for ALL help!!!!!

Edited by Orange Blossom, 27 October 2009 - 08:34 PM.
Merged topics. ~ OB


#3 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,648 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:01 AM

Posted 31 October 2009 - 07:01 AM

Hello ,
And :( to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

-------------------------------------------------------------
Please be patient and I'd be grateful if you would note the following
  • The cleaning process is not instant. DDS logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new DDS log
  • GMER log


Please give me some time to review your logs and take the steps necessary with you to get your machine back in working order clean and free of malware.

Thanks and again sorry for the delay
.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#4 keithl322

keithl322
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:01 AM

Posted 04 November 2009 - 12:54 AM

Thanks again for the help!! Here are the Logs


-----------------------------------------DDS.Txt--------------------------------------------


DDS (Ver_09-10-26.01) - NTFSx86
Run by Keith at 23:43:41.24 on Tue 11/03/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.893.399 [GMT -5:00]

SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\system32\lxdncoms.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\Dwm.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Keith\Downloads\dds(2).scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.facebook.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\NPSWF32_FlashUtil.exe -p
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [Skytel] Skytel.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
StartupFolder: c:\users\keith\appdata\roaming\micros~1\windows\startm~1\programs\startup\pdanet~1.lnk - c:\program files\pdanet for iphone\PdaNetPC.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
LSP: bmnet.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B3E32D88-8E7F-468F-B0E2-3A300FD4A82C} - hxxp://myitlab.pearsoned.com/Pegasus/Modules/SIMIntegration/Resources/ax/stub.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
AppInit_DLLs: c:\windows\system32\avgrsstx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\keith\appdata\roaming\mozilla\firefox\profiles\ovndyyyc.default\
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\users\keith\appdata\roaming\move networks\plugins\npqmp071503000010.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-10-18 335240]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-10-18 297752]
R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-12-24 24652]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2007-8-22 7168]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
R3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [2009-10-25 9472]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2009-6-10 347648]
S3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files\at&t\communication manager\RcAppSvc.exe [2008-11-20 113152]
S3 CAATT;AT&T Con App Svc;c:\program files\at&t\communication manager\ConAppsSvc.exe [2008-11-20 125440]
S3 SWNC8U80;Sierra Wireless MUX NDIS Driver (UMTS80);c:\windows\system32\drivers\swnc8u80.sys [2008-8-20 168192]
S3 SWUMX80;Sierra Wireless USB MUX Driver (UMTS80);c:\windows\system32\drivers\swumx80.sys [2008-8-20 142976]
S3 sy04bus;SANYO USB Composite Device SY04 driver (WDM);c:\windows\system32\drivers\sy04bus.sys [2008-7-28 83328]
S3 sy04mdfl;SANYO USB Modem SY04 Filter;c:\windows\system32\drivers\sy04mdfl.sys [2008-7-28 14848]
S3 sy04mdm;SANYO USB Modem SY04 Drivers;c:\windows\system32\drivers\sy04mdm.sys [2008-7-28 109824]
S3 sy04serd;SANYO USB Modem SY04 Diagnostic Serial Port (WDM);c:\windows\system32\drivers\sy04serd.sys [2008-7-28 89856]
S3 uts_bus;UTStarcom USB Composite Device driver (WDM);c:\windows\system32\drivers\uts_bus.sys [2009-3-3 84352]
S3 uts_mdfl;UTStarcom USB Modem Filter;c:\windows\system32\drivers\uts_mdfl.sys [2009-3-3 14976]
S3 uts_mdm;UTStarcom USB Modem Drivers;c:\windows\system32\drivers\uts_mdm.sys [2009-3-3 110848]
S3 uts_serd;UTStarcom USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\uts_serd.sys [2009-3-3 90880]
S3 winbondcir;Winbond IR Transceiver;c:\windows\system32\drivers\winbondcir.sys [2007-3-28 43008]
S3 zteusbser;ZTE USB Device for Legacy Serial Communication;c:\windows\system32\drivers\CT_ZTEMT_U_USBSER.sys [2008-9-1 104320]
S4 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\adobe\photoshop elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 169312]
S4 CASprint;Sprint Con App Svc;c:\program files\sprint\sprint smartview\ConAppsSvc.exe [2008-6-19 124184]

=============== Created Last 30 ================

2009-10-25 18:43:51 9472 ----a-w- c:\windows\system32\drivers\pnetmdm.sys
2009-10-25 18:43:51 0 d-----w- c:\program files\PdaNet for iPhone
2009-10-21 21:45:59 134 ----a-w- c:\windows\system32\LexFiles.ulf
2009-10-21 21:45:59 0 d-----w- c:\programdata\lx_Cats
2009-10-19 22:00:28 98816 ----a-w- c:\windows\sed.exe
2009-10-19 22:00:28 236544 ----a-w- c:\windows\PEV.exe
2009-10-19 22:00:28 161792 ----a-w- c:\windows\SWREG.exe
2009-10-19 03:42:47 0 d-----w- C:\$AVG8.VAULT$
2009-10-19 03:40:47 0 d--h--w- c:\windows\PIF
2009-10-19 03:15:34 0 d-----w- c:\users\keith\appdata\roaming\Malwarebytes
2009-10-19 03:15:29 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-19 03:15:28 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-19 03:15:28 0 d-----w- c:\programdata\Malwarebytes
2009-10-19 03:15:28 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-19 02:49:10 0 d-----w- c:\windows\pss
2009-10-19 02:36:21 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-10-19 02:36:18 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-10-19 02:36:17 0 d-----w- c:\windows\system32\drivers\Avg
2009-10-19 02:36:14 0 d-----w- c:\program files\AVG
2009-10-19 02:36:13 0 d-----w- c:\programdata\avg8
2009-10-18 18:41:18 0 ----a-r- c:\windows\win32k.sys

==================== Find3M ====================

2009-10-25 18:44:28 86016 ----a-w- c:\windows\inf\infpub.dat
2009-10-25 18:44:28 239616 ----a-w- c:\windows\inf\infstrng.dat
2009-10-25 18:44:26 143360 ----a-w- c:\windows\inf\infstor.dat
2009-09-25 16:41:26 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-09-25 16:41:26 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-09-25 16:41:26 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-09-25 16:41:26 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-09-25 16:41:26 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-09-25 16:41:26 696320 ----a-w- c:\windows\system32\DivX.dll
2009-09-17 20:13:32 249856 ------w- c:\windows\Setup1.exe
2009-09-17 20:13:24 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-09-12 20:58:30 43528 ------w- c:\windows\system32\drivers\PxHelp20.sys
2009-09-12 20:58:30 129784 ------w- c:\windows\system32\pxafs.dll
2009-09-12 20:58:30 118520 ------w- c:\windows\system32\pxinsi64.exe
2009-09-12 20:58:30 116472 ------w- c:\windows\system32\pxcpyi64.exe
2009-08-28 23:42:52 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-25 17:27:20 59159 ----a-w- c:\windows\War3Unin.dat
2009-08-13 17:08:14 320168 ----a-w- c:\windows\system32\lxdnih.exe
2009-08-13 17:08:12 594600 ----a-w- c:\windows\system32\lxdncoms.exe
2009-08-13 17:08:12 365224 ----a-w- c:\windows\system32\lxdncfg.exe
2008-06-18 20:42:14 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-03-18 23:41:14 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 23:45:37.45 ===============











------------------------------------------Log.Txt---------------------------------------------






Volume in drive C is SQ004513V03
Volume Serial Number is 7466-2DF5

Directory of C:\Windows\ERDNT\cache

01/18/2008 11:36 PM 177,152 scecli.dll

Directory of C:\Windows\ERDNT\cache

01/18/2008 11:35 PM 592,384 netlogon.dll
2 File(s) 769,536 bytes

Directory of C:\Windows\System32

01/18/2008 11:36 PM 177,152 scecli.dll

Directory of C:\Windows\System32

01/18/2008 11:35 PM 592,384 netlogon.dll
2 File(s) 769,536 bytes

Directory of C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e

11/02/2006 05:46 AM 176,640 scecli.dll
1 File(s) 176,640 bytes

Directory of C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12

01/18/2008 11:36 PM 177,152 scecli.dll
1 File(s) 177,152 bytes

Directory of C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783

11/02/2006 05:46 AM 559,616 netlogon.dll
1 File(s) 559,616 bytes

Directory of C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857

01/18/2008 11:35 PM 592,384 netlogon.dll
1 File(s) 592,384 bytes











----------------------------------------------Gmer.log-------------------------------------------




GMER 1.0.15.15163 - http://www.gmer.net
Rootkit scan 2009-11-04 00:41:59
Windows 6.0.6001 Service Pack 1
Running: eg83bj4u.exe; Driver: C:\Users\Keith\AppData\Local\Temp\pflyqpog.sys


---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[1152] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [749E7BA4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1152] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74A298C5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1152] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [749ED3C8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1152] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [749DF527] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1152] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [749E7599] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1152] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [749DE43D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1152] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74A1B33D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1152] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [749ED68A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1152] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [749E012E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1152] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [749E0095] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1152] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [749D71F3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1152] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [74A6D802] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1152] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [74A075E1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1152] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [749DDAE1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1152] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [749D668F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1152] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [749D66BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1152] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [749E1E45] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib@Last Counter 5136
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib@Last Help 5137

---- EOF - GMER 1.0.15 ----

#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,648 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:01 AM

Posted 04 November 2009 - 10:11 AM

Hello keithl322,

Please note: ComboFix is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert." It is NOT for unsupervised use. Please read Combofix's Disclaimer.

Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.


Please save this file to your desktop. Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.
"%userprofile%\desktop\win32kdiag.exe" -f -r


We need to scan the system with this special tool:

* Please download and save:

Junction.zip

* Unzip it and place Junction.exe in the Windows directory (C:\Windows).
* Go to Start => Run... => Copy and paste the following command in the Run box and click OK:

cmd /c junction -s c:\ >log.txt&log.txt& del log.txt

A command window opens starting to scan the system. Wait until a log file opens. Copy and paste the log in your next reply.

In your next reply, please include the following:
  • Win32kDiag.txt
  • Junction log

Edited by elise025, 04 November 2009 - 03:12 PM.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#6 keithl322

keithl322
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:01 AM

Posted 04 November 2009 - 07:46 PM

Here is the Win32K Log, when I try and run junction through the command in run, a window opens, and then immediately closes and no text document opens!


----------------------------Win32KDiag--------------------------------


Running from: C:\Users\Keith\Desktop\win32kdiag.exe

Log file at : C:\Users\Keith\Desktop\Win32kDiag.txt

Removing all found mount points.

Attempting to reset file permissions.

WARNING: Could not get backup privileges!

Searching 'C:\Windows'...



