Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

removal of TDL3Mem-A infection


  • This topic is locked This topic is locked
2 replies to this topic

#1 crwzar80

crwzar80

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:04 AM

Posted 05 June 2010 - 10:28 AM

hello everyone, i have been trying to stop IE from opening random pages and have tried a number of thing before i found this marvelous website full of useful information.
this infection (?) seems to be quite stubon as spybot, malwarebytes, SAS, Emsisoft etc have all failed to recognise this trojan.
However mbam keeps displaying warning that it has blocked a suspisious website about every couple of minute even when i dont have IE running.
i was only in desperation that i did a full scan with sophos that it has been discovered and as this is my work machine i am quite paranoid about thing like this.

Sophos has reported the infection has to be removed manually and whilst searching for instuctions on how to do this it seem even sophos tech supprot dont know as a number of people using this product have been refered back to thier IT dept.

i was almost at the point of a system format and using migwiz to "restore" my data etc, but am not convinced this was the correct direction to take once i started reading posts on this site.

here is the DDS log


DDS (Ver_10-03-17.01) - NTFSx86
Run by wayne.chapple at 0:16:32.93 on Sun 06/06/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Professional 6.1.7600.0.1252.61.1033.18.3071.1290 [GMT 10:00]

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Emsisoft Anti-Malware\a2service.exe
C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\dllhost.exe
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\dllhost.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\msdtc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\TechSmith\Snagit 9\Snagit32.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\TechSmith\Snagit 9\TSCHelp.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\TechSmith\Snagit 9\SnagPriv.exe
C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SavMain.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
C:\Windows\system32\taskmgr.exe
c:\program files\windows defender\MpCmdRun.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
E:\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.au/
uDefault_Page_URL = hxxp://www.asus.com
mDefault_Page_URL = hxxp://www.asus.com
uInternet Settings,ProxyServer = 100.100.150.216:8080
uInternet Settings,ProxyOverride = 10.*;10.30*;172.*;<local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Sophos Web Content Scanner: {39ea7695-b3f2-4c44-a4bc-297ada8fd235} - c:\program files\sophos\sophos anti-virus\SophosBHO.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GR469A~1.DLL
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [SandboxieControl] "c:\program files\sandboxie\SbieCtrl.exe"
mRun: [<NO NAME>]
mRun: [ATKOSD2] c:\program files\asus\atkosd2\ATKOSD2.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [UVS12 Preload] c:\program files\corel\corel videostudio 12\uvPL.exe
mRun: [Nitro PDF Printer Monitor] "c:\program files\nitro pdf\professional\NitroPDFPrinterMonitor.exe"
mRun: [Nero MediaHome 4] "c:\program files\nero\nero mediahome 4\NeroMediaHome.exe" /AUTORUN
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\snagit~1.lnk - c:\program files\techsmith\snagit 9\Snagit32.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\sophos~1.lnk - c:\program files\sophos\autoupdate\ALMon.exe
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: google.com.au\www
Trusted Zone: w10043.eranet\s01
Trusted Zone: w10043.eranet\s81
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GRA32A~1.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: c:\progra~1\sophos\sophos~1\SOPHOS~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GR469A~1.DLL
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R1 Crlscsi;Crlscsi;c:\windows\system32\drivers\crlscsi.sys [2010-5-24 6144]
R1 SAVOnAccess;SAVOnAccess;c:\windows\system32\drivers\savonaccess.sys [2010-5-23 121848]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;c:\program files\emsisoft anti-malware\a2service.exe [2010-6-5 1916080]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 176128]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-6-4 304464]
R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\sophos\sophos anti-virus\SAVAdminService.exe [2009-9-7 104488]
R2 SAVService;Sophos Anti-Virus;c:\program files\sophos\sophos anti-virus\SavService.exe [2009-9-7 93736]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-6-4 1153368]
R2 Sophos AutoUpdate Service;Sophos AutoUpdate Service;c:\program files\sophos\autoupdate\ALsvc.exe [2009-9-4 175144]
R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2009-7-14 7168]
R2 TeamViewer5;TeamViewer 5;c:\program files\teamviewer\version5\TeamViewer_Service.exe [2010-3-18 172328]
R3 a2acc;a2acc;c:\program files\emsisoft anti-malware\a2accx86.sys [2010-6-5 71008]
R3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2009-12-3 625224]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-5-24 29472]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-6-4 20952]
R3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2009-9-15 6114816]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2010-4-17 115944]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
S3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atipmdag.sys [2010-3-3 5340160]
S3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-3-3 152064]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 bepldr;BCL easyPDF SDK 5 Loader;c:\program files\common files\bcl technologies\nitropdf5\bepldr.exe [2007-11-15 151552]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2010-5-25 113664]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-11 4231168]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-3-4 277536]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-21 1343400]
S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [2010-5-23 22536]

