Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sinowal Trojan - Please Help! (PWS:Win32/Sinowal.gen!Q)


  • This topic is locked This topic is locked
2 replies to this topic

#1 jadeunicorn

jadeunicorn

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:21 PM

Posted 31 January 2010 - 06:55 PM

This past Tuesday my husband's computer starting acting strange and actually restarted on it's own. I am not sure how he got it on his system, but several scans indicated the computer is infected with following: PWS:Win32/Sinowal.gen!Q I was told since it's a Trojan, I should have System Restore off when I do the removal of it. I turned System Restore off and tried ComboFix, Spy Sweeper, AVG, and Microsoft Security Essentials - the latter claimed it removed the Trojan from the computer. BUT the computer has still been acting oddly - IE shuts down unexpectedly (I can't do the Windows Live OneCare Scan at all because of this), Firefox has been giving script errors for the add-ons, and the computer has been SLOW. A Quick Scan with Malwarebytes showed nothing. When I ran ComboFix again, though, it insisted there was still something there, but it couldn't scrub it. My last ComboFix Log is below. Under that log is the DDS log. I was NOT ABLE to run RootRepeal - it would get to the Initializing, Please Wait box and hang (I left it for a half hour and it did nothing except show that box). At first after MSE removed it I thought maybe Java or the add-ons were corrupted since there was a Java update at the same time I got the Trojan. So, I have also uninstalled and reinstalled Java, uninstalled and re-instaled Firefox add-ons, I un-installed and re-installed IE 7 and 8 (then did a repair thing), and uninstalled and re-installed Firefox. And that's when I fianlly re-did Combo-Fix, looked closely and noticed it detected the rootkit. Please help! I need to get this thing off of my husband's computer so her can play Everquest safely and not worry that any passwords will be snatched.

ComboFix 10-01-31.02 - Lori & Rick 01/31/2010 15:37:17.9.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2459 [GMT -6:00]
Running from: c:\documents and settings\Lori & Rick\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

((((((((((((((((((((((((( Files Created from 2009-12-28 to 2010-01-31 )))))))))))))))))))))))))))))))
.

2010-01-29 07:13 . 2010-01-29 07:13 -------- d-----w- c:\documents and settings\Lori & Rick\Application Data\Malwarebytes
2010-01-29 07:12 . 2010-01-29 07:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-31 20:37 . 2010-01-31 20:37 -------- d-----w- c:\program files\TrendMicro
2010-01-31 17:44 . 2009-04-09 17:55 -------- d-----w- c:\program files\Windows Live Safety Center
2010-01-31 07:03 . 2008-12-17 19:24 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-31 06:42 . 2006-02-17 05:07 -------- d-----w- c:\program files\Common Files\Java
2010-01-31 06:41 . 2006-02-17 05:07 -------- d-----w- c:\program files\Java
2010-01-30 20:46 . 2006-02-14 00:59 105296 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-01-29 07:12 . 2010-01-29 07:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-28 05:10 . 2010-01-28 05:10 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-01-21 20:29 . 2008-01-30 16:32 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-14 17:12 . 2010-01-28 05:20 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-14 13:30 . 2006-03-14 22:28 -------- d-----w- c:\documents and settings\Lori & Rick\Application Data\Apple Computer
2010-01-07 22:07 . 2010-01-29 07:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 22:07 . 2010-01-29 07:12 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-01 20:15 . 2010-01-01 05:26 -------- d-----w- c:\program files\Diablo II
2010-01-01 20:14 . 2010-01-01 05:48 21840 ----atw- c:\windows\system32\SIntfNT.dll
2010-01-01 20:14 . 2010-01-01 05:48 17212 ----atw- c:\windows\system32\SIntf32.dll
2010-01-01 05:46 . 2010-01-01 05:40 34095 ----a-w- c:\windows\DIIUnin.dat
2010-01-01 05:40 . 2010-01-01 05:40 94208 ----a-w- c:\windows\DIIUnin.exe
2010-01-01 05:40 . 2010-01-01 05:40 2829 ----a-w- c:\windows\DIIUnin.pif
2009-12-30 19:06 . 2009-12-30 19:05 -------- d-----w- c:\program files\iTunes
2009-12-30 19:06 . 2009-12-30 19:05 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-30 19:05 . 2009-12-30 19:05 -------- d-----w- c:\program files\iPod
2009-12-30 19:05 . 2007-07-17 15:44 -------- d-----w- c:\program files\Common Files\Apple
2009-12-30 19:04 . 2009-12-30 19:04 -------- d-----w- c:\program files\Bonjour
2009-12-30 19:03 . 2009-12-30 19:02 -------- d-----w- c:\program files\QuickTime
2009-12-22 05:20 . 2009-12-22 05:20 81920 ------w- c:\windows\system32\ieencode.dll
2009-12-21 19:14 . 2004-08-12 14:09 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-19 20:49 . 2009-01-18 20:44 -------- d-----w- c:\program files\Black Isle
2009-12-02 23:15 . 2009-04-15 17:55 164 -c--a-w- c:\windows\install.dat
2009-12-02 23:09 . 2008-05-19 22:29 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-12-02 23:09 . 2008-05-19 22:29 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-12-02 23:09 . 2008-05-19 22:29 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-12-02 23:09 . 2008-05-19 22:29 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-12-02 23:09 . 2009-12-02 23:09 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-12-02 23:09 . 2008-05-19 22:29 -------- d-----w- c:\program files\AVG
2009-12-02 22:36 . 2009-12-02 22:37 389120 ----a-w- c:\windows\system32\CF31043.exe
2009-11-06 21:19 . 2007-07-02 18:06 1563008 ----a-w- c:\windows\WRSetup.dll
2009-11-06 18:00 . 2006-07-13 17:01 23152 ----a-w- c:\windows\system32\drivers\sshrmd.sys
2009-11-06 18:00 . 2006-07-13 17:01 176752 ----a-w- c:\windows\system32\drivers\ssidrv.sys
2009-11-06 18:00 . 2008-07-28 21:44 29808 ----a-w- c:\windows\system32\drivers\ssfs0bbc.sys
2007-11-03 02:07 . 2006-08-14 00:40 848 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId]
@="{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}"
[HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}]
2009-02-14 18:00 238968 ----a-w- c:\program files\Webroot\Spy Sweeper\Backup\CtxMenu_1_0_0_10.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-06-29 135168]
"POINTER"="c:\program files\Microsoft Hardware\Mouse\point32.exe" [2002-04-11 176128]
"CTSysVol"="c:\program files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"P17Helper"="P17.dll" [2004-06-10 60928]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-11-07 122940]
"PRISMSVR.EXE"="c:\windows\system32\PRISMSVR.EXE" [2005-12-23 381014]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-12 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-12 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-12 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-12 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-12 455168]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Wireless USB 2.0 WLAN Card Utility.lnk - c:\program files\Dell Wireless\PRISMCFG.exe [2008-5-21 921704]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-12-02 23:09 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PRISMAPI.DLL]
2005-12-23 01:08 450646 ----a-w- c:\windows\system32\PRISMAPI.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 1000 series.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk
backup=c:\windows\pss\hp psc 1000 series.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2005-03-30 03:05 339968 -c--a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY]
2009-12-31 22:57 2033432 ----a-w- c:\progra~1\AVG\AVG9\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2005-05-15 08:04 332800 ----a-w- c:\program files\Dell Support\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2009-05-21 16:13 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2008-03-11 17:44 16384 -c--a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2004-08-24 00:19 57344 -c----w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
2008-08-01 20:36 1103216 ----a-w- c:\program files\Download Manager\DLM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 22:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSSE]
2009-09-14 00:52 1048392 ----a-w- c:\program files\Microsoft Security Essentials\msseces.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2004-04-12 02:15 290816 -c----w- c:\program files\Dell\Media Experience\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 05:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
2009-11-06 21:19 6515784 ----a-w- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-30 22:45 313472 -c--a-r- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-19 02:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\PlayOnline\\SquareEnix\\PlayOnlineViewer\\pol.exe"=
"c:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"=
"c:\\Program Files\\EA GAMES\\The Battle for Middle-earth ™\\game.dat"=
"c:\\Program Files\\Electronic Arts\\The Battle for Middle-earth ™ II\\game.dat"=
"c:\\Program Files\\Electronic Arts\\The Lord of the Rings, The Rise of the Witch-king\\game.dat"=
"c:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Electronic Arts\\The Battle for Middle-earth ™ II\\patchget.dat"=
"c:\\Program Files\\ATI Technologies\\ATI.ACE\\CLI.exe"=
"c:\\Program Files\\Common Files\\Microsoft Shared\\Source Engine\\OSE.EXE"=
"c:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"2479:TCP"= 2479:TCP:Services
"7365:TCP"= 7365:TCP:Services
"3246:TCP"= 3246:TCP:Services
"3389:TCP"= 3389:TCP:Remote Desktop
"5928:TCP"= 5928:TCP:Services