Found mount point : C:\Windows\AppPatch\Custom\Custom

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\AppPatch\Custom\Custom

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2DF2.tmp\ZAP2DF2.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2DF2.tmp\ZAP2DF2.tmp

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP81A.tmp\ZAP81A.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP81A.tmp\ZAP81A.tmp

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE752.tmp\ZAPE752.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE752.tmp\ZAPE752.tmp

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPEEF0.tmp\ZAPEEF0.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPEEF0.tmp\ZAPEEF0.tmp

Found mount point : C:\Windows\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\assembly\temp\temp

Found mount point : C:\Windows\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\assembly\tmp\tmp

Found mount point : C:\Windows\Driver Cache\Driver Cache

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Driver Cache\Driver Cache

Found mount point : C:\Windows\ehome\CreateDisc\style\style

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ehome\CreateDisc\style\style

Found mount point : C:\Windows\Globalization\Globalization

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Globalization\Globalization

Found mount point : C:\Windows\Help\Corporate\Corporate

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Help\Corporate\Corporate

Found mount point : C:\Windows\Help\OEM\OEM

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Help\OEM\OEM

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\000021091A0090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Installer\$PatchCache$\Managed\000021091A0090400000000000F01FEC\12.0.4518\12.0.4518

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\000021091A0090400000000000F01FEC\12.0.6425\12.0.6425

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Installer\$PatchCache$\Managed\000021091A0090400000000000F01FEC\12.0.6425\12.0.6425

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109411090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109411090400000000000F01FEC\12.0.4518\12.0.4518

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109440090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109440090400000000000F01FEC\12.0.4518\12.0.4518

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109440090400000000000F01FEC\12.0.6425\12.0.6425

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109440090400000000000F01FEC\12.0.6425\12.0.6425

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109510090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109510090400000000000F01FEC\12.0.4518\12.0.4518

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109510090400000000000F01FEC\12.0.6425\12.0.6425

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109510090400000000000F01FEC\12.0.6425\12.0.6425

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109511090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109511090400000000000F01FEC\12.0.4518\12.0.4518

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109610090400000000000F01FEC\12.0.6425\12.0.6425

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109610090400000000000F01FEC\12.0.6425\12.0.6425

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109711090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109711090400000000000F01FEC\12.0.4518\12.0.4518

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109810090400000000000F01FEC\12.0.6425\12.0.6425

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109810090400000000000F01FEC\12.0.6425\12.0.6425

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109910090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109910090400000000000F01FEC\12.0.4518\12.0.4518

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109910090400000000000F01FEC\12.0.6425\12.0.6425

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109910090400000000000F01FEC\12.0.6425\12.0.6425

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109A10090400000000000F01FEC\12.0.6425\12.0.6425

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109A10090400000000000F01FEC\12.0.6425\12.0.6425

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109AB0090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109AB0090400000000000F01FEC\12.0.4518\12.0.4518

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109B10090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109B10090400000000000F01FEC\12.0.4518\12.0.4518

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109B10090400000000000F01FEC\12.0.6425\12.0.6425

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109B10090400000000000F01FEC\12.0.6425\12.0.6425

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0

Found mount point : C:\Windows\Microsoft.NET\authman\authman

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Microsoft.NET\authman\authman

Found mount point : C:\Windows\msdownld.tmp\msdownld.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\msdownld.tmp\msdownld.tmp

Found mount point : C:\Windows\nap\configuration\configuration

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\nap\configuration\configuration

Found mount point : C:\Windows\Options\Install\Install

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Options\Install\Install

Found mount point : C:\Windows\Panther\setup.exe\setup.exe

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Panther\setup.exe\setup.exe

Found mount point : C:\Windows\PCHEALTH\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\PCHEALTH\ERRORREP\QHEADLES\QHEADLES

Found mount point : C:\Windows\PCHEALTH\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\PCHEALTH\ERRORREP\QSIGNOFF\QSIGNOFF

Found mount point : C:\Windows\PIF\PIF

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\PIF\PIF

Found mount point : C:\Windows\PLA\Templates\Templates

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\PLA\Templates\Templates

Found mount point : C:\Windows\pss\pss

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\pss\pss

Found mount point : C:\Windows\RegisteredPackages\{3695EB93-6443-448D-8E2E-1F6F4FC79BC1}\{3695EB93-6443-448D-8E2E-1F6F4FC79BC1}

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\RegisteredPackages\{3695EB93-6443-448D-8E2E-1F6F4FC79BC1}\{3695EB93-6443-448D-8E2E-1F6F4FC79BC1}

Found mount point : C:\Windows\RegisteredPackages\{89FDAB62-6F46-4C7E-A559-E00B9A0BACB6}\{89FDAB62-6F46-4C7E-A559-E00B9A0BACB6}

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\RegisteredPackages\{89FDAB62-6F46-4C7E-A559-E00B9A0BACB6}\{89FDAB62-6F46-4C7E-A559-E00B9A0BACB6}

Found mount point : C:\Windows\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Registration\CRMLog\CRMLog

Found mount point : C:\Windows\SchCache\SchCache

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SchCache\SchCache

Found mount point : C:\Windows\security\templates\templates

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\security\templates\templates

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Temporary Internet Files

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Temporary Internet Files

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\TfsStore\Tfs_DAV\Tfs_DAV

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\TfsStore\Tfs_DAV\Tfs_DAV

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Bytemobile\Optimization Client\Optimization Client

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Bytemobile\Optimization Client\Optimization Client

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Media Center Programs\Media Center Programs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Media Center Programs\Media Center Programs

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\Certificates

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\Certificates

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLs

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\Description Documents\Description Documents

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\Description Documents\Description Documents

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\Cookies

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\Cookies

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Recent\Recent

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Recent\Recent

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\Templates

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\Templates

Found mount point : C:\Windows\ServiceProfiles\LocalService\Desktop\Desktop

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\Desktop\Desktop

Found mount point : C:\Windows\ServiceProfiles\LocalService\Documents\Documents

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\Documents\Documents

Found mount point : C:\Windows\ServiceProfiles\LocalService\Downloads\Downloads

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\Downloads\Downloads

Found mount point : C:\Windows\ServiceProfiles\LocalService\Favorites\Favorites

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\Favorites\Favorites

Found mount point : C:\Windows\ServiceProfiles\LocalService\Links\Links

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\Links\Links

Found mount point : C:\Windows\ServiceProfiles\LocalService\Music\Music

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\Music\Music

Found mount point : C:\Windows\ServiceProfiles\LocalService\Pictures\Pictures

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\Pictures\Pictures

Found mount point : C:\Windows\ServiceProfiles\LocalService\Saved Games\Saved Games

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\Saved Games\Saved Games

Found mount point : C:\Windows\ServiceProfiles\LocalService\Videos\Videos

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\Videos\Videos

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Media Player\Shadow Files Cache\Shadow Files Cache

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Media Player\Shadow Files Cache\Shadow Files Cache

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows Media Player NSS\3.0\SCPD\SCPD

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows Media Player NSS\3.0\SCPD\SCPD

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Bytemobile\Optimization Client\Optimization Client

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Bytemobile\Optimization Client\Optimization Client

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Media Center Programs\Media Center Programs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Media Center Programs\Media Center Programs

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\Certificates

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\Certificates

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLs

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Recent\Recent

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Recent\Recent

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\Templates

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\Templates

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Desktop\Desktop

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\Desktop\Desktop

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Documents\Documents

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\Documents\Documents

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Downloads\Downloads

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\Downloads\Downloads

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Favorites\Favorites

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\Favorites\Favorites

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Links\Links

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\Links\Links

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Music\Music

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\Music\Music

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Pictures\Pictures

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\Pictures\Pictures

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Saved Games\Saved Games

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\Saved Games\Saved Games

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Videos\Videos

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\Videos\Videos

Found mount point : C:\Windows\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Found mount point : C:\Windows\SoftwareDistribution\PostRebootEventCache\PostRebootEventCache

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\PostRebootEventCache\PostRebootEventCache

Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl

Attempting to restore permissions of : C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl

[1] 2009-11-04 00:45:11 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl ()

#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,648 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:01 AM

Posted 05 November 2009 - 02:51 AM

Hello keithl322,

We need to run an updated copy of Combofix. Please make sure you delete your old copy!

COMBOFIX
---------------
Please download ComboFix from one of these locations:Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.


MALWAREBYTES ANTIMALWARE
-------------------------------------------
Please start MBAM and update it first.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.


In your next reply, please include the following:
  • Combofix.txt
  • MBAM log
  • A description of any remaining problems

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,648 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:01 AM

Posted 08 November 2009 - 03:12 AM

Hello, are you still there?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#9 keithl322

keithl322
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:01 AM

Posted 09 November 2009 - 07:09 PM

Yes, sorry I have been quite busy recently. Here are the logs I got back, and everything seems to be back to normal although my computer seems a little slower to load now, might jsut be from the registry having so much junk in it?...


-------------------------Combofix.txt--------------------------------------------
ComboFix 09-11-05.05 - Keith 11/06/2009 19:22.2.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.893.285 [GMT -5:00]
Running from: c:\users\Keith\Downloads\ComboFix.exe
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2009-10-07 to 2009-11-07 )))))))))))))))))))))))))))))))
.