=============== Created Last 30 ================

2010-06-05 14:15:37 0 ----a-w- c:\users\wayne.chapple\defogger_reenable
2010-06-05 04:57:46 0 d-----w- c:\users\wayne~1.cha\appdata\roaming\SUPERAntiSpyware.com
2010-06-05 04:57:46 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2010-06-05 03:53:59 0 d-----w- c:\program files\Trend Micro
2010-06-04 14:23:00 0 d-----w- c:\program files\Emsisoft Anti-Malware
2010-06-04 05:14:20 0 d-----w- c:\users\wayne~1.cha\appdata\roaming\Malwarebytes
2010-06-04 05:14:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-04 05:14:04 0 d-----w- c:\programdata\Malwarebytes
2010-06-04 05:14:03 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-04 05:14:03 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-04 05:09:59 1346 ----a-w- c:\windows\Sandboxie.ini
2010-06-04 00:42:12 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-06-04 00:42:12 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-06-03 11:45:16 65536 --sha-w- c:\users\wayne.chapple\ntuser.dat{43a3ccf2-6efe-11df-aa88-0015aff78ef7}.TM.blf
2010-06-03 11:45:16 524288 --sha-w- c:\users\wayne.chapple\ntuser.dat{43a3ccf2-6efe-11df-aa88-0015aff78ef7}.TMContainer00000000000000000002.regtrans-ms
2010-06-03 11:45:16 524288 --sha-w- c:\users\wayne.chapple\ntuser.dat{43a3ccf2-6efe-11df-aa88-0015aff78ef7}.TMContainer00000000000000000001.regtrans-ms
2010-06-03 04:39:50 0 d-----w- c:\program files\CMAK
2010-06-03 04:39:46 0 d-----w- C:\inetpub
2010-06-03 02:25:15 600 ----a-w- c:\users\wayne.chapple\PUTTY.RND
2010-06-03 02:25:11 0 d-----w- c:\program files\WinSCP
2010-06-01 22:15:31 0 d-----w- c:\users\wayne~1.cha\appdata\roaming\Mobile Atlas Creator
2010-05-31 07:38:43 0 d-----w- c:\program files\Nitro PDF
2010-05-28 13:44:08 0 d-----w- c:\program files\FTP Commander
2010-05-28 06:39:44 6756 ----a-w- C:\Connells.iap
2010-05-28 06:27:39 28094 ----a-w- C:\Vehicle RBO_Extra_Documents.rpx
2010-05-27 23:36:20 0 d-----w- c:\program files\common files\Software FX Shared
2010-05-27 23:36:13 0 d-----w- c:\program files\Reynolds and Reynolds
2010-05-27 07:24:01 0 d-----w- c:\program files\Raxco
2010-05-27 07:12:09 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-05-27 07:11:16 0 d-----w- c:\programdata\Skype
2010-05-27 04:39:44 24720 ----a-w- c:\windows\system32\IVIresize.dll
2010-05-27 04:39:44 209040 ----a-w- c:\windows\system32\IVIresizeW7.dll
2010-05-27 04:39:44 204944 ----a-w- c:\windows\system32\IVIresizeA6.dll
2010-05-27 04:39:44 196752 ----a-w- c:\windows\system32\IVIresizeP6.dll
2010-05-27 04:39:44 196752 ----a-w- c:\windows\system32\IVIresizeM6.dll
2010-05-27 04:39:44 192656 ----a-w- c:\windows\system32\IVIresizePX.dll
2010-05-26 23:47:26 346325288 ----a-w- c:\windows\MEMORY.DMP
2010-05-25 23:49:21 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-25 08:28:26 69 ----a-w- c:\windows\NeroDigital.ini