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [7/28/2008 3:44 PM 29808]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/19/2008 4:29 PM 333192]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/19/2008 4:29 PM 360584]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [12/2/2009 5:09 PM 285392]
R2 PRISMSVC;PRISMSVC;c:\windows\system32\PRISMSVC.exe [5/21/2008 4:34 PM 61526]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\Spy Sweeper\WRConsumerService.exe [10/15/2008 1:05 PM 1201640]
S3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\drivers\gflmouhid.sys [4/19/2004 3:01 PM 6656]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [8/2/2005 3:10 PM 32512]
.
Contents of the 'Scheduled Tasks' folder

2009-12-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2008-09-28 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8214505543.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 05:52]

2010-01-31 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-07-02 23:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
FF - ProfilePath - c:\documents and settings\Lori & Rick\Application Data\Mozilla\Firefox\Profiles\pika0g37.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPPGWrap.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-31 16:31
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8A5284A8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf767bf28
\Driver\ACPI -> ACPI.sys @ 0xf75aecb8
\Driver\atapi -> atapi.sys @ 0xf746b852
\Driver\iaStor -> 0x8a5284a8
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805e668e
ParseProcedure -> ntoskrnl.exe @ 0x8057b6b1
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805e668e
ParseProcedure -> ntoskrnl.exe @ 0x8057b6b1
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(772)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\PRISMAPI.DLL

- - - - - - - > 'explorer.exe'(2824)
c:\windows\system32\WININET.dll
c:\program files\Webroot\Spy Sweeper\Backup\CtxMenu_1_0_0_10.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.EXE
c:\program files\Intel\Intel Application Accelerator\iaantmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Webroot\Spy Sweeper\SpySweeper.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\MsPMSPSv.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.EXE
c:\program files\iPod\bin\iPodService.exe
c:\program files\ATI Technologies\ATI.ACE\cli.exe
c:\program files\ATI Technologies\ATI.ACE\cli.exe
.
**************************************************************************
.
Completion time: 2010-01-31 16:50:18 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-31 22:50
ComboFix2.txt 2010-01-31 19:32
ComboFix3.txt 2010-01-28 02:33
ComboFix4.txt 2009-12-02 22:57
ComboFix5.txt 2010-01-31 21:30

Pre-Run: 52,318,834,688 bytes free
Post-Run: 52,312,293,376 bytes free

- - End Of File - - 975632E0E2318604BA8FA1BB8ED56E3E




DDS (Ver_09-12-01.01) - NTFSx86
Run by Lori & Rick at 13:59:35.12 on Sun 01/31/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2159 [GMT -6:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