2009-11-07 00:33 . 2009-11-07 00:33 -------- d-----w- c:\users\Keith\AppData\Local\temp
2009-11-07 00:33 . 2009-11-07 00:33 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-11-07 00:33 . 2009-11-07 00:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-11-05 21:00 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-11-05 21:00 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-11-05 21:00 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-11-05 21:00 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-11-05 20:59 . 2009-08-07 00:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-11-05 20:59 . 2009-08-06 23:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-11-05 00:40 . 2007-07-24 20:58 95616 ----a-w- c:\windows\junction.exe
2009-11-03 14:42 . 2009-10-19 02:36 3510552 ----a-w- c:\programdata\avg8\update\backup\avgui.exe
2009-10-29 04:14 . 2009-10-29 04:14 10628032 ----a-w- c:\users\Keith\AppData\Roaming\Azureus\tmp\AZU63955.tmp\Vuze_4.2.0.8b_win32.exe
2009-10-25 18:43 . 2009-10-25 18:43 4096 d-----w- c:\program files\PdaNet for iPhone
2009-10-25 18:43 . 2006-09-28 19:32 9472 ----a-w- c:\windows\system32\drivers\pnetmdm.sys
2009-10-22 12:59 . 2009-10-22 12:58 2064152 ----a-w- c:\programdata\avg8\update\backup\avgcorex.dll
2009-10-21 21:45 . 2009-10-21 21:46 -------- d-----w- c:\programdata\lx_Cats
2009-10-19 21:56 . 2009-10-19 21:54 2025752 ----a-w- c:\programdata\avg8\update\backup\avgtray.exe
2009-10-19 21:54 . 2009-10-19 02:36 1142552 ----a-w- c:\programdata\avg8\update\backup\avgupd.exe
2009-10-19 03:42 . 2009-10-19 04:07 -------- d-----w- C:\$AVG8.VAULT$
2009-10-19 03:40 . 2009-11-05 00:39 -------- d--h--w- c:\windows\PIF
2009-10-19 03:15 . 2009-10-19 03:15 -------- d-----w- c:\users\Keith\AppData\Roaming\Malwarebytes
2009-10-19 03:15 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-19 03:15 . 2009-10-19 04:10 4096 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-19 03:15 . 2009-10-19 03:15 -------- d-----w- c:\programdata\Malwarebytes
2009-10-19 03:15 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-19 02:36 . 2009-10-19 02:36 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-10-19 02:36 . 2009-10-19 02:36 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-10-19 02:36 . 2009-11-06 23:51 4096 d-----w- c:\windows\system32\drivers\Avg
2009-10-19 02:36 . 2009-10-19 02:36 -------- d-----w- c:\program files\AVG
2009-10-19 02:36 . 2009-10-19 02:36 4096 d-----w- c:\programdata\avg8
2009-10-19 01:19 . 2009-10-19 01:19 -------- d-----w- c:\users\Keith\AppData\Local\Apps
2009-10-18 18:41 . 2009-10-19 04:55 0 ----a-r- c:\windows\win32k.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-05 02:33 . 2009-03-07 04:34 8192 d-----w- c:\users\Keith\AppData\Roaming\FrostWire
2009-10-29 22:54 . 2007-12-22 03:29 16384 d-----w- c:\program files\Warcraft III
2009-10-29 20:07 . 2009-07-30 20:15 16384 d-----w- c:\users\Keith\AppData\Roaming\Azureus
2009-10-19 03:34 . 2009-07-20 05:33 4096 d-----w- c:\program files\Common Files\DivX Shared
2009-10-19 02:36 . 2008-02-05 21:10 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-10-16 03:36 . 2009-07-20 05:33 4096 d-----w- c:\program files\DivX
2009-10-01 01:31 . 2009-10-01 01:31 -------- d-----w- c:\programdata\FLEXnet
2009-09-28 02:05 . 2008-10-21 03:22 4096 d-----w- c:\program files\Curse
2009-09-28 01:59 . 2008-07-29 02:37 4096 d-----w- c:\program files\Common Files\Research in Motion
2009-09-28 01:53 . 2009-09-28 01:53 -------- d-----w- c:\programdata\NCH Swift Sound
2009-09-28 01:53 . 2009-09-28 01:53 -------- d-----w- c:\users\Keith\AppData\Roaming\NCH Swift Sound
2009-09-28 01:52 . 2009-09-28 01:52 -------- d-----w- c:\program files\NCH Swift Sound
2009-09-27 21:57 . 2009-09-27 21:57 4096 d-----w- c:\program files\WinSCP
2009-09-25 16:41 . 2009-09-25 16:41 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-09-25 16:41 . 2009-09-25 16:41 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-09-25 16:41 . 2009-09-25 16:41 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-09-25 16:41 . 2009-09-25 16:41 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-09-25 16:41 . 2009-09-25 16:41 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-09-25 16:41 . 2009-09-25 16:41 696320 ----a-w- c:\windows\system32\DivX.dll
2009-09-25 04:07 . 2007-12-24 19:49 4096 d-----w- c:\users\Keith\AppData\Roaming\Apple Computer
2009-09-25 03:42 . 2009-09-25 03:40 4096 d-----w- c:\program files\iTunes
2009-09-25 03:42 . 2009-09-25 03:40 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-25 03:40 . 2009-09-25 03:40 -------- d-----w- c:\program files\iPod
2009-09-25 03:40 . 2007-12-24 19:36 -------- d-----w- c:\program files\Common Files\Apple
2009-09-25 03:37 . 2009-07-06 01:38 4096 d-----w- c:\program files\QuickTime
2009-09-25 03:25 . 2009-09-25 03:25 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.1.8\SetupAdmin.exe
2009-09-25 03:21 . 2009-09-25 03:21 8192 d-----w- c:\program files\iPhone Configuration Utility
2009-09-23 22:57 . 2009-07-12 04:00 680 ----a-w- c:\users\Keith\AppData\Local\d3d9caps.dat
2009-09-17 21:12 . 2007-09-18 23:44 8192 d-----w- c:\programdata\Microsoft Help
2009-09-17 20:13 . 2009-09-17 20:13 249856 ------w- c:\windows\Setup1.exe
2009-09-17 20:13 . 2009-09-17 20:13 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-09-13 00:03 . 2007-12-20 23:04 85464 ----a-w- c:\users\Keith\AppData\Local\GDIPFONTCACHEV1.DAT
2009-09-12 21:05 . 2008-02-21 21:18 4096 d-----w- c:\program files\Common Files\Adobe
2009-09-12 21:05 . 2009-09-12 21:05 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-09-12 21:01 . 2009-09-12 21:01 4096 d-----w- c:\windows\Fonts\Fonts
2009-09-12 20:58 . 2009-09-12 20:59 43528 ------w- c:\windows\system32\drivers\PxHelp20.sys
2009-09-12 20:58 . 2009-09-12 20:59 118520 ------w- c:\windows\system32\pxinsi64.exe
2009-09-12 20:58 . 2009-09-12 20:59 116472 ------w- c:\windows\system32\pxcpyi64.exe
2009-09-12 20:58 . 2009-09-12 20:59 129784 ------w- c:\windows\system32\pxafs.dll
2009-09-10 17:39 . 2009-09-10 17:33 -------- d-----w- c:\program files\Canon
2009-09-10 17:38 . 2009-09-10 17:38 -------- d-----w- c:\program files\Common Files\CANON
2009-09-10 17:37 . 2009-09-10 17:37 -------- d--h--w- c:\programdata\CanonBJ
2009-09-10 17:34 . 2009-09-10 17:34 -------- d--h--w- c:\program files\CanonBJ
2009-09-08 01:24 . 2009-09-08 01:11 4096 d-----w- c:\users\Keith\AppData\Roaming\Move Networks
2009-09-08 01:11 . 2009-09-08 01:11 127872 ----a-w- c:\users\Keith\AppData\Roaming\Move Networks\uninstall.exe
2009-09-08 01:11 . 2009-06-16 06:35 4183416 ----a-w- c:\users\Keith\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
2009-08-28 23:42 . 2009-08-28 23:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-28 23:42 . 2009-08-28 23:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-25 17:27 . 2007-12-22 03:33 59159 ----a-w- c:\windows\War3Unin.dat
2009-08-13 17:08 . 2009-08-13 17:08 320168 ----a-w- c:\windows\system32\lxdnih.exe
2009-08-13 17:08 . 2009-08-13 17:08 594600 ----a-w- c:\windows\system32\lxdncoms.exe
2009-08-13 17:08 . 2009-08-13 17:08 365224 ----a-w- c:\windows\system32\lxdncfg.exe
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-10-19_22.24.27 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-05 21:00 . 2009-08-07 02:24 44768 c:\windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.4.7600.226_none_e979223d5b9c821b\wups2.dll
+ 2009-11-05 21:00 . 2009-08-07 02:24 53472 c:\windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.4.7600.226_none_e979223d5b9c821b\wuauclt.exe
+ 2009-11-05 20:59 . 2009-08-06 23:44 33792 c:\windows\winsxs\x86_microsoft-windows-w..pdateclient-activex_31bf3856ad364e35_7.4.7600.226_none_79951cca15140d1a\wuapp.exe
+ 2009-11-05 20:59 . 2009-08-07 02:24 35552 c:\windows\winsxs\x86_microsoft-windows-w..owsupdateclient-aux_31bf3856ad364e35_7.4.7600.226_none_cf8a5c896f5cdb1e\wups.dll
+ 2009-11-05 20:59 . 2009-08-07 01:44 87552 c:\windows\winsxs\x86_microsoft-windows-w..owsupdateclient-aux_31bf3856ad364e35_7.4.7600.226_none_cf8a5c896f5cdb1e\wudriver.dll
+ 2007-10-02 18:51 . 2007-10-02 18:51 69632 c:\windows\twain_32\Lexmark\2600 Series\lxdncnv4.dll
+ 2007-11-05 10:32 . 2007-11-05 10:32 77906 c:\windows\twain_32\Lexmark\2600 Series\lxdncfg.dll
+ 2009-05-14 17:46 . 2009-05-14 17:46 81920 c:\windows\twain_32\Lexmark\2600 Series\lxdncaps.dll
+ 2008-03-18 22:49 . 2006-11-02 05:46 89088 c:\windows\System32\wiafbdrv.dll
+ 2007-08-22 20:40 . 2009-11-04 05:47 56806 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-11-04 05:47 79604 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2007-12-22 05:10 . 2009-10-25 19:30 12214 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2012173098-1469914568-2948075190-1000_UserData.bin
+ 2007-11-21 11:02 . 2007-11-21 11:02 57344 c:\windows\System32\spool\drivers\w32x86\3\lxdnwbgc.dll
+ 2009-08-13 17:08 . 2009-08-13 17:08 82600 c:\windows\System32\spool\drivers\w32x86\3\lxdnview.exe
+ 2009-08-13 17:08 . 2009-08-13 17:08 82600 c:\windows\System32\spool\drivers\w32x86\3\lxdnupld.exe
+ 2009-07-14 13:10 . 2009-07-14 13:10 90112 c:\windows\System32\spool\drivers\w32x86\3\lxdnupdr.dll
+ 2009-07-14 13:06 . 2009-07-14 13:06 65536 c:\windows\System32\spool\drivers\w32x86\3\lxdnupd.dll
+ 2009-08-13 17:08 . 2009-08-13 17:08 82600 c:\windows\System32\spool\drivers\w32x86\3\lxdntime.exe
+ 2009-04-28 13:58 . 2009-04-28 13:58 98304 c:\windows\System32\spool\drivers\w32x86\3\lxdntime.dll
+ 2009-08-13 17:08 . 2009-08-13 17:08 98984 c:\windows\System32\spool\drivers\w32x86\3\lxdnserv.exe
+ 2009-07-14 13:10 . 2009-07-14 13:10 36864 c:\windows\System32\spool\drivers\w32x86\3\lxdncur.dll
+ 2009-07-14 13:08 . 2009-07-14 13:08 90112 c:\windows\System32\spool\drivers\w32x86\3\lxdncub.dll
+ 2009-07-14 13:06 . 2009-07-14 13:06 77824 c:\windows\System32\spool\drivers\w32x86\3\lxdncu.dll
+ 2007-11-05 10:32 . 2007-11-05 10:32 77906 c:\windows\System32\spool\drivers\w32x86\3\lxdncfg.dll
+ 2007-03-26 11:39 . 2007-03-26 11:39 73728 c:\windows\System32\spool\drivers\w32x86\3\lxdncats.dll
+ 2007-07-06 18:41 . 2007-07-06 18:41 45056 c:\windows\System32\spool\drivers\w32x86\3\lxdnbubl.dll
+ 2008-03-31 23:47 . 2008-03-31 23:47 40960 c:\windows\System32\lxdnvs.dll
+ 2007-11-28 19:10 . 2007-11-28 19:10 53248 c:\windows\System32\lxdnprox.dll
+ 2009-07-14 13:10 . 2009-07-14 13:10 36864 c:\windows\System32\lxdncur.dll
+ 2009-07-14 13:08 . 2009-07-14 13:08 90112 c:\windows\System32\lxdncub.dll
+ 2009-07-14 13:06 . 2009-07-14 13:06 77824 c:\windows\System32\lxdncu.dll
+ 2007-10-02 18:51 . 2007-10-02 18:51 69632 c:\windows\System32\lxdncnv4.dll
+ 2007-11-05 10:32 . 2007-11-05 10:32 77906 c:\windows\System32\lxdncfg.dll
+ 2009-05-14 17:46 . 2009-05-14 17:46 81920 c:\windows\System32\lxdncaps.dll
+ 2007-10-02 18:51 . 2007-10-02 18:51 69632 c:\windows\System32\DriverStore\FileRepository\lxdnscan.inf_2aeaadd6\i386\lxdncnv4.dll
+ 2007-11-05 10:32 . 2007-11-05 10:32 77906 c:\windows\System32\DriverStore\FileRepository\lxdnscan.inf_2aeaadd6\i386\lxdncfg.dll
+ 2009-05-14 17:46 . 2009-05-14 17:46 81920 c:\windows\System32\DriverStore\FileRepository\lxdnscan.inf_2aeaadd6\i386\lxdncaps.dll
+ 2009-05-13 13:13 . 2009-05-13 13:13 90112 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\turkish\lxdnupdr.dll
+ 2009-05-13 13:12 . 2009-05-13 13:12 36864 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\turkish\lxdncur.dll
+ 2009-05-13 13:11 . 2009-05-13 13:11 90112 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\swedish\lxdnupdr.dll
+ 2009-05-13 13:11 . 2009-05-13 13:11 36864 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\swedish\lxdncur.dll
+ 2009-05-13 13:10 . 2009-05-13 13:10 90112 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\spanish\lxdnupdr.dll
+ 2009-05-13 13:10 . 2009-05-13 13:10 36864 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\spanish\lxdncur.dll
+ 2009-05-13 13:08 . 2009-05-13 13:08 90112 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\russian\lxdnupdr.dll
+ 2009-05-13 13:08 . 2009-05-13 13:08 36864 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\russian\lxdncur.dll
+ 2009-05-13 13:05 . 2009-05-13 13:05 90112 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\portibrn\lxdnupdr.dll
+ 2009-05-13 13:05 . 2009-05-13 13:05 36864 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\portibrn\lxdncur.dll
+ 2009-05-13 13:07 . 2009-05-13 13:07 90112 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\portbrzl\lxdnupdr.dll
+ 2009-05-13 13:06 . 2009-05-13 13:06 36864 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\portbrzl\lxdncur.dll
+ 2009-05-13 13:04 . 2009-05-13 13:04 90112 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\polish\lxdnupdr.dll
+ 2009-05-13 13:04 . 2009-05-13 13:04 36864 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\polish\lxdncur.dll
+ 2009-05-13 13:02 . 2009-05-13 13:02 90112 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\norwegan\lxdnupdr.dll
+ 2009-05-13 13:02 . 2009-05-13 13:02 36864 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\norwegan\lxdncur.dll
+ 2007-11-21 11:02 . 2007-11-21 11:02 57344 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\lxdnwbgc.dll
+ 2008-03-31 23:47 . 2008-03-31 23:47 40960 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\lxdnvs.dll
+ 2009-08-13 17:08 . 2009-08-13 17:08 82600 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\lxdnview.exe
+ 2009-08-13 17:08 . 2009-08-13 17:08 82600 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\lxdnupld.exe
+ 2009-07-14 13:06 . 2009-07-14 13:06 65536 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\lxdnupd.dll
+ 2009-08-13 17:08 . 2009-08-13 17:08 82600 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\lxdntime.exe
+ 2009-04-28 13:58 . 2009-04-28 13:58 98304 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\lxdntime.dll
+ 2009-08-13 17:08 . 2009-08-13 17:08 98984 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\lxdnserv.exe
+ 2007-11-28 19:10 . 2007-11-28 19:10 53248 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\lxdnprox.dll
+ 2009-07-14 13:08 . 2009-07-14 13:08 90112 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\lxdncub.dll
+ 2009-07-14 13:06 . 2009-07-14 13:06 77824 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\lxdncu.dll
+ 2007-11-05 10:32 . 2007-11-05 10:32 77906 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\lxdncfg.dll