2010-05-25 08:22:18 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2010-05-25 08:22:09 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2010-05-24 22:31:03 621056 ----a-w- c:\windows\system32\drivers\mod7700.sys
2010-05-24 22:31:03 24448 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2010-05-24 22:31:03 101376 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2010-05-24 22:30:02 113664 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2010-05-24 09:36:41 0 d-----w- C:\OziExplorer
2010-05-24 08:49:42 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-05-24 07:05:11 87552 ----a-w- c:\windows\system32\cpwmon2k.dll
2010-05-24 03:47:47 131898 ----a-w- c:\windows\system32\DesToolBarCfg.tb
2010-05-24 03:39:35 0 d-----w- c:\windows\system32\Data
2010-05-24 02:30:27 65536 ------w- c:\windows\system32\Ikeext.etl
2010-05-24 02:26:15 0 d-----w- c:\windows\system32\appmgmt
2010-05-24 01:54:20 29472 ----a-w- c:\windows\system32\drivers\btwl2cap.sys
2010-05-24 01:54:20 18472 ----a-w- c:\windows\system32\drivers\btwrchid.sys
2010-05-24 01:54:20 108072 ----a-w- c:\windows\system32\drivers\btwavdt.sys
2010-05-24 01:54:19 86056 ----a-w- c:\windows\system32\drivers\btwaudio.sys
2010-05-24 01:53:34 0 d-----w- c:\program files\ThinkPad
2010-05-24 01:52:01 0 d-----w- C:\DRIVERS
2010-05-24 01:42:47 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2010-05-24 01:26:14 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-05-24 01:22:46 0 d-----w- c:\programdata\Nokia
2010-05-24 01:20:27 91136 ----a-w- c:\windows\system32\nmwcdcls.dll
2010-05-24 01:14:40 598288 ----a-w- c:\windows\system32\temp.004
2010-05-24 01:14:40 37136 ----a-w- c:\windows\system32\temp.006
2010-05-24 01:14:40 18192 ----a-w- c:\windows\system32\temp.005
2010-05-24 01:14:39 995383 ----a-w- c:\windows\system32\temp.000
2010-05-24 01:14:39 369424 ----a-w- c:\windows\system32\temp.002
2010-05-24 01:14:39 254005 ----a-w- c:\windows\system32\temp.001
2010-05-24 01:14:39 164112 ----a-w- c:\windows\system32\temp.003
2010-05-24 01:07:55 21504 ------w- c:\windows\system32\scpext.dll
2010-05-24 01:07:46 245 ------w- c:\windows\system32\scanners.reg
2010-05-24 01:07:46 151552 ------w- c:\windows\crllyrnt.dll
2010-05-24 01:07:45 6144 ------w- c:\windows\system32\drivers\crlscsi.sys
2010-05-24 01:07:32 39125 ------w- c:\windows\iccsigs.dat
2010-05-24 01:07:21 133904 ------w- c:\windows\system32\mfcans32.dll
2010-05-24 01:07:21 108032 ------w- c:\windows\system32\mfcuia32.dll
2010-05-24 01:07:20 322832 ------w- c:\windows\system32\mfc30.dll
2010-05-24 01:07:12 409600 ------w- c:\windows\system32\scint70.dll
2010-05-24 01:05:42 0 d-----w- c:\windows\Corel
2010-05-24 00:03:08 0 d-----w- c:\windows\system32\dllcache
2010-05-24 00:02:42 0 d-----w- c:\program files\Infomedia Ltd
2010-05-23 22:21:11 0 d-----w- c:\program files\Vuze
2010-05-23 12:51:20 0 d-----w- c:\programdata\Sun
2010-05-23 12:50:51 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-23 11:30:56 0 d-----w- C:\AMD