============== Running Processes ===============

C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\AVG\AVG9\avgcsrvx.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PRISMSVC.EXE
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\PRISMSVR.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Dell Wireless\PRISMCFG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Lori & Rick\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
uRun: [WMPNSCFG] "c:\program files\windows media player\WMPNSCFG.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IAAnotif] "c:\program files\intel\intel application accelerator\iaanotif.exe"
mRun: [POINTER] "c:\program files\microsoft hardware\mouse\point32.exe"
mRun: [CTSysVol] "c:\program files\creative\sound blaster live! 24-bit\surround mixer\CTSysVol.exe" /r
mRun: [P17Helper] "c:\windows\system32\rundll32.exe" P17.dll,P17Helper
mRun: [UpdReg] "c:\windows\UpdReg.EXE"
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [ISUSPM Startup] "c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [SoundMAXPnP] "c:\program files\analog devices\core\smax4pnp.exe"
mRun: [DLA] "c:\windows\system32\dla\DLACTRLW.EXE"
mRun: [PRISMSVR.EXE] "c:\windows\system32\PRISMSVR.EXE" /APPLY
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] "c:\windows\ime\imkr6_1\IMEKRMIG.EXE"
mRun: [MSPY2002] "c:\windows\system32\ime\pintlgnt\ImScInst.exe" /SYNC
mRun: [PHIME2002ASync] "c:\windows\system32\ime\tintlgnt\TINTSETP.EXE" /SYNC
mRun: [PHIME2002A] "c:\windows\system32\ime\tintlgnt\TINTSETP.EXE" /IMEName
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\dell wireless\PRISMCFG.exe
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://pccheckup.dellfix.com/sdccommon/download/tgctlcm.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} - hxxp://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.4.4.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1143746984250
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: PRISMAPI.DLL - PRISMAPI.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\lori&r~1\applic~1\mozilla\firefox\profiles\pika0g37.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\download manager\npfpdlm.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPPGWrap.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2008-7-28 29808]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-19 333192]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-5-19 28424]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-5-19 360584]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 142832]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-12-2 285392]
R2 PRISMSVC;PRISMSVC;c:\windows\system32\PRISMSVC.exe [2008-5-21 61526]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\spy sweeper\SpySweeper.exe [2009-11-6 4048240]
R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\spy sweeper\WRConsumerService.exe [2008-10-15 1201640]
S3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\drivers\gflmouhid.sys [2004-4-19 6656]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-8-2 32512]