+ 2007-03-26 11:39 . 2007-03-26 11:39 73728 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\lxdncats.dll
+ 2007-07-06 18:41 . 2007-07-06 18:41 45056 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\lxdnbubl.dll
+ 2009-05-13 13:00 . 2009-05-13 13:00 86016 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\korean\lxdnupdr.dll
+ 2009-05-13 13:00 . 2009-05-13 13:00 90112 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\korean\lxdninsr.dll
+ 2009-05-13 13:00 . 2009-05-13 13:00 32768 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\korean\lxdncur.dll
+ 2009-05-13 12:59 . 2009-05-13 12:59 86016 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\japanese\lxdnupdr.dll
+ 2009-05-13 12:59 . 2009-05-13 12:59 90112 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\japanese\lxdninsr.dll
+ 2009-05-13 12:59 . 2009-05-13 12:59 32768 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\japanese\lxdncur.dll
+ 2009-05-13 12:57 . 2009-05-13 12:57 90112 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\italian\lxdnupdr.dll
+ 2009-05-13 12:57 . 2009-05-13 12:57 36864 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\italian\lxdncur.dll
+ 2009-05-13 12:56 . 2009-05-13 12:56 90112 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\hungaran\lxdnupdr.dll
+ 2009-05-13 12:56 . 2009-05-13 12:56 36864 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\hungaran\lxdncur.dll
+ 2009-05-13 12:54 . 2009-05-13 12:54 90112 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\hebrew\lxdnupdr.dll
+ 2009-05-13 12:54 . 2009-05-13 12:54 36864 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\hebrew\lxdncur.dll
+ 2009-05-13 12:53 . 2009-05-13 12:53 94208 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\greek\lxdnupdr.dll
+ 2009-05-13 12:53 . 2009-05-13 12:53 36864 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\greek\lxdncur.dll
+ 2009-05-13 12:51 . 2009-05-13 12:51 90112 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\german\lxdnupdr.dll
+ 2009-05-13 12:51 . 2009-05-13 12:51 36864 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\german\lxdncur.dll
+ 2009-05-13 12:50 . 2009-05-13 12:50 90112 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\french\lxdnupdr.dll
+ 2009-05-13 12:50 . 2009-05-13 12:50 36864 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\french\lxdncur.dll
+ 2009-05-13 12:49 . 2009-05-13 12:49 90112 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\finnish\lxdnupdr.dll
+ 2009-05-13 12:49 . 2009-05-13 12:49 36864 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\finnish\lxdncur.dll
+ 2009-07-14 13:10 . 2009-07-14 13:10 90112 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\english\lxdnupdr.dll
+ 2009-07-14 13:10 . 2009-07-14 13:10 36864 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\english\lxdncur.dll
+ 2009-05-13 12:47 . 2009-05-13 12:47 90112 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\dutch\lxdnupdr.dll
+ 2009-05-13 12:47 . 2009-05-13 12:47 36864 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\dutch\lxdncur.dll
+ 2009-05-13 12:46 . 2009-05-13 12:46 90112 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\danish\lxdnupdr.dll
+ 2009-05-13 12:46 . 2009-05-13 12:46 36864 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\danish\lxdncur.dll
+ 2009-05-13 12:44 . 2009-05-13 12:44 90112 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\czech\lxdnupdr.dll
+ 2009-05-13 12:44 . 2009-05-13 12:44 36864 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\czech\lxdncur.dll
+ 2009-05-13 12:43 . 2009-05-13 12:43 86016 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\chi_trad\lxdnupdr.dll
+ 2009-05-13 12:43 . 2009-05-13 12:43 94208 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\chi_trad\lxdnpswr.dll
+ 2009-05-13 12:43 . 2009-05-13 12:43 86016 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\chi_trad\lxdninsr.dll
+ 2009-05-13 12:43 . 2009-05-13 12:43 32768 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\chi_trad\lxdncur.dll
+ 2009-05-13 12:41 . 2009-05-13 12:41 86016 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\chi_simp\lxdnupdr.dll
+ 2009-05-13 12:41 . 2009-05-13 12:41 94208 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\chi_simp\lxdnpswr.dll
+ 2009-05-13 12:41 . 2009-05-13 12:41 86016 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\chi_simp\lxdninsr.dll
+ 2009-05-13 12:41 . 2009-05-13 12:41 32768 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\chi_simp\lxdncur.dll
+ 2009-05-13 12:40 . 2009-05-13 12:40 90112 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\arabic\lxdnupdr.dll
+ 2009-05-13 12:40 . 2009-05-13 12:40 36864 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\arabic\lxdncur.dll
+ 2008-03-18 22:48 . 2008-01-19 02:14 35328 c:\windows\System32\drivers\usbscan.sys
- 2007-12-20 22:59 . 2009-10-19 04:43 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-12-20 22:59 . 2009-11-05 21:01 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-12-20 22:59 . 2009-10-19 04:43 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-12-20 22:59 . 2009-11-05 21:01 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-12-20 22:59 . 2009-10-19 04:43 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2007-12-20 22:59 . 2009-11-05 21:01 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-08-07 00:23 . 2009-08-07 00:23 73288 c:\windows\SoftwareDistribution\SelfUpdate\Handler\WuSetupV.exe
- 2006-11-02 10:25 . 2009-09-28 02:00 86016 c:\windows\inf\infpub.dat
+ 2006-11-02 10:25 . 2009-10-25 18:44 86016 c:\windows\inf\infpub.dat
+ 2007-12-22 05:02 . 2009-10-25 18:53 7176 c:\windows\System32\WDI\ERCQueuedResolutions.dat
- 2007-12-22 05:02 . 2009-10-07 22:27 7176 c:\windows\System32\WDI\ERCQueuedResolutions.dat
+ 2009-10-25 18:43 . 2006-09-28 19:32 9472 c:\windows\System32\DriverStore\FileRepository\pnetmdm.inf_4ecf6f28\pnetmdm.sys
+ 2009-11-04 05:45 . 2009-11-04 05:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-10-19 22:22 . 2009-10-19 22:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-10-19 22:22 . 2009-10-19 22:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-11-04 05:45 . 2009-11-04 05:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-11-05 20:59 . 2009-08-07 00:23 171608 c:\windows\winsxs\x86_microsoft-windows-w..pdateclient-activex_31bf3856ad364e35_7.4.7600.226_none_79951cca15140d1a\wuwebv.dll
+ 2009-11-05 20:59 . 2009-08-07 02:23 575704 c:\windows\winsxs\x86_microsoft-windows-w..owsupdateclient-aux_31bf3856ad364e35_7.4.7600.226_none_cf8a5c896f5cdb1e\wuapi.dll
+ 2008-05-28 17:41 . 2008-05-28 17:41 520192 c:\windows\twain_32\Lexmark\2600 Series\lxdnTWUI.dll
+ 2008-05-28 17:26 . 2008-05-28 17:26 311296 c:\windows\twain_32\Lexmark\2600 Series\lxdnTwPro.dll
+ 2007-10-12 22:24 . 2007-10-12 22:24 364544 c:\windows\twain_32\Lexmark\2600 Series\lxdnIPTK.dll
+ 2009-07-23 23:49 . 2009-07-23 23:49 782336 c:\windows\twain_32\Lexmark\2600 Series\lxdndrs.dll
+ 2008-01-13 20:08 . 2009-11-03 08:35 315058 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2007-12-21 01:33 . 2009-11-04 18:51 362726 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-10-21 21:45 . 2009-08-13 16:02 147968 c:\windows\System32\spool\prtprocs\w32x86\lxdndrpp.dll
+ 2009-06-17 18:20 . 2009-06-17 18:20 122880 c:\windows\System32\spool\drivers\w32x86\3\lxdnxmlu.dll
+ 2009-08-13 17:08 . 2009-08-13 17:08 139944 c:\windows\System32\spool\drivers\w32x86\3\lxdnwbgw.exe
+ 2008-04-01 17:34 . 2008-04-01 17:34 343086 c:\windows\System32\spool\drivers\w32x86\3\lxdnwavs.exe
+ 2009-07-14 13:03 . 2009-07-14 13:03 540672 c:\windows\System32\spool\drivers\w32x86\3\lxdnutil.dll
+ 2007-11-21 11:02 . 2007-11-21 11:02 114688 c:\windows\System32\spool\drivers\w32x86\3\lxdnuplr.dll
+ 2009-07-14 13:09 . 2009-07-14 13:09 126976 c:\windows\System32\spool\drivers\w32x86\3\lxdnupdb.dll
+ 2009-04-28 13:58 . 2009-04-28 13:58 364544 c:\windows\System32\spool\drivers\w32x86\3\lxdnuldr.dll
+ 2008-04-01 17:34 . 2008-04-01 17:34 253952 c:\windows\System32\spool\drivers\w32x86\3\lxdnsk0.dll
+ 2009-04-28 13:58 . 2009-04-28 13:58 327680 c:\windows\System32\spool\drivers\w32x86\3\lxdnretv.dll
+ 2009-05-27 12:58 . 2009-05-27 12:58 811008 c:\windows\System32\spool\drivers\w32x86\3\lxdnptpc.dll
+ 2009-08-13 17:08 . 2009-08-13 17:08 750248 c:\windows\System32\spool\drivers\w32x86\3\lxdnpswx.exe
+ 2009-07-14 13:10 . 2009-07-14 13:10 139264 c:\windows\System32\spool\drivers\w32x86\3\lxdnpswr.dll
+ 2009-07-14 13:05 . 2009-07-14 13:05 692224 c:\windows\System32\spool\drivers\w32x86\3\lxdnpsw.dll
+ 2009-07-14 13:10 . 2009-07-14 13:10 155648 c:\windows\System32\spool\drivers\w32x86\3\lxdnprpr.dll
+ 2009-07-14 13:06 . 2009-07-14 13:06 933888 c:\windows\System32\spool\drivers\w32x86\3\lxdnprp.dll
+ 2009-07-14 11:23 . 2009-07-14 11:23 548864 c:\windows\System32\spool\drivers\w32x86\3\lxdnppx.dll
+ 2009-07-14 13:10 . 2009-07-14 13:10 237568 c:\windows\System32\spool\drivers\w32x86\3\lxdnlpar.dll
+ 2006-12-07 07:28 . 2006-12-07 07:28 126976 c:\windows\System32\spool\drivers\w32x86\3\lxdnlnks.dll
+ 2009-08-13 17:08 . 2009-08-13 17:08 705192 c:\windows\System32\spool\drivers\w32x86\3\lxdnjswx.exe
+ 2009-07-14 13:10 . 2009-07-14 13:10 147456 c:\windows\System32\spool\drivers\w32x86\3\lxdnjswr.dll
+ 2009-07-14 13:08 . 2009-07-14 13:08 688128 c:\windows\System32\spool\drivers\w32x86\3\lxdnjswb.dll
+ 2009-07-14 13:05 . 2009-07-14 13:05 192512 c:\windows\System32\spool\drivers\w32x86\3\lxdnjsw.dll
+ 2009-07-14 13:10 . 2009-07-14 13:10 106496 c:\windows\System32\spool\drivers\w32x86\3\lxdninsr.dll
+ 2009-07-14 13:08 . 2009-07-14 13:08 200704 c:\windows\System32\spool\drivers\w32x86\3\lxdninsb.dll
+ 2009-07-14 13:06 . 2009-07-14 13:06 176128 c:\windows\System32\spool\drivers\w32x86\3\lxdnins.dll
+ 2007-01-08 18:33 . 2007-01-08 18:33 253952 c:\windows\System32\spool\drivers\w32x86\3\lxdnibuf.dll
+ 2007-11-28 19:09 . 2007-11-28 19:09 438272 c:\windows\System32\spool\drivers\w32x86\3\lxdnhcp.dll
+ 2008-04-01 17:34 . 2008-04-01 17:34 983121 c:\windows\System32\spool\drivers\w32x86\3\lxdngf.dll
+ 2007-08-14 07:01 . 2007-08-14 07:01 434176 c:\windows\System32\spool\drivers\w32x86\3\lxdnedf.dll
+ 2009-08-13 16:03 . 2009-08-13 16:03 162304 c:\windows\System32\spool\drivers\w32x86\3\lxdndrui.dll
+ 2009-08-13 16:02 . 2009-08-13 16:02 230400 c:\windows\System32\spool\drivers\w32x86\3\lxdndr.dll
+ 2007-05-29 11:39 . 2007-05-29 11:39 589824 c:\windows\System32\spool\drivers\w32x86\3\lxdndatr.dll
+ 2009-07-14 11:24 . 2009-07-14 11:24 335872 c:\windows\System32\spool\drivers\w32x86\3\lxdncomx.dll
+ 2009-08-13 17:08 . 2009-08-13 17:08 115848 c:\windows\System32\spool\drivers\w32x86\3\lxdncfgx.exe
- 2006-11-02 10:33 . 2009-09-15 04:16 595684 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-11-05 15:50 595684 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-11-05 15:50 101350 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2009-09-15 04:16 101350 c:\windows\System32\perfc009.dat
+ 2009-07-14 13:03 . 2009-07-14 13:03 540672 c:\windows\System32\lxdnutil.dll
+ 2007-11-28 19:12 . 2007-11-28 19:12 843776 c:\windows\System32\lxdnusb1.dll
+ 2007-11-28 19:19 . 2007-11-28 19:19 647168 c:\windows\System32\lxdnpmui.dll
+ 2007-11-28 19:13 . 2007-11-28 19:13 569344 c:\windows\System32\lxdnlmpm.dll
+ 2009-07-14 13:10 . 2009-07-14 13:10 147456 c:\windows\System32\lxdnjswr.dll
+ 2009-07-14 13:10 . 2009-07-14 13:10 106496 c:\windows\System32\lxdninsr.dll
+ 2009-07-14 13:08 . 2009-07-14 13:08 200704 c:\windows\System32\lxdninsb.dll
+ 2009-07-14 13:06 . 2009-07-14 13:06 176128 c:\windows\System32\lxdnins.dll
+ 2007-11-28 19:09 . 2007-11-28 19:09 364544 c:\windows\System32\lxdninpa.dll
+ 2007-11-28 19:13 . 2007-11-28 19:13 339968 c:\windows\System32\lxdniesc.dll
+ 2007-11-28 19:12 . 2007-11-28 19:12 663552 c:\windows\System32\lxdnhbn3.dll
+ 2009-07-14 13:02 . 2009-07-14 13:02 208896 c:\windows\System32\lxdngrd.dll
+ 2008-04-01 17:34 . 2008-04-01 17:34 983121 c:\windows\System32\lxdngf.dll
+ 2009-07-23 23:49 . 2009-07-23 23:49 782336 c:\windows\System32\lxdndrs.dll
+ 2007-11-28 19:13 . 2007-11-28 19:13 376832 c:\windows\System32\lxdncomm.dll
+ 2007-11-28 19:11 . 2007-11-28 19:11 851968 c:\windows\System32\lxdncomc.dll
+ 2009-07-02 21:47 . 2009-07-02 21:47 385024 c:\windows\System32\lxdncoin.dll
+ 2008-05-28 17:49 . 2008-05-28 17:49 524288 c:\windows\System32\DriverStore\FileRepository\lxdnscan.inf_2aeaadd6\Turkish\lxdnTWUI.dll
+ 2008-05-28 17:50 . 2008-05-28 17:50 524288 c:\windows\System32\DriverStore\FileRepository\lxdnscan.inf_2aeaadd6\Swedish\lxdnTWUI.dll
+ 2008-05-28 17:48 . 2008-05-28 17:48 524288 c:\windows\System32\DriverStore\FileRepository\lxdnscan.inf_2aeaadd6\Spanish\lxdnTWUI.dll
+ 2008-05-28 17:48 . 2008-05-28 17:48 524288 c:\windows\System32\DriverStore\FileRepository\lxdnscan.inf_2aeaadd6\Russian\lxdnTWUI.dll
+ 2008-05-28 17:47 . 2008-05-28 17:47 524288 c:\windows\System32\DriverStore\FileRepository\lxdnscan.inf_2aeaadd6\Portibrn\lxdnTWUI.dll
+ 2008-05-28 17:47 . 2008-05-28 17:47 524288 c:\windows\System32\DriverStore\FileRepository\lxdnscan.inf_2aeaadd6\PortBrzl\lxdnTWUI.dll
+ 2008-05-28 17:46 . 2008-05-28 17:46 524288 c:\windows\System32\DriverStore\FileRepository\lxdnscan.inf_2aeaadd6\Polish\lxdnTWUI.dll
+ 2008-05-28 17:46 . 2008-05-28 17:46 524288 c:\windows\System32\DriverStore\FileRepository\lxdnscan.inf_2aeaadd6\Norwegan\lxdnTWUI.dll
+ 2008-05-28 17:26 . 2008-05-28 17:26 311296 c:\windows\System32\DriverStore\FileRepository\lxdnscan.inf_2aeaadd6\lxdnTwPro.dll
+ 2007-10-12 22:24 . 2007-10-12 22:24 364544 c:\windows\System32\DriverStore\FileRepository\lxdnscan.inf_2aeaadd6\lxdnIPTK.dll
+ 2008-05-28 17:45 . 2008-05-28 17:45 520192 c:\windows\System32\DriverStore\FileRepository\lxdnscan.inf_2aeaadd6\Korean\lxdnTWUI.dll
+ 2008-05-28 17:45 . 2008-05-28 17:45 520192 c:\windows\System32\DriverStore\FileRepository\lxdnscan.inf_2aeaadd6\Japanese\lxdnTWUI.dll
+ 2008-05-28 17:44 . 2008-05-28 17:44 524288 c:\windows\System32\DriverStore\FileRepository\lxdnscan.inf_2aeaadd6\Italian\lxdnTWUI.dll
+ 2009-07-23 23:49 . 2009-07-23 23:49 782336 c:\windows\System32\DriverStore\FileRepository\lxdnscan.inf_2aeaadd6\i386\lxdndrs.dll
+ 2008-05-28 17:44 . 2008-05-28 17:44 524288 c:\windows\System32\DriverStore\FileRepository\lxdnscan.inf_2aeaadd6\Hungaran\lxdnTWUI.dll
