Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown virus or malware, opens dozens of IE windows


  • Please log in to reply
34 replies to this topic

#1 snowboarder5150

snowboarder5150

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:24 AM

Posted 21 October 2010 - 01:59 PM

For the last week or so, my computer has been opening dozens of Internet Explorer windows, taking me to random advertising sites. This occurs when I am using other programs, or when my computer sits idle. FYI, I never open IE in the first place. I only use fire fox these days.

Less often, my AVG will occasionally alert me that its online shield has blocked some items from getting into my computer. For example, AVG's Online Shield findings reads as follows:

Online Shield findings
Infection;"Object";"Result";"Detection time";"Object Type";"Process"
Exploit Rogue Scanner (type 1349);"xosozyk.co.cc/?id=06abQDc9";"Object was blocked";"10/21/2010, 12:58:23 PM";"file";"C:\WINDOWS\explorer.exe"
Exploit Rogue Scanner (type 1349);"xosozyk.co.cc/?id=06abQDcx";"Object was blocked";"10/21/2010, 12:37:26 PM";"file";"C:\WINDOWS\explorer.exe"

If it helps, my AVG virus vault reads as follows:

"Warning";"Found Tracking cookie.Advertising";"C:\Documents and Settings\TY$\Cookies\ty$@advertising[1].txt";"N/A";"9/23/2010, 10:56:37 AM"
"Infection";"Virus found Exploit";"c:\Documents and Settings\TY$\Local Settings\Temporary Internet Files\Content.IE5\80D74WVJ\index[3].htm";"N/A";"10/13/2010, 4:19:18 PM"
"Warning";"Corrupted executable file";"C:\Documents and Settings\TY$\Application Data\.BitTornado\piececache\65651774e48dbe622b411d8ebab819e7ab3fc73f\2b";"N/A";"10/19/2010, 10:51:46 PM"
"Warning";"Corrupted executable file";"C:\Documents and Settings\TY$\Local Settings\Temp\SkypeSetup.exe";"N/A";"10/19/2010, 11:12:04 PM"

Since running into these problems I have taken a few different actions. I've updated my AVG and ran full scans in safe mode. The results are as follows:

AVG 9.0 Anti-Virus command line scanner
Copyright © 1992 - 2010 AVG Technologies
Program version 9.0.832, engine 9.0.861
Virus Database: Version 271.1.1/3203 2010-10-17

C:\Documents and Settings\All Users\Application Data\TuneUp Software\TuneUp Utilities 2010\TTUSvc.tt Locked file. Not tested.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Locked file. Not tested.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Locked file. Not tested.
C:\Documents and Settings\NetworkService\NTUSER.DAT Locked file. Not tested.
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Locked file. Not tested.
C:\Documents and Settings\TY$\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Locked file. Not tested.
C:\Documents and Settings\TY$\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Locked file. Not tested.
C:\Documents and Settings\TY$\NTUSER.DAT Locked file. Not tested.
C:\Documents and Settings\TY$\ntuser.dat.LOG Locked file. Not tested.
C:\pagefile.sys Locked file. Not tested.
C:\System Volume Information\ Locked file. Not tested.
C:\WINDOWS\system32\config\default Locked file. Not tested.
C:\WINDOWS\system32\config\default.LOG Locked file. Not tested.
C:\WINDOWS\system32\config\SAM Locked file. Not tested.
C:\WINDOWS\system32\config\SAM.LOG Locked file. Not tested.
C:\WINDOWS\system32\config\SECURITY Locked file. Not tested.
C:\WINDOWS\system32\config\SECURITY.LOG Locked file. Not tested.
C:\WINDOWS\system32\config\software Locked file. Not tested.
C:\WINDOWS\system32\config\software.LOG Locked file. Not tested.
C:\WINDOWS\system32\config\system Locked file. Not tested.
C:\WINDOWS\system32\config\system.LOG Locked file. Not tested.
C:\WINDOWS\system32\drivers\sptd.sys Locked file. Not tested.

------------------------------------------------------------
Objects scanned : 335454
Found infections : 0
Found PUPs : 0
Healed infections : 0
Healed PUPs : 0
Warnings : 0
------------------------------------------------------------

(FYI, since this scan, I've updated to AVG free, 2011, but it has not found anything either.)