=============== Created Last 30 ================

2010-01-31 07:04:54 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-01-30 21:26:42 0 dc-h--w- c:\windows\ie8
2010-01-30 20:41:57 1564868 ----a-w- c:\windows\system32\WINSP.MB
2010-01-30 20:36:37 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2010-01-30 20:36:34 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2010-01-30 20:36:32 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2010-01-30 20:36:29 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2010-01-30 20:36:25 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2010-01-30 20:36:17 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2010-01-30 20:36:12 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2010-01-30 20:36:10 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2010-01-30 20:36:03 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2010-01-30 20:36:02 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2010-01-30 20:35:59 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2010-01-30 20:35:24 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys
2010-01-30 20:35:17 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys
2010-01-30 20:35:13 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys
2010-01-30 20:35:00 771581 -c--a-w- c:\windows\system32\dllcache\winacisa.sys
2010-01-30 20:33:59 64605 -c--a-w- c:\windows\system32\dllcache\vvoice.sys
2010-01-30 20:33:54 397502 -c--a-w- c:\windows\system32\dllcache\vpctcom.sys
2010-01-30 20:33:49 604253 -c--a-w- c:\windows\system32\dllcache\vmodem.sys
2010-01-30 20:33:45 249402 -c--a-w- c:\windows\system32\dllcache\vinwm.sys
2010-01-30 20:33:41 24576 -c--a-w- c:\windows\system32\dllcache\viairda.sys
2010-01-30 20:33:38 5376 -c--a-w- c:\windows\system32\dllcache\viaide.sys
2010-01-30 20:33:31 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2010-01-30 20:33:24 687999 -c--a-w- c:\windows\system32\dllcache\usrwdxjs.sys
2010-01-30 20:33:19 765884 -c--a-w- c:\windows\system32\dllcache\usrti.sys
2010-01-30 20:33:14 113762 -c--a-w- c:\windows\system32\dllcache\usrpda.sys
2010-01-30 20:33:10 7556 -c--a-w- c:\windows\system32\dllcache\usroslba.sys
2010-01-30 20:33:05 224802 -c--a-w- c:\windows\system32\dllcache\usr1807a.sys
2010-01-30 20:33:01 794399 -c--a-w- c:\windows\system32\dllcache\usr1806v.sys
2010-01-30 20:31:57 216064 -c--a-w- c:\windows\system32\dllcache\um34scan.dll
2010-01-30 20:30:58 230912 -c--a-w- c:\windows\system32\dllcache\tosdvd03.sys
2010-01-30 20:30:55 241664 -c--a-w- c:\windows\system32\dllcache\tosdvd02.sys
2010-01-30 20:30:51 28232 -c--a-w- c:\windows\system32\dllcache\tos4mo.sys
2010-01-30 20:30:47 123995 -c--a-w- c:\windows\system32\dllcache\tjisdn.sys
2010-01-30 20:30:40 138528 -c--a-w- c:\windows\system32\dllcache\tgiulnt5.sys
2010-01-30 20:30:36 81408 -c--a-w- c:\windows\system32\dllcache\tgiul50.dll
2010-01-30 20:30:35 149376 -c--a-w- c:\windows\system32\dllcache\tffsport.sys
2010-01-30 20:30:29 17129 -c--a-w- c:\windows\system32\dllcache\tdkcd31.sys
2010-01-30 20:30:26 37961 -c--a-w- c:\windows\system32\dllcache\tdk100b.sys
2010-01-30 20:30:19 30464 -c--a-w- c:\windows\system32\dllcache\tbatm155.sys
2010-01-30 20:30:13 7040 -c--a-w- c:\windows\system32\dllcache\tandqic.sys
2010-01-30 20:30:10 36640 -c--a-w- c:\windows\system32\dllcache\t2r4mini.sys
2010-01-30 20:30:06 172768 -c--a-w- c:\windows\system32\dllcache\t2r4disp.dll
2010-01-30 20:28:56 48736 -c--a-w- c:\windows\system32\dllcache\srwlnd5.sys
2010-01-30 20:28:52 99328 -c--a-w- c:\windows\system32\dllcache\srusd.dll
2010-01-30 20:28:41 24660 -c--a-w- c:\windows\system32\dllcache\spxupchk.dll
2010-01-30 20:28:32 61824 -c--a-w- c:\windows\system32\dllcache\speed.sys
2010-01-30 20:28:28 106584 -c--a-w- c:\windows\system32\dllcache\spdports.dll
2010-01-30 20:28:25 19072 -c--a-w- c:\windows\system32\dllcache\sparrow.sys
2010-01-30 20:28:20 37040 -c--a-w- c:\windows\system32\dllcache\sonypi.sys
2010-01-30 20:28:17 114688 -c--a-w- c:\windows\system32\dllcache\sonypi.dll
2010-01-30 20:28:14 20752 -c--a-w- c:\windows\system32\dllcache\sonync.sys
2010-01-30 20:28:11 9600 -c--a-w- c:\windows\system32\dllcache\sonymc.sys
2010-01-30 20:28:10 7552 -c--a-w- c:\windows\system32\dllcache\sonyait.sys
2010-01-30 20:28:04 7040 -c--a-w- c:\windows\system32\dllcache\snyaitmc.sys
2010-01-30 20:27:47 58368 -c--a-w- c:\windows\system32\dllcache\smiminib.sys
2010-01-30 20:27:41 147200 -c--a-w- c:\windows\system32\dllcache\smidispb.dll
2010-01-30 20:27:37 25034 -c--a-w- c:\windows\system32\dllcache\smcpwr2n.sys
2010-01-30 20:27:34 35913 -c--a-w- c:\windows\system32\dllcache\smcirda.sys
2010-01-30 20:27:28 24576 -c--a-w- c:\windows\system32\dllcache\smc8000n.sys
2010-01-30 20:27:24 6784 -c--a-w- c:\windows\system32\dllcache\smbhc.sys
2010-01-30 20:27:21 6912 -c--a-w- c:\windows\system32\dllcache\smbclass.sys
2010-01-30 20:27:19 16000 -c--a-w- c:\windows\system32\dllcache\smbbatt.sys
2010-01-30 20:27:14 45568 -c--a-w- c:\windows\system32\dllcache\smb3w.dll
2010-01-30 20:27:10 33792 -c--a-w- c:\windows\system32\dllcache\smb0w.dll
2010-01-30 20:27:04 28672 -c--a-w- c:\windows\system32\dllcache\sma0w.dll
2010-01-30 20:26:54 28160 -c--a-w- c:\windows\system32\dllcache\sm91w.dll
2010-01-30 20:26:39 11136 -c--a-w- c:\windows\system32\dllcache\slip.sys