+ 2008-05-28 17:43 . 2008-05-28 17:43 520192 c:\windows\System32\DriverStore\FileRepository\lxdnscan.inf_2aeaadd6\Hebrew\lxdnTWUI.dll
+ 2008-05-28 17:43 . 2008-05-28 17:43 524288 c:\windows\System32\DriverStore\FileRepository\lxdnscan.inf_2aeaadd6\Greek\lxdnTWUI.dll
+ 2008-05-28 17:43 . 2008-05-28 17:43 524288 c:\windows\System32\DriverStore\FileRepository\lxdnscan.inf_2aeaadd6\German\lxdnTWUI.dll
+ 2008-05-28 17:42 . 2008-05-28 17:42 524288 c:\windows\System32\DriverStore\FileRepository\lxdnscan.inf_2aeaadd6\French\lxdnTWUI.dll
+ 2008-05-28 17:42 . 2008-05-28 17:42 524288 c:\windows\System32\DriverStore\FileRepository\lxdnscan.inf_2aeaadd6\Finnish\lxdnTWUI.dll
+ 2008-05-28 17:41 . 2008-05-28 17:41 520192 c:\windows\System32\DriverStore\FileRepository\lxdnscan.inf_2aeaadd6\English\lxdnTWUI.dll
+ 2008-05-28 17:41 . 2008-05-28 17:41 524288 c:\windows\System32\DriverStore\FileRepository\lxdnscan.inf_2aeaadd6\Dutch\lxdnTWUI.dll
+ 2008-05-28 17:40 . 2008-05-28 17:40 524288 c:\windows\System32\DriverStore\FileRepository\lxdnscan.inf_2aeaadd6\Danish\lxdnTWUI.dll
+ 2008-05-28 17:40 . 2008-05-28 17:40 524288 c:\windows\System32\DriverStore\FileRepository\lxdnscan.inf_2aeaadd6\Czech\lxdnTWUI.dll
+ 2008-05-28 17:39 . 2008-05-28 17:39 516096 c:\windows\System32\DriverStore\FileRepository\lxdnscan.inf_2aeaadd6\Chi_Trad\lxdnTWUI.dll
+ 2008-05-28 17:39 . 2008-05-28 17:39 516096 c:\windows\System32\DriverStore\FileRepository\lxdnscan.inf_2aeaadd6\Chi_Simp\lxdnTWUI.dll
+ 2008-05-28 17:38 . 2008-05-28 17:38 524288 c:\windows\System32\DriverStore\FileRepository\lxdnscan.inf_2aeaadd6\Arabic\lxdnTWUI.dll
+ 2009-05-13 13:12 . 2009-05-13 13:12 143360 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\turkish\lxdnpswr.dll
+ 2009-05-13 13:12 . 2009-05-13 13:12 155648 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\turkish\lxdnprpr.dll
+ 2009-05-13 13:12 . 2009-05-13 13:12 245760 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\turkish\lxdnlpar.dll
+ 2009-05-13 13:12 . 2009-05-13 13:12 147456 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\turkish\lxdnjswr.dll
+ 2009-05-13 13:12 . 2009-05-13 13:12 106496 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\turkish\lxdninsr.dll
+ 2009-05-13 12:38 . 2009-05-13 12:38 208896 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\turkish\lxdngrd.dll
+ 2009-05-13 13:11 . 2009-05-13 13:11 143360 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\swedish\lxdnpswr.dll
+ 2009-05-13 13:11 . 2009-05-13 13:11 155648 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\swedish\lxdnprpr.dll
+ 2009-05-13 13:11 . 2009-05-13 13:11 241664 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\swedish\lxdnlpar.dll
+ 2009-05-13 13:11 . 2009-05-13 13:11 147456 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\swedish\lxdnjswr.dll
+ 2009-05-13 13:11 . 2009-05-13 13:11 106496 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\swedish\lxdninsr.dll
+ 2009-05-13 12:38 . 2009-05-13 12:38 208896 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\swedish\lxdngrd.dll
+ 2009-05-13 13:09 . 2009-05-13 13:09 155648 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\spanish\lxdnpswr.dll
+ 2009-05-13 13:09 . 2009-05-13 13:09 163840 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\spanish\lxdnprpr.dll
+ 2009-05-13 13:09 . 2009-05-13 13:09 258048 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\spanish\lxdnlpar.dll
+ 2009-05-13 13:09 . 2009-05-13 13:09 147456 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\spanish\lxdnjswr.dll
+ 2009-05-13 13:10 . 2009-05-13 13:10 110592 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\spanish\lxdninsr.dll
+ 2009-05-13 12:38 . 2009-05-13 12:38 208896 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\spanish\lxdngrd.dll
+ 2009-05-13 13:08 . 2009-05-13 13:08 147456 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\russian\lxdnpswr.dll
+ 2009-05-13 13:08 . 2009-05-13 13:08 163840 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\russian\lxdnprpr.dll
+ 2009-05-13 13:08 . 2009-05-13 13:08 249856 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\russian\lxdnlpar.dll
+ 2009-05-13 13:08 . 2009-05-13 13:08 147456 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\russian\lxdnjswr.dll
+ 2009-05-13 13:08 . 2009-05-13 13:08 106496 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\russian\lxdninsr.dll
+ 2009-05-13 12:38 . 2009-05-13 12:38 208896 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\russian\lxdngrd.dll
+ 2009-05-13 13:05 . 2009-05-13 13:05 151552 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\portibrn\lxdnpswr.dll
+ 2009-05-13 13:05 . 2009-05-13 13:05 163840 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\portibrn\lxdnprpr.dll
+ 2009-05-13 13:05 . 2009-05-13 13:05 253952 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\portibrn\lxdnlpar.dll
+ 2009-05-13 13:05 . 2009-05-13 13:05 147456 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\portibrn\lxdnjswr.dll
+ 2009-05-13 13:05 . 2009-05-13 13:05 110592 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\portibrn\lxdninsr.dll
+ 2009-05-13 12:38 . 2009-05-13 12:38 208896 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\portibrn\lxdngrd.dll
+ 2009-05-13 13:06 . 2009-05-13 13:06 151552 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\portbrzl\lxdnpswr.dll
+ 2009-05-13 13:06 . 2009-05-13 13:06 163840 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\portbrzl\lxdnprpr.dll
+ 2009-05-13 13:06 . 2009-05-13 13:06 253952 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\portbrzl\lxdnlpar.dll
+ 2009-05-13 13:06 . 2009-05-13 13:06 147456 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\portbrzl\lxdnjswr.dll
+ 2009-05-13 13:07 . 2009-05-13 13:07 110592 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\portbrzl\lxdninsr.dll
+ 2009-05-13 12:38 . 2009-05-13 12:38 208896 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\portbrzl\lxdngrd.dll
+ 2009-05-13 13:03 . 2009-05-13 13:03 151552 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\polish\lxdnpswr.dll
+ 2009-05-13 13:03 . 2009-05-13 13:03 163840 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\polish\lxdnprpr.dll
+ 2009-05-13 13:03 . 2009-05-13 13:03 249856 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\polish\lxdnlpar.dll
+ 2009-05-13 13:03 . 2009-05-13 13:03 147456 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\polish\lxdnjswr.dll
+ 2009-05-13 13:04 . 2009-05-13 13:04 110592 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\polish\lxdninsr.dll
+ 2009-05-13 12:38 . 2009-05-13 12:38 208896 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\polish\lxdngrd.dll
+ 2009-05-13 13:02 . 2009-05-13 13:02 139264 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\norwegan\lxdnpswr.dll
+ 2009-05-13 13:02 . 2009-05-13 13:02 155648 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\norwegan\lxdnprpr.dll
+ 2009-05-13 13:02 . 2009-05-13 13:02 241664 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\norwegan\lxdnlpar.dll
+ 2009-05-13 13:02 . 2009-05-13 13:02 147456 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\norwegan\lxdnjswr.dll
+ 2009-05-13 13:02 . 2009-05-13 13:02 106496 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\norwegan\lxdninsr.dll
+ 2009-05-13 12:37 . 2009-05-13 12:37 208896 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\norwegan\lxdngrd.dll
+ 2009-06-17 18:20 . 2009-06-17 18:20 122880 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\lxdnxmlu.dll
+ 2009-08-13 17:08 . 2009-08-13 17:08 139944 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\lxdnwbgw.exe
+ 2009-07-14 13:03 . 2009-07-14 13:03 540672 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\lxdnutil.dll
+ 2007-11-28 19:12 . 2007-11-28 19:12 843776 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\lxdnusb1.dll
+ 2007-11-21 11:02 . 2007-11-21 11:02 114688 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\lxdnuplr.dll
+ 2009-07-14 13:09 . 2009-07-14 13:09 126976 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\lxdnupdb.dll
+ 2009-04-28 13:58 . 2009-04-28 13:58 364544 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\lxdnuldr.dll
+ 2009-04-28 13:58 . 2009-04-28 13:58 327680 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\lxdnretv.dll
+ 2009-05-27 12:58 . 2009-05-27 12:58 811008 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\lxdnptpc.dll
+ 2009-08-13 17:08 . 2009-08-13 17:08 750248 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\lxdnpswx.exe
+ 2009-07-14 13:05 . 2009-07-14 13:05 692224 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\lxdnpsw.dll
+ 2009-07-14 13:06 . 2009-07-14 13:06 933888 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\lxdnprp.dll
+ 2009-07-14 11:23 . 2009-07-14 11:23 548864 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\lxdnppx.dll
+ 2007-11-28 19:19 . 2007-11-28 19:19 647168 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\lxdnpmui.dll
+ 2006-12-07 07:28 . 2006-12-07 07:28 126976 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\lxdnlnks.dll
+ 2007-11-28 19:13 . 2007-11-28 19:13 569344 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\lxdnlmpm.dll
+ 2009-08-13 17:08 . 2009-08-13 17:08 705192 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\lxdnjswx.exe
+ 2009-07-14 13:08 . 2009-07-14 13:08 688128 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\lxdnjswb.dll
+ 2009-07-14 13:05 . 2009-07-14 13:05 192512 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\lxdnjsw.dll
+ 2009-07-14 13:08 . 2009-07-14 13:08 200704 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\lxdninsb.dll
+ 2009-07-14 13:06 . 2009-07-14 13:06 176128 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\lxdnins.dll
+ 2007-11-28 19:09 . 2007-11-28 19:09 364544 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\lxdninpa.dll
+ 2009-08-13 17:08 . 2009-08-13 17:08 320168 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\lxdnih.exe
+ 2007-11-28 19:13 . 2007-11-28 19:13 339968 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\lxdniesc.dll
+ 2007-01-08 18:33 . 2007-01-08 18:33 253952 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\lxdnibuf.dll
+ 2007-11-28 19:09 . 2007-11-28 19:09 438272 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\lxdnhcp.dll
+ 2007-11-28 19:12 . 2007-11-28 19:12 663552 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\lxdnhbn3.dll
+ 2008-04-01 17:34 . 2008-04-01 17:34 983121 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\lxdngf.dll
+ 2007-08-14 07:01 . 2007-08-14 07:01 434176 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\lxdnedf.dll
+ 2009-08-13 16:03 . 2009-08-13 16:03 162304 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\lxdndrui.dll
+ 2009-08-13 16:02 . 2009-08-13 16:02 147968 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\lxdndrpp.dll
+ 2009-08-13 16:02 . 2009-08-13 16:02 230400 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\lxdndr.dll
+ 2007-05-29 11:39 . 2007-05-29 11:39 589824 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\lxdndatr.dll
+ 2009-07-14 11:24 . 2009-07-14 11:24 335872 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\lxdncomx.dll
+ 2009-08-13 17:08 . 2009-08-13 17:08 594600 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\lxdncoms.exe
+ 2007-11-28 19:13 . 2007-11-28 19:13 376832 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\lxdncomm.dll
+ 2007-11-28 19:11 . 2007-11-28 19:11 851968 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\lxdncomc.dll
+ 2009-07-02 21:47 . 2009-07-02 21:47 385024 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\lxdncoin.dll
+ 2009-08-13 17:08 . 2009-08-13 17:08 365224 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\lxdncfg.exe
+ 2009-05-13 13:00 . 2009-05-13 13:00 106496 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\korean\lxdnpswr.dll
+ 2009-05-13 13:00 . 2009-05-13 13:00 131072 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\korean\lxdnprpr.dll
+ 2009-05-13 13:00 . 2009-05-13 13:00 200704 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\korean\lxdnlpar.dll
+ 2009-05-13 13:00 . 2009-05-13 13:00 139264 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\korean\lxdnjswr.dll
+ 2009-05-13 12:37 . 2009-05-13 12:37 208896 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\korean\lxdngrd.dll
+ 2009-05-13 12:59 . 2009-05-13 12:59 106496 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\japanese\lxdnpswr.dll
+ 2009-05-13 12:59 . 2009-05-13 12:59 131072 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\japanese\lxdnprpr.dll
+ 2009-05-13 12:58 . 2009-05-13 12:58 204800 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\japanese\lxdnlpar.dll
+ 2009-05-13 12:58 . 2009-05-13 12:58 139264 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\japanese\lxdnjswr.dll
+ 2009-05-13 12:37 . 2009-05-13 12:37 208896 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\japanese\lxdngrd.dll
+ 2009-05-13 12:57 . 2009-05-13 12:57 155648 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\italian\lxdnpswr.dll
+ 2009-05-13 12:57 . 2009-05-13 12:57 163840 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\italian\lxdnprpr.dll
+ 2009-05-13 12:57 . 2009-05-13 12:57 258048 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\italian\lxdnlpar.dll
+ 2009-05-13 12:57 . 2009-05-13 12:57 147456 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\italian\lxdnjswr.dll
+ 2009-05-13 12:57 . 2009-05-13 12:57 110592 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\italian\lxdninsr.dll
+ 2009-05-13 12:37 . 2009-05-13 12:37 208896 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\italian\lxdngrd.dll
+ 2009-05-13 12:56 . 2009-05-13 12:56 147456 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\hungaran\lxdnpswr.dll
+ 2009-05-13 12:56 . 2009-05-13 12:56 159744 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\hungaran\lxdnprpr.dll
+ 2009-05-13 12:56 . 2009-05-13 12:56 249856 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\hungaran\lxdnlpar.dll
+ 2009-05-13 12:56 . 2009-05-13 12:56 147456 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\hungaran\lxdnjswr.dll
+ 2009-05-13 12:56 . 2009-05-13 12:56 110592 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\hungaran\lxdninsr.dll