2010-05-23 10:52:06 22536 ----a-w- c:\windows\system32\drivers\SophosBootDriver.sys
2010-05-23 10:50:57 1130 ----a-w- c:\windows\photopnt.ini
2010-05-23 10:40:33 26664 ----a-w- c:\windows\system32\SophosBootTasks.exe
2010-05-23 10:40:33 121848 ----a-r- c:\windows\system32\drivers\savonaccess.sys
2010-05-23 10:39:06 0 d-----w- C:\savwsa
2010-05-23 08:32:54 32592 ----a-w- c:\windows\system32\msonpmon.dll
2010-05-23 08:31:13 0 d-----w- c:\windows\PCHEALTH
2010-05-23 08:21:06 98304 ----a-w- c:\windows\system32\CNC320I.DLL
2010-05-23 08:21:06 274432 ----a-w- c:\windows\system32\CNC320L.DLL
2010-05-23 08:21:06 192512 ----a-w- c:\windows\system32\CNC320O.DLL
2010-05-23 08:21:06 15872 ----a-w- c:\windows\system32\CNHMCA.dll
2010-05-23 08:21:06 13568 ----a-w- c:\windows\system32\CNC1736D.TBL
2010-05-23 08:21:06 1331200 ----a-w- c:\windows\system32\CNC320C.DLL
2010-05-23 08:20:24 84992 ----a-w- c:\windows\system32\drivers\sdbus.sys
2010-05-23 08:20:24 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2010-05-22 12:50:34 90112 ----a-w- c:\windows\system32\snymsico.dll
2010-05-22 12:50:34 45568 ----a-w- c:\windows\system32\drivers\rimmptsk.sys
2010-05-22 12:50:34 38400 ----a-w- c:\windows\system32\drivers\rixdptsk.sys
2010-05-22 12:50:34 172032 ----a-w- c:\windows\system32\rixdicon.dll
2010-05-22 12:50:33 43008 ----a-w- c:\windows\system32\drivers\rimsptsk.sys
2010-05-22 12:49:04 290816 ----a-w- c:\windows\system32\FMAPO.dll
2010-05-22 12:49:04 2795552 ----a-w- c:\windows\system32\RtkAPO.dll
2010-05-22 11:20:36 0 d-----w- c:\windows\Downloaded Installations
2010-05-22 11:17:55 320 ----a-w- c:\windows\ODBCINST.INI
2010-05-22 11:15:08 0 d-----w- c:\windows\system32\URTTEMP
2010-05-22 04:59:41 0 d-----w- c:\windows\Panther
2010-05-22 04:59:28 8192 --sha-r- C:\BOOTSECT.BAK
2010-05-22 04:59:26 383562 --sha-r- C:\bootmgr
2010-05-22 04:59:26 0 d-sh--w- C:\Boot
2010-05-22 04:44:51 0 d-----w- C:\Windows.old
2010-05-21 13:53:16 23740 ----a-w- c:\windows\system32\emptyregdb.dat
2010-05-21 13:27:35 0 d-----w- c:\program files\Norton Ghost
2010-05-21 13:27:34 0 d-----w- c:\programdata\Apple Computer
2010-05-21 11:58:47 0 d-----w- c:\windows\system32\Wat
2010-05-21 11:25:46 257024 ----a-w- c:\windows\system32\msv1_0.dll
2010-05-21 11:25:45 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2010-05-21 11:25:21 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-21 11:23:33 0 d-----w- c:\programdata\TrueSuite
2010-05-21 11:23:32 0 d-----w- c:\windows\system32\wocaffe
2010-05-21 11:23:32 0 d-----w- c:\program files\TrueSuite
2010-05-21 11:23:29 0 d-sh--w- c:\windows\Installer
2010-05-21 11:23:28 0 d-----w- c:\programdata\Downloaded Installations
2010-05-21 11:23:24 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ATSwpWDF_01009.Wdf
2010-05-21 11:20:32 731366 ----a-w- c:\windows\system32\PerfStringBackup.INI