2010-01-30 20:26:36 63547 -c--a-w- c:\windows\system32\dllcache\sla30nd5.sys
2010-01-30 20:26:31 91294 -c--a-w- c:\windows\system32\dllcache\skfpwin.sys
2010-01-30 20:26:27 94698 -c--a-w- c:\windows\system32\dllcache\sk98xwin.sys
2010-01-30 20:26:23 157696 -c--a-w- c:\windows\system32\dllcache\sisv256.dll
2010-01-30 20:26:01 50432 -c--a-w- c:\windows\system32\dllcache\sisv.sys
2010-01-30 20:25:44 32768 -c--a-w- c:\windows\system32\dllcache\sisnic.sys
2010-01-30 20:25:38 238592 -c--a-w- c:\windows\system32\dllcache\sisgrv.dll
2010-01-30 20:25:33 104064 -c--a-w- c:\windows\system32\dllcache\sisgrp.sys
2010-01-30 20:25:29 150144 -c--a-w- c:\windows\system32\dllcache\sis6306v.dll
2010-01-30 20:25:25 68608 -c--a-w- c:\windows\system32\dllcache\sis6306p.sys
2010-01-30 20:25:21 252032 -c--a-w- c:\windows\system32\dllcache\sis300iv.dll
2010-01-30 20:25:17 101760 -c--a-w- c:\windows\system32\dllcache\sis300ip.sys
2010-01-30 20:25:02 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys
2010-01-30 20:23:58 43904 -c--a-w- c:\windows\system32\dllcache\sbp2port.sys
2010-01-30 20:22:59 82432 -c--a-w- c:\windows\system32\dllcache\rwia450.dll
2010-01-30 20:22:53 79872 -c--a-w- c:\windows\system32\dllcache\rwia430.dll
2010-01-30 20:22:47 29696 -c--a-w- c:\windows\system32\dllcache\rw450ext.dll
2010-01-30 20:22:45 27648 -c--a-w- c:\windows\system32\dllcache\rw430ext.dll
2010-01-30 20:22:40 20992 -c--a-w- c:\windows\system32\dllcache\rtl8139.sys
2010-01-30 20:22:36 19017 -c--a-w- c:\windows\system32\dllcache\rtl8029.sys
2010-01-30 20:22:31 30720 -c--a-w- c:\windows\system32\dllcache\rthwcls.sys
2010-01-30 20:22:25 9216 -c--a-w- c:\windows\system32\dllcache\rsmgrstr.dll
2010-01-30 20:22:20 3840 -c--a-w- c:\windows\system32\dllcache\rpfun.sys
2010-01-30 20:22:16 79104 -c--a-w- c:\windows\system32\dllcache\rocket.sys
2010-01-30 20:22:11 37563 -c--a-w- c:\windows\system32\dllcache\rlnet5.sys
2010-01-30 20:22:06 86097 -c--a-w- c:\windows\system32\dllcache\reslog32.dll
2010-01-30 20:21:48 19584 -c--a-w- c:\windows\system32\dllcache\rasirda.sys
2010-01-30 20:21:42 714762 -c--a-w- c:\windows\system32\dllcache\r2mdmkxx.sys
2010-01-30 20:21:38 899146 -c--a-w- c:\windows\system32\dllcache\r2mdkxga.sys
2010-01-30 20:21:33 41472 -c--a-w- c:\windows\system32\dllcache\qvusd.dll
2010-01-30 20:21:29 3328 -c--a-w- c:\windows\system32\dllcache\qv2kux.sys
2010-01-30 20:21:19 49024 -c--a-w- c:\windows\system32\dllcache\ql1280.sys
2010-01-30 20:21:14 40448 -c--a-w- c:\windows\system32\dllcache\ql1240.sys
2010-01-30 20:21:10 45312 -c--a-w- c:\windows\system32\dllcache\ql12160.sys
2010-01-30 20:21:06 33152 -c--a-w- c:\windows\system32\dllcache\ql10wnt.sys
2010-01-30 20:21:03 40320 -c--a-w- c:\windows\system32\dllcache\ql1080.sys
2010-01-30 20:21:01 6016 -c--a-w- c:\windows\system32\dllcache\qic157.sys
2010-01-30 20:19:58 121344 -c--a-w- c:\windows\system32\dllcache\phvfwext.dll
2010-01-30 20:18:58 26153 -c--a-w- c:\windows\system32\dllcache\pcmlm56.sys
2010-01-30 20:17:57 54186 -c--a-w- c:\windows\system32\dllcache\otcsercb.sys
2010-01-30 20:17:53 43689 -c--a-w- c:\windows\system32\dllcache\otceth5.sys
2010-01-30 20:17:49 27209 -c--a-w- c:\windows\system32\dllcache\otc06x5.sys
2010-01-30 20:17:45 54528 -c--a-w- c:\windows\system32\dllcache\opl3sax.sys
2010-01-30 20:17:34 198144 -c--a-w- c:\windows\system32\dllcache\nv3.sys
2010-01-30 20:17:30 123776 -c--a-w- c:\windows\system32\dllcache\nv3.dll
2010-01-30 20:17:19 51552 -c--a-w- c:\windows\system32\dllcache\ntgrip.sys
2010-01-30 20:17:14 9344 -c--a-w- c:\windows\system32\dllcache\ntapm.sys
2010-01-30 20:17:10 7552 -c--a-w- c:\windows\system32\dllcache\nsmmc.sys
2010-01-30 20:17:07 28672 -c--a-w- c:\windows\system32\dllcache\nscirda.sys
2010-01-30 20:16:58 87040 -c--a-w- c:\windows\system32\dllcache\nm6wdm.sys
2010-01-30 20:16:54 126080 -c--a-w- c:\windows\system32\dllcache\nm5a2wdm.sys
2010-01-30 20:16:45 32840 -c--a-w- c:\windows\system32\dllcache\ngrpci.sys
2010-01-30 20:16:41 132695 -c--a-w- c:\windows\system32\dllcache\netwlan5.sys
2010-01-30 20:16:33 65278 -c--a-w- c:\windows\system32\dllcache\netflx3.sys
2010-01-30 20:16:28 39264 -c--a-w- c:\windows\system32\dllcache\neo20xx.sys
2010-01-30 20:16:24 60480 -c--a-w- c:\windows\system32\dllcache\neo20xx.dll
2010-01-30 20:16:19 15872 -c--a-w- c:\windows\system32\dllcache\ne2000.sys
2010-01-30 20:16:15 10880 -c--a-w- c:\windows\system32\dllcache\ndisip.sys
2010-01-30 20:16:10 85248 -c--a-w- c:\windows\system32\dllcache\nabtsfec.sys
2010-01-30 20:16:06 91488 -c--a-w- c:\windows\system32\dllcache\n9i3disp.dll
2010-01-30 20:16:02 27936 -c--a-w- c:\windows\system32\dllcache\n9i3d.sys
2010-01-30 20:15:58 33088 -c--a-w- c:\windows\system32\dllcache\n9i128v2.sys
2010-01-30 20:15:54 59104 -c--a-w- c:\windows\system32\dllcache\n9i128v2.dll
2010-01-30 20:15:51 13664 -c--a-w- c:\windows\system32\dllcache\n9i128.sys
2010-01-30 20:15:47 35392 -c--a-w- c:\windows\system32\dllcache\n9i128.dll
2010-01-30 20:15:44 128000 -c--a-w- c:\windows\system32\dllcache\n100325.sys
2010-01-30 20:15:41 52255 -c--a-w- c:\windows\system32\dllcache\n1000nt5.sys
2010-01-30 20:15:37 75520 -c--a-w- c:\windows\system32\dllcache\mxport.sys
2010-01-30 20:15:34 7168 -c--a-w- c:\windows\system32\dllcache\mxport.dll
2010-01-30 20:15:30 19968 -c--a-w- c:\windows\system32\dllcache\mxnic.sys