+ 2009-05-13 12:37 . 2009-05-13 12:37 208896 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\hungaran\lxdngrd.dll
+ 2009-05-13 12:54 . 2009-05-13 12:54 131072 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\hebrew\lxdnpswr.dll
+ 2009-05-13 12:54 . 2009-05-13 12:54 151552 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\hebrew\lxdnprpr.dll
+ 2009-05-13 12:54 . 2009-05-13 12:54 229376 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\hebrew\lxdnlpar.dll
+ 2009-05-13 12:54 . 2009-05-13 12:54 143360 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\hebrew\lxdnjswr.dll
+ 2009-05-13 12:54 . 2009-05-13 12:54 102400 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\hebrew\lxdninsr.dll
+ 2009-05-13 12:37 . 2009-05-13 12:37 208896 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\hebrew\lxdngrd.dll
+ 2009-05-13 12:53 . 2009-05-13 12:53 159744 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\greek\lxdnpswr.dll
+ 2009-05-13 12:53 . 2009-05-13 12:53 167936 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\greek\lxdnprpr.dll
+ 2009-05-13 12:53 . 2009-05-13 12:53 262144 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\greek\lxdnlpar.dll
+ 2009-05-13 12:53 . 2009-05-13 12:53 151552 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\greek\lxdnjswr.dll
+ 2009-05-13 12:53 . 2009-05-13 12:53 114688 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\greek\lxdninsr.dll
+ 2009-05-13 12:37 . 2009-05-13 12:37 208896 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\greek\lxdngrd.dll
+ 2009-05-13 12:51 . 2009-05-13 12:51 155648 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\german\lxdnpswr.dll
+ 2009-05-13 12:51 . 2009-05-13 12:51 163840 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\german\lxdnprpr.dll
+ 2009-05-13 12:51 . 2009-05-13 12:51 253952 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\german\lxdnlpar.dll
+ 2009-05-13 12:51 . 2009-05-13 12:51 147456 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\german\lxdnjswr.dll
+ 2009-05-13 12:51 . 2009-05-13 12:51 114688 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\german\lxdninsr.dll
+ 2009-05-13 12:36 . 2009-05-13 12:36 208896 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\german\lxdngrd.dll
+ 2009-05-13 12:50 . 2009-05-13 12:50 155648 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\french\lxdnpswr.dll
+ 2009-05-13 12:50 . 2009-05-13 12:50 167936 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\french\lxdnprpr.dll
+ 2009-05-13 12:50 . 2009-05-13 12:50 258048 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\french\lxdnlpar.dll
+ 2009-05-13 12:50 . 2009-05-13 12:50 147456 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\french\lxdnjswr.dll
+ 2009-05-13 12:50 . 2009-05-13 12:50 114688 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\french\lxdninsr.dll
+ 2009-05-13 12:36 . 2009-05-13 12:36 208896 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\french\lxdngrd.dll
+ 2009-05-13 12:48 . 2009-05-13 12:48 143360 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\finnish\lxdnpswr.dll
+ 2009-05-13 12:48 . 2009-05-13 12:48 159744 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\finnish\lxdnprpr.dll
+ 2009-05-13 12:48 . 2009-05-13 12:48 241664 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\finnish\lxdnlpar.dll
+ 2009-05-13 12:48 . 2009-05-13 12:48 147456 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\finnish\lxdnjswr.dll
+ 2009-05-13 12:49 . 2009-05-13 12:49 106496 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\finnish\lxdninsr.dll
+ 2009-05-13 12:36 . 2009-05-13 12:36 208896 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\finnish\lxdngrd.dll
+ 2009-07-14 13:10 . 2009-07-14 13:10 139264 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\english\lxdnpswr.dll
+ 2009-07-14 13:10 . 2009-07-14 13:10 155648 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\english\lxdnprpr.dll
+ 2009-07-14 13:10 . 2009-07-14 13:10 237568 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\english\lxdnlpar.dll
+ 2009-07-14 13:10 . 2009-07-14 13:10 147456 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\english\lxdnjswr.dll
+ 2009-07-14 13:10 . 2009-07-14 13:10 106496 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\english\lxdninsr.dll
+ 2009-07-14 13:02 . 2009-07-14 13:02 208896 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\english\lxdngrd.dll
+ 2009-05-13 12:47 . 2009-05-13 12:47 147456 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\dutch\lxdnpswr.dll
+ 2009-05-13 12:47 . 2009-05-13 12:47 163840 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\dutch\lxdnprpr.dll
+ 2009-05-13 12:47 . 2009-05-13 12:47 245760 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\dutch\lxdnlpar.dll
+ 2009-05-13 12:47 . 2009-05-13 12:47 147456 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\dutch\lxdnjswr.dll
+ 2009-05-13 12:47 . 2009-05-13 12:47 110592 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\dutch\lxdninsr.dll
+ 2009-05-13 12:36 . 2009-05-13 12:36 208896 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\dutch\lxdngrd.dll
+ 2009-05-13 12:46 . 2009-05-13 12:46 143360 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\danish\lxdnpswr.dll
+ 2009-05-13 12:46 . 2009-05-13 12:46 159744 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\danish\lxdnprpr.dll
+ 2009-05-13 12:45 . 2009-05-13 12:45 241664 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\danish\lxdnlpar.dll
+ 2009-05-13 12:45 . 2009-05-13 12:45 147456 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\danish\lxdnjswr.dll
+ 2009-05-13 12:46 . 2009-05-13 12:46 106496 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\danish\lxdninsr.dll
+ 2009-05-13 12:36 . 2009-05-13 12:36 208896 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\danish\lxdngrd.dll
+ 2009-05-13 12:44 . 2009-05-13 12:44 143360 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\czech\lxdnpswr.dll
+ 2009-05-13 12:44 . 2009-05-13 12:44 159744 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\czech\lxdnprpr.dll
+ 2009-05-13 12:44 . 2009-05-13 12:44 245760 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\czech\lxdnlpar.dll
+ 2009-05-13 12:44 . 2009-05-13 12:44 147456 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\czech\lxdnjswr.dll
+ 2009-05-13 12:44 . 2009-05-13 12:44 106496 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\czech\lxdninsr.dll
+ 2009-05-13 12:36 . 2009-05-13 12:36 208896 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\czech\lxdngrd.dll
+ 2009-05-13 12:43 . 2009-05-13 12:43 126976 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\chi_trad\lxdnprpr.dll
+ 2009-05-13 12:43 . 2009-05-13 12:43 184320 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\chi_trad\lxdnlpar.dll
+ 2009-05-13 12:43 . 2009-05-13 12:43 139264 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\chi_trad\lxdnjswr.dll
+ 2009-05-13 12:36 . 2009-05-13 12:36 208896 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\chi_trad\lxdngrd.dll
+ 2009-05-13 12:41 . 2009-05-13 12:41 122880 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\chi_simp\lxdnprpr.dll
+ 2009-05-13 12:41 . 2009-05-13 12:41 184320 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\chi_simp\lxdnlpar.dll
+ 2009-05-13 12:41 . 2009-05-13 12:41 139264 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\chi_simp\lxdnjswr.dll
+ 2009-05-13 12:36 . 2009-05-13 12:36 208896 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\chi_simp\lxdngrd.dll
+ 2009-05-13 12:40 . 2009-05-13 12:40 135168 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\arabic\lxdnpswr.dll
+ 2009-05-13 12:40 . 2009-05-13 12:40 155648 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\arabic\lxdnprpr.dll
+ 2009-05-13 12:40 . 2009-05-13 12:40 241664 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\arabic\lxdnlpar.dll
+ 2009-05-13 12:40 . 2009-05-13 12:40 147456 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\arabic\lxdnjswr.dll
+ 2009-05-13 12:40 . 2009-05-13 12:40 106496 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\arabic\lxdninsr.dll
+ 2009-05-13 12:35 . 2009-05-13 12:35 208896 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\arabic\lxdngrd.dll
+ 2008-04-01 17:34 . 2008-04-01 17:34 320800 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\common\swedish\lxdnwavs.exe
+ 2008-04-01 17:34 . 2008-04-01 17:34 281671 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\common\spanish\lxdnwavs.exe
+ 2008-04-01 17:34 . 2008-04-01 17:34 261795 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\common\russian\lxdnwavs.exe
+ 2008-04-01 17:34 . 2008-04-01 17:34 617566 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\common\portibrn\lxdnwavs.exe
+ 2008-04-01 17:34 . 2008-04-01 17:34 329817 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\common\portbrzl\lxdnwavs.exe
+ 2008-04-01 17:34 . 2008-04-01 17:34 343332 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\common\polish\lxdnwavs.exe
+ 2008-04-01 17:34 . 2008-04-01 17:34 320248 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\common\norwegan\lxdnwavs.exe
+ 2008-04-01 17:34 . 2008-04-01 17:34 253952 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\common\lxdnsk0.dll
+ 2009-08-13 17:08 . 2009-08-13 17:08 115848 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\common\lxdncfgx.exe
+ 2008-04-01 17:34 . 2008-04-01 17:34 733381 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\common\japanese\lxdnwavs.exe
+ 2008-04-01 17:34 . 2008-04-01 17:34 333753 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\common\italian\lxdnwavs.exe
+ 2008-04-01 17:34 . 2008-04-01 17:34 300317 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\common\hungaran\lxdnwavs.exe
+ 2008-04-01 17:34 . 2008-04-01 17:34 381410 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\common\greek\lxdnwavs.exe
+ 2008-04-01 17:34 . 2008-04-01 17:34 344868 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\common\german\lxdnwavs.exe
+ 2008-04-01 17:34 . 2008-04-01 17:34 290449 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\common\french\lxdnwavs.exe
+ 2008-04-01 17:34 . 2008-04-01 17:34 287077 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\common\finnish\lxdnwavs.exe
+ 2008-04-01 17:34 . 2008-04-01 17:34 343086 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\common\english\lxdnwavs.exe
+ 2008-04-01 17:34 . 2008-04-01 17:34 259780 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\common\dutch\lxdnwavs.exe
+ 2008-04-01 17:34 . 2008-04-01 17:34 319267 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\common\danish\lxdnwavs.exe
+ 2008-04-01 17:34 . 2008-04-01 17:34 339419 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\common\czech\lxdnwavs.exe
+ 2008-04-01 17:34 . 2008-04-01 17:34 343502 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\common\chi_trad\lxdnwavs.exe
+ 2008-04-01 17:34 . 2008-04-01 17:34 360734 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\common\chi_simp\lxdnwavs.exe
+ 2006-11-02 10:25 . 2009-10-25 18:44 239616 c:\windows\inf\infstrng.dat
- 2006-11-02 10:25 . 2009-09-28 02:00 239616 c:\windows\inf\infstrng.dat
- 2006-11-02 10:25 . 2009-09-28 02:00 143360 c:\windows\inf\infstor.dat
+ 2006-11-02 10:25 . 2009-10-25 18:44 143360 c:\windows\inf\infstor.dat
+ 2009-11-05 21:00 . 2009-08-07 01:45 2421760 c:\windows\winsxs\x86_microsoft-windows-windowsupdateclient-ui_31bf3856ad364e35_7.4.7600.226_none_672645e7fba0c4cc\wucltux.dll
+ 2009-11-05 21:00 . 2009-08-07 02:23 1929952 c:\windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.4.7600.226_none_e979223d5b9c821b\wuaueng.dll
+ 2009-07-14 13:09 . 2009-07-14 13:09 1392640 c:\windows\System32\spool\drivers\w32x86\3\lxdnpswb.dll
+ 2009-07-14 13:09 . 2009-07-14 13:09 4038656 c:\windows\System32\spool\drivers\w32x86\3\lxdnprpb.dll
+ 2009-07-14 13:08 . 2009-07-14 13:08 3665920 c:\windows\System32\spool\drivers\w32x86\3\lxdnlpab.dll
+ 2009-07-14 13:06 . 2009-07-14 13:06 1380352 c:\windows\System32\spool\drivers\w32x86\3\lxdnlpa.dll
+ 2007-11-14 02:55 . 2007-11-14 02:55 1339392 c:\windows\System32\spool\drivers\w32x86\3\lxdnhpec.dll
- 2006-11-02 10:22 . 2009-10-16 03:35 6553600 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2006-11-02 10:22 . 2009-11-05 21:01 6553600 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2007-11-28 19:16 . 2007-11-28 19:16 1101824 c:\windows\System32\lxdnserv.dll
+ 2007-11-28 19:16 . 2007-11-28 19:16 1101824 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\lxdnserv.dll
+ 2009-07-14 13:09 . 2009-07-14 13:09 1392640 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\lxdnpswb.dll
+ 2009-07-14 13:09 . 2009-07-14 13:09 4038656 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\lxdnprpb.dll
+ 2009-07-14 13:08 . 2009-07-14 13:08 3665920 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\lxdnlpab.dll
+ 2009-07-14 13:06 . 2009-07-14 13:06 1380352 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\lxdnlpa.dll
+ 2007-11-14 02:55 . 2007-11-14 02:55 1339392 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\i386\lxdnhpec.dll
+ 2008-04-01 17:34 . 2008-04-01 17:34 2584096 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\common\turkish\lxdnwavs.exe
+ 2008-04-01 17:34 . 2008-04-01 17:34 5819959 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\common\korean\lxdnwavs.exe
+ 2008-04-01 17:34 . 2008-04-01 17:34 1673956 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\common\hebrew\lxdnwavs.exe
+ 2008-04-01 17:34 . 2008-04-01 17:34 2338730 c:\windows\System32\DriverStore\FileRepository\lxdnprc.inf_30a69343\common\arabic\lxdnwavs.exe
+ 2009-06-20 23:31 . 2009-10-25 19:26 1782128 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-06-20 23:31 . 2009-10-19 22:17 1782128 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-11-07 00:19 . 2009-11-07 00:19 6402048 c:\windows\ERDNT\Hiv-backup\SCHEMA.DAT
+ 2009-04-29 18:19 . 2009-11-05 21:00 136885802 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-11-03 2028312]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 411192]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-08-17 185896]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"NDSTray.exe"="NDSTray.exe" [BU]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-08-03 1826816]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-08-10 4702208]