I also downloaded, updated, and ran Malwarebytes in safe mode. It's scan log reads as follows:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4814

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

10/13/2010 10:59:14 PM
mbam-log-2010-10-13 (22-59-14).txt

Scan type: Full scan (C:\|)
Objects scanned: 234929
Time elapsed: 4 hour(s), 47 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


I also deleted what I thought to be suspicious items on my computer. There were three folders in my C drive with random number and letter titles. There was also a codec pack that I downloaded and installed from an untrusted source a few weeks back which I deleted. Finally, I tried getting rid of Windows Defender, as it seemed to be behaving suspicious (several of its .dll files remain, as they were undeletable. I realize that these may not have been the best steps to take. The deleted files now sit in my recycle bin.


I ran the dds scan, and am posting the log below. I tried three times to run the gmer scan. The first time resulted in a Blue Screen of Death. The other two times resulted in a frozen computer, which had to be restarted via the power button.

Thanks in advance for your input. I promise to not delete any more files, or do anything else without your instructions.

dds log:



DDS (Ver_10-10-10.03) - NTFSx86
Run by TY$ at 9:40:32.09 on Wed 10/20/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.389 [GMT -5:00]

AV: AVG Anti-Virus 2011 *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\dlcgcoms.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgam.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Documents and Settings\TY$\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.com/
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: H - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IntelZeroConfig] c:\program files\intel\wireless\bin\ZCfgSvc.exe
mRun: [<NO NAME>]
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [DLCGCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCGtime.dll,_RunDLLEntry@16
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1242684335987
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 249424]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 298448]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2010-9-3 6104144]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-9-10 265400]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2010\TuneUpUtilitiesService32.exe [2010-8-27 1051968]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2010\TuneUpUtilitiesDriver32.sys [2010-2-24 10064]
S2 gupdate1ca1e9d70970e1f;Google Update Service (gupdate1ca1e9d70970e1f);c:\program files\google\update\GoogleUpdate.exe [2009-8-16 133104]
S2 WinDefend;Windows Defender;"c:\program files\windows defender\msmpeng.exe" --> c:\program files\windows defender\MsMpEng.exe [?]

=============== Created Last 30 ================

2010-10-20 14:28:26 24983 ----a-w- c:\windows\system32\14282654641.dll
2010-10-19 21:38:12 6146896 ------w- c:\docume~1\alluse~1\applic~1\microsoft\windows defender\definition updates\updates\mpengine.dll
2010-10-19 19:39:16 -------- d-----w- c:\docume~1\ty$\applic~1\AVG10
2010-10-19 19:34:44 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files
2010-10-19 19:27:10 -------- d-----w- c:\windows\system32\drivers\AVG
2010-10-19 19:27:09 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10
2010-10-19 18:58:08 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
2010-10-16 15:50:13 6084944 ------w- c:\docume~1\alluse~1\applic~1\microsoft\windows defender\definition updates\{32b967a5-4b90-4259-98f4-5948864a7d34}\mpengine.dll
2010-10-14 14:40:05 -------- d-----w- c:\windows\pss
2010-10-13 23:40:13 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-13 23:40:11 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-10-13 23:39:19 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-10-13 20:24:44 -------- d-----w- c:\docume~1\ty$\applic~1\Malwarebytes
2010-10-13 20:22:58 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-13 20:22:53 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-10-13 20:22:51 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-13 20:22:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-11 14:45:00 14808 ----a-w- c:\program files\mozilla firefox\plugin-container.exe
2010-10-11 14:44:51 718296 ----a-w- c:\program files\mozilla firefox\mozcpp19.dll
2010-10-03 15:43:22 -------- d-----w- c:\docume~1\ty$\locals~1\applic~1\PCHealth
2010-09-21 03:37:34 -------- d-----w- c:\program files\Bullfrog

==================== Find3M ====================

2010-09-19 00:52:38 197632 ----a-w- c:\program files\common files\OnlineFilesManager.dll
2010-09-18 17:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-09 13:38:01 832512 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 13:38:01 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-09 13:38:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-09 13:38:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-09-08 16:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 16:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-08 15:57:57 389120 ----a-w- c:\windows\system32\html.iec
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 13:02:10 30528 ----a-w- c:\windows\system32\TURegOpt.exe
2010-08-27 12:56:30 30016 ----a-w- c:\windows\system32\uxtuneup.dll
2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-08-12 04:07:46 133616 ------w- c:\windows\system32\pxafs.dll
2010-08-12 04:07:46 126448 ------w- c:\windows\system32\pxinsi64.exe
2010-08-12 04:07:46 123888 ------w- c:\windows\system32\pxcpyi64.exe

============= FINISH: 9:43:00.60 ===============


Thanks for your help,
Tyler

Attached Files


Edited by snowboarder5150, 21 October 2010 - 02:02 PM.


BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:04:24 AM

Posted 30 October 2010 - 03:40 PM

Hi,

Your post is a few days old. If you still need help simply reply back.

How Can I Reduce My Risk to Malware?


#3 snowboarder5150

snowboarder5150
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:24 AM

Posted 04 November 2010 - 09:17 AM

Yes! I still need help. I'm trying to be patient.... Anyone?

#4 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:04:24 AM

Posted 04 November 2010 - 04:16 PM

Hi

Anyone?

that would be me.

We will get a download to use. Its called TDSSkiller. We will start with that, link and directions:

Please download TDSS Killer.exe and save it to your desktop
Double click to launch the utility. After it initializes click the start scan button.

Once the scan completes you can click the continue button.

"The utility will automatically select an action (Cure or Delete) for known malcious objects. A suspicious object will be skipped by default."

"After clicking Next, the utility applies selected actions and outputs the result."

"A reboot might require after disinfection."

A report will be found in your Root drive Local Disk (C:) as TDSSKiller.2.4.2.1_09.08.2010_17.32.21_log.txt (name, version, date, time)
Please post the log report

How Can I Reduce My Risk to Malware?


#5 snowboarder5150

snowboarder5150
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:24 AM

Posted 04 November 2010 - 06:50 PM

Very happy to hear from you. I ran the scan. 0 threats found. I'm posting the log below. Thanks for your help:


2010/11/04 18:42:48.0296 TDSS rootkit removing tool 2.4.6.0 Nov 3 2010 10:11:43
2010/11/04 18:42:48.0296 ================================================================================
2010/11/04 18:42:48.0296 SystemInfo:
2010/11/04 18:42:48.0296
2010/11/04 18:42:48.0296 OS Version: 5.1.2600 ServicePack: 3.0
2010/11/04 18:42:48.0296 Product type: Workstation
2010/11/04 18:42:48.0296 ComputerName: TY
2010/11/04 18:42:48.0296 UserName: TY$
2010/11/04 18:42:48.0296 Windows directory: C:\WINDOWS
2010/11/04 18:42:48.0296 System windows directory: C:\WINDOWS
2010/11/04 18:42:48.0296 Processor architecture: Intel x86
2010/11/04 18:42:48.0296 Number of processors: 1
2010/11/04 18:42:48.0296 Page size: 0x1000
2010/11/04 18:42:48.0296 Boot type: Normal boot
2010/11/04 18:42:48.0296 ================================================================================
2010/11/04 18:42:48.0937 Initialize success
2010/11/04 18:42:53.0453 ================================================================================
2010/11/04 18:42:53.0453 Scan started
2010/11/04 18:42:53.0453 Mode: Manual;
2010/11/04 18:42:53.0453 ================================================================================
2010/11/04 18:42:56.0578 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/11/04 18:42:57.0078 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/11/04 18:42:58.0046 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/11/04 18:42:58.0531 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2010/11/04 18:42:59.0000 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/11/04 18:43:01.0750 ApfiltrService (aeb775a2bae0f392ba6adc0bb706233a) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
2010/11/04 18:43:02.0359 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
2010/11/04 18:43:02.0921 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/11/04 18:43:04.0718 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/11/04 18:43:05.0156 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/11/04 18:43:05.0968 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/11/04 18:43:06.0437 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/11/04 18:43:07.0000 AVGIDSDriver (0c61f066f4d94bd67063dc6691935143) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
2010/11/04 18:43:07.0390 AVGIDSEH (84853f800cd69252c3c764fe50d0346f) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
2010/11/04 18:43:07.0953 AVGIDSFilter (28d6adcd03e10f3838488b9b5d407dd4) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
2010/11/04 18:43:08.0390 AVGIDSShim (0eb16f4dbbb946360af30d2b13a52d1d) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
2010/11/04 18:43:08.0937 Avgldx86 (1119e5bec6e749e0d292f0f84d48edba) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
2010/11/04 18:43:09.0437 Avgmfx86 (54f1a9b4c9b540c2d8ac4baa171696b1) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
2010/11/04 18:43:09.0937 Avgrkx86 (8da3b77993c5f354cc2977b7ea06d03a) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
2010/11/04 18:43:10.0468 Avgtdix (2fd3e3a57fb90679a3a83eeed0360cfd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
2010/11/04 18:43:11.0125 bcm4sbxp (78123f44be9e4768852a3a017e02d637) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
2010/11/04 18:43:11.0515 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/11/04 18:43:12.0500 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/11/04 18:43:13.0406 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/11/04 18:43:13.0906 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/11/04 18:43:14.0390 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/11/04 18:43:14.0859 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
2010/11/04 18:43:15.0687 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/11/04 18:43:16.0578 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/11/04 18:43:18.0265 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/11/04 18:43:19.0203 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/11/04 18:43:20.0046 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\DRIVERS\dmio.sys
2010/11/04 18:43:20.0546 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/11/04 18:43:21.0046 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/11/04 18:43:21.0828 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/11/04 18:43:22.0359 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/11/04 18:43:22.0875 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2010/11/04 18:43:23.0343 FileDisk (4c2deef4f64efffa1981f8627a2ac162) C:\WINDOWS\SYSTEM32\DRIVERS\filedisk.sys
2010/11/04 18:43:23.0812 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/11/04 18:43:24.0281 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/11/04 18:43:24.0796 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/11/04 18:43:25.0421 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/11/04 18:43:25.0875 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/11/04 18:43:26.0390 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/11/04 18:43:26.0890 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/11/04 18:43:27.0390 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/11/04 18:43:28.0390 HSFHWICH (140ba850417896b6b3322048de280368) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
2010/11/04 18:43:29.0421 HSF_DP (b2dfc168d6f7512faea085253c5a37ad) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2010/11/04 18:43:30.0500 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/11/04 18:43:31.0921 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/11/04 18:43:32.0453 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/11/04 18:43:33.0343 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/11/04 18:43:33.0750 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/11/04 18:43:34.0296 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/11/04 18:43:34.0734 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/11/04 18:43:35.0218 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/11/04 18:43:35.0687 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/11/04 18:43:36.0187 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/11/04 18:43:36.0671 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/11/04 18:43:37.0109 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/11/04 18:43:37.0718 IWCA (872d090ca5c306f62d1982bce6302376) C:\WINDOWS\system32\DRIVERS\iwca.sys
2010/11/04 18:43:38.0343 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/11/04 18:43:38.0875 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/11/04 18:43:39.0421 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/11/04 18:43:40.0281 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/11/04 18:43:40.0734 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2010/11/04 18:43:41.0203 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/11/04 18:43:41.0734 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/11/04 18:43:42.0109 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/11/04 18:43:42.0625 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/11/04 18:43:43.0078 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/11/04 18:43:44.0000 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/11/04 18:43:44.0828 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/11/04 18:43:45.0593 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/11/04 18:43:46.0000 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/11/04 18:43:46.0468 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/11/04 18:43:46.0859 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/11/04 18:43:47.0328 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/11/04 18:43:47.0937 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/11/04 18:43:48.0531 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/11/04 18:43:49.0046 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/11/04 18:43:49.0531 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/11/04 18:43:49.0921 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/11/04 18:43:50.0375 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/11/04 18:43:50.0921 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/11/04 18:43:51.0468 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/11/04 18:43:52.0000 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/11/04 18:43:52.0453 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/11/04 18:43:53.0187 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/11/04 18:43:54.0031 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/11/04 18:43:56.0078 nv (ecef9af156aafe2819a16230ad8968b7) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/11/04 18:43:58.0359 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/11/04 18:43:58.0890 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/11/04 18:43:59.0359 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/11/04 18:43:59.0953 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
2010/11/04 18:44:00.0453 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2010/11/04 18:44:00.0968 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/11/04 18:44:01.0390 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/11/04 18:44:01.0968 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/11/04 18:44:03.0015 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/11/04 18:44:03.0453 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2010/11/04 18:44:06.0984 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/11/04 18:44:07.0468 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/11/04 18:44:08.0015 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/11/04 18:44:08.0437 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/11/04 18:44:11.0093 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/11/04 18:44:11.0578 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/11/04 18:44:12.0250 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/11/04 18:44:12.0640 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/11/04 18:44:13.0375 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/11/04 18:44:14.0078 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/11/04 18:44:14.0562 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/11/04 18:44:15.0218 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/11/04 18:44:15.0703 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/11/04 18:44:16.0484 s24trans (9c40cb317400f2cf643b8706147dd06d) C:\WINDOWS\system32\DRIVERS\s24trans.sys
2010/11/04 18:44:17.0125 SCDEmu (f441ba47bd8610cb9536965bd7d1f943) C:\WINDOWS\system32\drivers\SCDEmu.sys
2010/11/04 18:44:17.0609 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2010/11/04 18:44:18.0312 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/11/04 18:44:18.0796 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2010/11/04 18:44:19.0468 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/11/04 18:44:20.0812 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/11/04 18:44:21.0890 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\WINDOWS\System32\Drivers\sptd.sys
2010/11/04 18:44:22.0859 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/11/04 18:44:23.0906 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/11/04 18:44:25.0171 STAC97 (305cc42945a713347f978d78566113f3) C:\WINDOWS\system32\drivers\STAC97.sys
2010/11/04 18:44:26.0000 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/11/04 18:44:26.0640 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/11/04 18:44:28.0859 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/11/04 18:44:29.0500 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/11/04 18:44:30.0171 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/11/04 18:44:30.0718 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/11/04 18:44:31.0203 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/11/04 18:44:32.0187 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/11/04 18:44:33.0718 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/11/04 18:44:34.0515 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/11/04 18:44:35.0093 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/11/04 18:44:35.0640 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/11/04 18:44:36.0187 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/11/04 18:44:36.0640 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/11/04 18:44:37.0156 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/11/04 18:44:37.0562 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/11/04 18:44:38.0171 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/11/04 18:44:38.0890 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/11/04 18:44:39.0875 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/11/04 18:44:42.0171 w29n51 (adb2f5af36155c9f1fbfd66a3acacbe6) C:\WINDOWS\system32\DRIVERS\w29n51.sys
2010/11/04 18:44:44.0218 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/11/04 18:44:45.0078 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/11/04 18:44:45.0937 winachsf (2dc7c0b6175a0a8ed84a4f70199c93b5) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2010/11/04 18:44:46.0625 ================================================================================
2010/11/04 18:44:46.0625 Scan finished
2010/11/04 18:44:46.0625 ================================================================================