2010-05-21 11:20:30 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-05-21 11:20:30 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-05-21 11:20:30 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-05-21 11:14:37 0 d-----w- c:\windows\system32\wbem\Performance
2010-05-21 11:13:18 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-05-21 11:13:13 132608 ----a-w- c:\windows\system32\cabview.dll
2010-05-21 11:02:20 0 ----a-w- c:\windows\ativpsrm.bin
2010-05-21 10:16:30 0 d-sh--w- C:\Recovery
2010-05-20 22:06:11 65536 --sha-w- c:\users\wayne.chapple\ntuser.dat{59ecf5cf-6421-11df-a351-001e101f1ed9}.TM.blf
2010-05-20 22:06:11 524288 --sha-w- c:\users\wayne.chapple\ntuser.dat{59ecf5cf-6421-11df-a351-001e101f1ed9}.TMContainer00000000000000000002.regtrans-ms
2010-05-20 22:06:11 524288 --sha-w- c:\users\wayne.chapple\ntuser.dat{59ecf5cf-6421-11df-a351-001e101f1ed9}.TMContainer00000000000000000001.regtrans-ms
2010-05-12 22:25:56 65536 --sha-w- c:\users\wayne.chapple\ntuser.dat{3f5cbff3-5e14-11df-854a-0015aff78ef7}.TM.blf
2010-05-12 22:25:56 524288 --sha-w- c:\users\wayne.chapple\ntuser.dat{3f5cbff3-5e14-11df-854a-0015aff78ef7}.TMContainer00000000000000000002.regtrans-ms
2010-05-12 22:25:56 524288 --sha-w- c:\users\wayne.chapple\ntuser.dat{3f5cbff3-5e14-11df-854a-0015aff78ef7}.TMContainer00000000000000000001.regtrans-ms
2010-05-11 03:33:29 0 d-----w- c:\program files\SQLyog Enterprise
2010-05-07 01:54:22 0 d---a-w- c:\programdata\TEMP
2010-05-07 01:54:10 0 d-----w- c:\users\wayne~1.cha\appdata\roaming\Softland
2010-05-07 01:54:10 0 d-----w- c:\programdata\Softland
2010-05-07 01:54:10 0 d-----w- c:\program files\Softland
2010-05-07 00:28:05 0 d--h--w- c:\programdata\CanonIJScan
2010-05-07 00:27:30 0 d-----w- c:\program files\common files\CANON
2010-05-07 00:24:47 0 d-----w- c:\program files\Canon

==================== Find3M ====================

2010-05-28 13:53:30 19 ----a-w- c:\program files\Answer.txt
2010-05-21 04:21:29 6029312 --sha-w- c:\users\wayne.chapple\ntuser (1).dat
2010-03-08 21:33:56 427520 ----a-w- c:\windows\system32\vbscript.dll
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 0:17:40.01 ===============


thanks in advance
regards Wayne.


Attached Files



BC AdBot (Login to Remove)

 


#2 crwzar80

crwzar80
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:04 AM

Posted 08 June 2010 - 04:31 AM

can you please close this post.

Due to serious performance and stability issue i was left with no choice but to format my hard drive. fortunatly i did have a very recent backup and only sacraficed a couple of days of work and i cannot stress enough the importance of running regular back ups.

#3 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,833 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:04 AM

Posted 08 June 2010 - 07:45 AM

I am glad to hear you were able to solve it this way.

This topic will now be closed.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users