c:\users\Keith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
PdaNet Desktop.lnk - c:\program files\PdaNet for iPhone\PdaNetPC.exe [2009-10-25 173520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SecureZIP Attachments Status.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\SecureZIP Attachments Status.lnk
backup=c:\windows\pss\SecureZIP Attachments Status.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiSpywareOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2012173098-1469914568-2948075190-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [10/18/2009 9:36 PM 335240]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [10/18/2009 9:36 PM 297752]
R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [12/24/2007 2:25 PM 24652]
R3 FwLnk;FwLnk Driver;c:\windows\System32\drivers\FwLnk.sys [8/22/2007 2:53 PM 7168]
R3 pnetmdm;PdaNet Modem;c:\windows\System32\drivers\pnetmdm.sys [10/25/2009 1:43 PM 9472]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\System32\drivers\RTL8187B.sys [6/10/2009 4:52 AM 347648]
S3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files\AT&T\Communication Manager\RcAppSvc.exe [11/20/2008 9:07 PM 113152]
S3 CAATT;AT&T Con App Svc;c:\program files\AT&T\Communication Manager\ConAppsSvc.exe [11/20/2008 9:07 PM 125440]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\System32\drivers\npf.sys [11/6/2007 3:22 PM 34064]
S3 SWNC8U80;Sierra Wireless MUX NDIS Driver (UMTS80);c:\windows\System32\drivers\swnc8u80.sys [8/20/2008 12:35 PM 168192]
S3 SWUMX80;Sierra Wireless USB MUX Driver (UMTS80);c:\windows\System32\drivers\swumx80.sys [8/20/2008 12:36 PM 142976]
S3 sy04bus;SANYO USB Composite Device SY04 driver (WDM);c:\windows\System32\drivers\sy04bus.sys [7/28/2008 9:40 PM 83328]
S3 sy04mdfl;SANYO USB Modem SY04 Filter;c:\windows\System32\drivers\sy04mdfl.sys [7/28/2008 9:40 PM 14848]
S3 sy04mdm;SANYO USB Modem SY04 Drivers;c:\windows\System32\drivers\sy04mdm.sys [7/28/2008 9:40 PM 109824]
S3 sy04serd;SANYO USB Modem SY04 Diagnostic Serial Port (WDM);c:\windows\System32\drivers\sy04serd.sys [7/28/2008 9:40 PM 89856]
S3 uts_bus;UTStarcom USB Composite Device driver (WDM);c:\windows\System32\drivers\uts_bus.sys [3/3/2009 9:15 PM 84352]
S3 uts_mdfl;UTStarcom USB Modem Filter;c:\windows\System32\drivers\uts_mdfl.sys [3/3/2009 9:15 PM 14976]
S3 uts_mdm;UTStarcom USB Modem Drivers;c:\windows\System32\drivers\uts_mdm.sys [3/3/2009 9:15 PM 110848]
S3 uts_serd;UTStarcom USB Diagnostic Serial Port (WDM);c:\windows\System32\drivers\uts_serd.sys [3/3/2009 9:15 PM 90880]
S3 winbondcir;Winbond IR Transceiver;c:\windows\System32\drivers\winbondcir.sys [3/28/2007 9:51 AM 43008]
S3 zteusbser;ZTE USB Device for Legacy Serial Communication;c:\windows\System32\drivers\CT_ZTEMT_U_USBSER.sys [9/1/2008 4:41 PM 104320]
S4 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [9/16/2008 11:03 AM 169312]
S4 CASprint;Sprint Con App Svc;c:\program files\Sprint\Sprint SmartView\ConAppsSvc.exe [6/19/2008 10:58 AM 124184]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*NewlyCreated* - PROCEXP113
*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
Contents of the 'Scheduled Tasks' folder