2010-01-30 20:15:26 19968 -c--a-w- c:\windows\system32\dllcache\mxicfg.dll
2010-01-30 20:15:23 21888 -c--a-w- c:\windows\system32\dllcache\mxcard.sys
2010-01-30 20:15:17 103296 -c--a-w- c:\windows\system32\dllcache\mtxvideo.sys
2010-01-30 20:14:57 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2010-01-30 20:14:55 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys
2010-01-30 20:14:47 12416 -c--a-w- c:\windows\system32\dllcache\msriffwv.sys
2010-01-30 20:14:32 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
2010-01-30 20:14:28 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys
2010-01-30 20:14:04 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2010-01-30 20:14:00 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
2010-01-30 20:13:58 56832 -c--a-w- c:\windows\system32\dllcache\msdvbnp.ax
2010-01-30 20:13:56 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys
2010-01-30 20:13:44 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys
2010-01-30 20:13:40 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys
2010-01-30 20:13:27 6528 -c--a-w- c:\windows\system32\dllcache\miniqic.sys
2010-01-30 20:13:16 320384 -c--a-w- c:\windows\system32\dllcache\mgaum.sys
2010-01-30 20:13:12 235648 -c--a-w- c:\windows\system32\dllcache\mgaud.dll
2010-01-30 20:13:07 26112 -c--a-w- c:\windows\system32\dllcache\memstpci.sys
2010-01-30 20:13:03 47616 -c--a-w- c:\windows\system32\dllcache\memgrp.dll
2010-01-30 20:11:56 727786 -c--a-w- c:\windows\system32\dllcache\ltck000c.sys
2010-01-30 20:11:49 4992 -c--a-w- c:\windows\system32\dllcache\loop.sys
2010-01-30 20:11:42 70730 -c--a-w- c:\windows\system32\dllcache\lne100tx.sys
2010-01-30 20:11:39 20573 -c--a-w- c:\windows\system32\dllcache\lne100.sys
2010-01-30 20:11:36 25065 -c--a-w- c:\windows\system32\dllcache\lmndis3.sys
2010-01-30 20:11:31 15744 -c--a-w- c:\windows\system32\dllcache\lit220p.sys
2010-01-30 20:11:28 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-01-30 20:11:23 26442 -c--a-w- c:\windows\system32\dllcache\lanepic5.sys
2010-01-30 20:11:20 19016 -c--a-w- c:\windows\system32\dllcache\ktc111.sys
2010-01-30 20:11:18 43008 -c--a-w- c:\windows\system32\dllcache\ksxbar.ax
2010-01-30 20:11:17 91136 -c--a-w- c:\windows\system32\dllcache\kswdmcap.ax
2010-01-30 20:11:15 61952 -c--a-w- c:\windows\system32\dllcache\kstvtune.ax
2010-01-30 20:11:09 37376 -c--a-w- c:\windows\system32\dllcache\kousd.dll
2010-01-30 20:10:58 253952 -c--a-w- c:\windows\system32\dllcache\kdsusd.dll
2010-01-30 20:10:56 48640 -c--a-w- c:\windows\system32\dllcache\kdsui.dll
2010-01-30 20:10:20 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2010-01-30 20:09:49 26624 -c--a-w- c:\windows\system32\dllcache\irstusb.sys
2010-01-30 20:09:46 18688 -c--a-w- c:\windows\system32\dllcache\irsir.sys
2010-01-30 20:09:44 28160 -c--a-w- c:\windows\system32\dllcache\irmon.dll
2010-01-30 20:09:40 23552 -c--a-w- c:\windows\system32\dllcache\irmk7.sys
2010-01-30 20:09:39 151552 -c--a-w- c:\windows\system32\dllcache\irftp.exe
2010-01-30 20:09:37 88192 -c--a-w- c:\windows\system32\dllcache\irda.sys
2010-01-30 20:09:32 16384 -c--a-w- c:\windows\system32\dllcache\ipsink.ax
2010-01-30 20:09:24 45632 -c--a-w- c:\windows\system32\dllcache\ip5515.sys
2010-01-30 20:09:21 90200 -c--a-w- c:\windows\system32\dllcache\io8ports.dll
2010-01-30 20:09:18 38784 -c--a-w- c:\windows\system32\dllcache\io8.sys
2010-01-30 20:09:12 13056 -c--a-w- c:\windows\system32\dllcache\inport.sys
2010-01-30 20:09:09 16000 -c--a-w- c:\windows\system32\dllcache\ini910u.sys
2010-01-30 20:08:24 372824 -c--a-w- c:\windows\system32\dllcache\iconf32.dll
2010-01-30 20:08:19 100992 -c--a-w- c:\windows\system32\dllcache\icam5usb.sys
2010-01-30 20:08:16 20480 -c--a-w- c:\windows\system32\dllcache\icam5ext.dll
2010-01-30 20:08:13 45056 -c--a-w- c:\windows\system32\dllcache\icam5com.dll
2010-01-30 20:08:09 154496 -c--a-w- c:\windows\system32\dllcache\icam4usb.sys
2010-01-30 20:08:05 61952 -c--a-w- c:\windows\system32\dllcache\icam4ext.dll
2010-01-30 20:08:01 91136 -c--a-w- c:\windows\system32\dllcache\icam4com.dll
2010-01-30 20:06:58 488383 -c--a-w- c:\windows\system32\dllcache\hsf_v124.sys
2010-01-30 20:05:55 324608 -c--a-w- c:\windows\system32\dllcache\hpojwia.dll
2010-01-30 20:04:56 8576 -c--a-w- c:\windows\system32\dllcache\hidgame.sys
2010-01-30 20:04:54 20352 -c--a-w- c:\windows\system32\dllcache\hidbatt.sys
2010-01-30 20:04:49 907456 -c--a-w- c:\windows\system32\dllcache\hcf_msft.sys
2010-01-30 20:04:43 28288 -c--a-w- c:\windows\system32\dllcache\grserial.sys
2010-01-30 20:04:39 82304 -c--a-w- c:\windows\system32\dllcache\grclass.sys
2010-01-30 20:04:36 17408 -c--a-w- c:\windows\system32\dllcache\gpr400.sys
2010-01-30 20:04:32 59136 -c--a-w- c:\windows\system32\dllcache\gckernel.sys
2010-01-30 20:04:30 10624 -c--a-w- c:\windows\system32\dllcache\gameenum.sys
2010-01-30 20:04:28 322432 -c--a-w- c:\windows\system32\dllcache\g400m.sys
2010-01-30 20:04:26 1733120 -c--a-w- c:\windows\system32\dllcache\g400d.dll
2010-01-30 20:04:24 320384 -c--a-w- c:\windows\system32\dllcache\g200m.sys
2010-01-30 20:04:21 470144 -c--a-w- c:\windows\system32\dllcache\g200d.dll
2010-01-30 20:04:17 454912 -c--a-w- c:\windows\system32\dllcache\fxusbase.sys
2010-01-30 20:03:35 92160 -c--a-w- c:\windows\system32\dllcache\fuusd.dll
2010-01-30 20:03:32 455296 -c--a-w- c:\windows\system32\dllcache\fusbbase.sys
2010-01-30 20:03:28 455680 -c--a-w- c:\windows\system32\dllcache\fus2base.sys
2010-01-30 20:03:20 442240 -c--a-w- c:\windows\system32\dllcache\fpnpbase.sys
2010-01-30 20:03:16 441728 -c--a-w- c:\windows\system32\dllcache\fpcmbase.sys
2010-01-30 20:03:13 444416 -c--a-w- c:\windows\system32\dllcache\fpcibase.sys
2010-01-30 20:03:07 34173 -c--a-w- c:\windows\system32\dllcache\forehe.sys
2010-01-30 20:03:04 71680 -c--a-w- c:\windows\system32\dllcache\fnfilter.dll
2010-01-30 20:02:56 27165 -c--a-w- c:\windows\system32\dllcache\fetnd5.sys
2010-01-30 20:02:48 22090 -c--a-w- c:\windows\system32\dllcache\fem556n5.sys
2010-01-30 20:02:42 24618 -c--a-w- c:\windows\system32\dllcache\fa410nd5.sys
2010-01-30 20:02:39 16074 -c--a-w- c:\windows\system32\dllcache\fa312nd5.sys
2010-01-30 20:02:35 11850 -c--a-w- c:\windows\system32\dllcache\f3ab18xj.sys
2010-01-30 20:02:32 12362 -c--a-w- c:\windows\system32\dllcache\f3ab18xi.sys
2010-01-30 20:02:22 7040 -c--a-w- c:\windows\system32\dllcache\exabyte2.sys
2010-01-30 20:02:19 16998 -c--a-w- c:\windows\system32\dllcache\ex10.sys
2010-01-30 20:02:08 45568 -c--a-w- c:\windows\system32\dllcache\esunib.dll
2010-01-30 20:02:05 45568 -c--a-w- c:\windows\system32\dllcache\esuni.dll
2010-01-30 20:02:01 34816 -c--a-w- c:\windows\system32\dllcache\esuimg.dll
2010-01-30 20:00:54 19996 -c--a-w- c:\windows\system32\dllcache\em556n4.sys
2010-01-30 19:59:49 20992 -c--a-w- c:\windows\system32\dllcache\dshowext.ax
2010-01-30 19:58:58 38985 -c--a-w- c:\windows\system32\dllcache\disrvsu.dll
2010-01-30 19:57:58 256512 -c--a-w- c:\windows\system32\dllcache\devcon32.dll
2010-01-30 19:56:58 3072 -c--a-w- c:\windows\system32\dllcache\cwbmidi.sys
2010-01-30 19:55:58 111232 -c--a-w- c:\windows\system32\dllcache\cl5465.dll
2010-01-30 19:54:56 121856 -c--a-w- c:\windows\system32\dllcache\camext30.dll
2010-01-30 19:54:53 116736 -c--a-w- c:\windows\system32\dllcache\camext30.ax
2010-01-30 19:54:51 236032 -c--a-w- c:\windows\system32\dllcache\camext20.dll
2010-01-30 19:54:49 244224 -c--a-w- c:\windows\system32\dllcache\camext20.ax
2010-01-30 19:54:47 74240 -c--a-w- c:\windows\system32\dllcache\camexo20.dll
2010-01-30 19:54:45 73216 -c--a-w- c:\windows\system32\dllcache\camexo20.ax
2010-01-30 19:54:43 171264 -c--a-w- c:\windows\system32\dllcache\camdrv30.sys
2010-01-30 19:54:40 314752 -c--a-w- c:\windows\system32\dllcache\camdro21.sys
2010-01-30 19:54:40 223232 -c--a-w- c:\windows\system32\dllcache\camdrv21.sys
2010-01-30 19:50:57 12160 -c--a-w- c:\windows\system32\dllcache\brfiltlo.sys
2010-01-30 19:50:52 2944 -c--a-w- c:\windows\system32\dllcache\brfilt.sys
2010-01-30 19:50:49 12800 -c--a-w- c:\windows\system32\dllcache\brevif.dll
2010-01-30 19:50:47 9728 -c--a-w- c:\windows\system32\dllcache\brcoinst.dll
2010-01-30 19:50:45 19456 -c--a-w- c:\windows\system32\dllcache\brbidiif.dll
2010-01-30 19:50:37 102400 -c--a-w- c:\windows\system32\dllcache\binlsvc.dll
2010-01-30 19:48:12 11776 -c--a-w- c:\windows\system32\dllcache\bdasup.sys
2010-01-30 19:48:09 18432 -c--a-w- c:\windows\system32\dllcache\bdaplgin.ax
2010-01-30 19:48:06 871388 -c--a-w- c:\windows\system32\dllcache\bcmdm.sys
2010-01-30 19:48:04 26568 -c--a-w- c:\windows\system32\dllcache\bcm4e5.sys
2010-01-30 19:48:02 54271 -c--a-w- c:\windows\system32\dllcache\bcm42xx5.sys
2010-01-30 19:48:00 66557 -c--a-w- c:\windows\system32\dllcache\bcm42u.sys
2010-01-30 19:46:58 26880 -c--a-w- c:\windows\system32\dllcache\atirtsnd.sys
2010-01-30 19:39:37 6272 -c--a-w- c:\windows\system32\dllcache\apmbatt.sys
2010-01-30 19:39:35 36224 -c--a-w- c:\windows\system32\dllcache\an983.sys
2010-01-30 19:39:33 12032 -c--a-w- c:\windows\system32\dllcache\amsint.sys
2010-01-30 19:39:31 16969 -c--a-w- c:\windows\system32\dllcache\amb8002.sys
2010-01-30 19:39:30 5248 -c--a-w- c:\windows\system32\dllcache\aliide.sys
2010-01-30 19:39:29 26624 -c--a-w- c:\windows\system32\dllcache\alifir.sys
2010-01-30 19:39:27 27678 -c--a-w- c:\windows\system32\dllcache\ali5261.sys
2010-01-30 19:39:26 56960 -c--a-w- c:\windows\system32\dllcache\aic78xx.sys
2010-01-30 19:39:24 55168 -c--a-w- c:\windows\system32\dllcache\aic78u2.sys
2010-01-30 19:39:23 12800 -c--a-w- c:\windows\system32\dllcache\aha154x.sys
2010-01-30 19:39:13 24576 -c--a-w- c:\windows\system32\dllcache\agcgauge.ax
2010-01-30 19:34:29 101888 -c--a-w- c:\windows\system32\dllcache\adpu160m.sys
2010-01-30 19:34:27 46112 -c--a-w- c:\windows\system32\dllcache\adptsf50.sys
2010-01-30 19:34:19 10880 -c--a-w- c:\windows\system32\dllcache\admjoy.sys
2010-01-30 19:34:12 747392 -c--a-w- c:\windows\system32\dllcache\adm8830.sys
2010-01-30 19:34:05 553984 -c--a-w- c:\windows\system32\dllcache\adm8820.sys
2010-01-30 19:34:01 584448 -c--a-w- c:\windows\system32\dllcache\adm8810.sys
2010-01-30 19:32:05 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2010-01-29 07:13:01 0 d-----w- c:\docume~1\lori&r~1\applic~1\Malwarebytes
2010-01-29 07:12:36 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-29 07:12:31 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-01-29 07:12:30 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-29 07:12:29 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-28 05:20:19 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-28 05:10:16 0 d-----w- c:\program files\Microsoft Security Essentials