2009-11-07 c:\windows\Tasks\User_Feed_Synchronization-{188E13ED-3146-47F9-881E-45BEB445CCE6}.job
- c:\windows\system32\msfeedssync.exe [2008-03-18 03:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: bmnet.dll
FF - ProfilePath - c:\users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\ovndyyyc.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\users\Keith\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-06 19:33
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0014\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0015\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0016\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0017\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(704)
c:\windows\system32\bmnet.dll
.
Completion time: 2009-11-07 19:38
ComboFix-quarantined-files.txt 2009-11-07 00:38
ComboFix2.txt 2009-10-19 22:31

Pre-Run: 59,681,112,064 bytes free
Post-Run: 59,655,835,648 bytes free

- - End Of File - - 0E3558B68653B96DBD8585EDDBDAA081




-----------------------------MBAM Log----------------------------------


Malwarebytes' Anti-Malware 1.41
Database version: 3119
Windows 6.0.6001 Service Pack 1

11/7/2009 7:23:52 PM
mbam-log-2009-11-07 (19-23-52).txt

Scan type: Full Scan (C:\|)
Objects scanned: 239534
Time elapsed: 1 hour(s), 0 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Qoobox\Quarantine\C\Windows\System32\cngaudit.dll.vir (Trojan.Sirefef) -> Quarantined and deleted successfully.
C:\Windows\win32k.sys (Trojan.Dropper) -> Quarantined and deleted successfully.






Thank you for all of your help, and let me know if you have any other suggestions on cleaning stuff up on my pc!!
You guys are awesome to donate your time and help people out on here!

#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,648 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:01 AM

Posted 11 November 2009 - 06:30 AM

Hello keithl322,

Lets try to get Junction to run. Note, if you still have it in your windows folder, you don't have to download it again.

* Please download and save:

Junction.zip

* Unzip it and place Junction.exe in the Windows directory (C:\Windows).


We need to reset the permissions altered by the malware on a file.
  • Download this tool and save it to the desktop: http://download.bleepingcomputer.com/sUBs/...xes/Inherit.exe
  • Go to Start => Run => Copy and paste the first line of the following lines in the run box and click OK:

    "%userprofile%\desktop\inherit" "C:\windows\junction.exe"

  • If you get a security warning select Run.
  • You will get a "Finish" popup. Click OK.

* Go to Start => Run... => Copy and paste the following command in the Run box and click OK:

cmd /c junction -s c:\ >log.txt&log.txt& del log.txt

A command window opens starting to scan the system. Wait until a log file opens. Copy and paste the log in your next reply.


In your next reply, please include the following:
  • Junction log

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,648 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:01 AM

Posted 17 November 2009 - 06:17 AM

Hello, are you still there?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,648 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:01 AM

Posted 19 November 2009 - 04:26 AM

Due to lack of feedback, this topic is now closed.

If you are the original topic starter and you need this topic re-opened, please send me a PM.

Everyone else, please start a new topic.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users