==================== Find3M ====================

2010-01-31 07:03:56 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-30 20:46:18 105296 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-01-01 20:14:56 21840 ----atw- c:\windows\system32\SIntfNT.dll
2010-01-01 20:14:56 17212 ----atw- c:\windows\system32\SIntf32.dll
2010-01-01 05:46:51 34095 ----a-w- c:\windows\DIIUnin.dat
2010-01-01 05:40:37 94208 ----a-w- c:\windows\DIIUnin.exe
2010-01-01 05:40:37 2829 ----a-w- c:\windows\DIIUnin.pif
2009-12-22 05:20:58 81920 ------w- c:\windows\system32\ieencode.dll
2009-12-21 19:14:05 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-10 04:54:07 261632 ----a-w- c:\windows\PEV.exe
2009-12-02 23:09:21 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-12-02 23:09:21 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-12-02 23:09:21 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-12-02 22:36:22 389120 ----a-w- c:\windows\system32\CF31043.exe
2009-11-06 21:19:42 1563008 ----a-w- c:\windows\WRSetup.dll
2007-11-03 02:07:09 848 --sha-w- c:\windows\system32\KGyGaAvL.sys
2008-05-20 21:37:29 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008052020080521\index.dat
============= FINISH: 13:59:51.65 ===============

EDIT:
(merged second post into this one upon user request)

I was just trying to run GMER to post the results here as well, and the computer crashed on me. This was the 3rd crash since Tuesday night. This time I wrote stuff down. It said: IRQL_NOT_LESS_OR_EQUAL as well as *****STOP: 0x0000000A (0xFFFFFFFE8, 0x00000002, 0x00000001, 0x804DA07F).

And then I had another crash again shortly after. If I ever get the GMER log, I'll post it.

Attached Files


Edited by myrti, 31 January 2010 - 08:17 PM.


BC AdBot (Login to Remove)

 


#2 jadeunicorn

jadeunicorn
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:21 PM

Posted 06 February 2010 - 08:30 PM

I decided since the computer was being absolutely schitzy in more than one way, and since from what I've read Sinowal is a nasty trojan, I just wiped that partition and re-installed Windows. My husband doesn't know what to do with himself without his comp - lol.

So, unless I made the mistake and should have deleted and reformatted all the partitions, I no longer need help with this problem (ComboFix did not detect the rootkit after I did the re-install). Now the long process of re-installing everything else is ahead of me - one I am not unfamiliar with as this is the 2nd time I've wiped this machine (the first time was not due to viruses).

Thanks!

#3 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,208 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:21 AM

Posted 07 February 2010 - 05:48 AM

Since the issue seems to be resolved, this topic will now be closed. If you need it reopened, please send me a PM.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users