#6 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:04:24 AM

Posted 04 November 2010 - 07:02 PM

ok so far so good. We will move on to combofix. There is a guide to read first. Read through the guide first and apply the directions on your own machine. Post the combofix log:

Guide to using Combofix

How Can I Reduce My Risk to Malware?


#7 snowboarder5150

snowboarder5150
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:24 AM

Posted 06 November 2010 - 10:33 AM

I uninstalled my AVG in order to run combofix. I'm posting its log below. In the meantime, I'm going to put AVG back on my computer. I hope that's okay.

Thanks again for the help.

ComboFix 10-11-05.06 - TY$ 11/06/2010 9:58.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.593 [GMT -5:00]
Running from: c:\documents and settings\TY$\My Documents\Downloads\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\14395781241.dll

.
((((((((((((((((((((((((( Files Created from 2010-10-06 to 2010-11-06 )))))))))))))))))))))))))))))))
.

2010-10-22 19:53 . 2010-10-22 19:55 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-10-22 19:53 . 2010-10-22 19:53 -------- d-----w- c:\program files\DVDVideoSoft
2010-10-19 21:38 . 2010-10-18 14:41 6146896 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Updates\mpengine.dll
2010-10-19 19:39 . 2010-10-19 19:39 -------- d-----w- c:\documents and settings\TY$\Application Data\AVG10
2010-10-19 19:34 . 2010-10-19 19:34 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2010-10-19 19:27 . 2010-11-06 14:27 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2010-10-19 18:58 . 2010-11-05 00:56 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2010-10-16 15:50 . 2010-09-09 22:52 6084944 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{32B967A5-4B90-4259-98F4-5948864A7D34}\mpengine.dll
2010-10-14 16:56 . 2010-10-19 19:19 -------- d-----w- c:\documents and settings\Administrator
2010-10-13 23:40 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-13 23:40 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-10-13 23:39 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-10-13 20:24 . 2010-10-13 20:24 -------- d-----w- c:\documents and settings\TY$\Application Data\Malwarebytes
2010-10-13 20:22 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-13 20:22 . 2010-10-13 20:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-13 20:22 . 2010-10-13 20:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-13 20:22 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-11 14:45 . 2010-10-28 03:19 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
2010-10-11 14:44 . 2010-10-28 03:19 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 16:41 . 2010-09-08 04:39 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-19 00:52 . 2010-09-19 00:52 197632 ----a-w- c:\program files\Common Files\OnlineFilesManager.dll
2010-09-18 17:23 . 2004-08-10 11:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-10 11:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-10 11:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-10 11:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-09 22:52 . 2010-09-08 04:39 6084944 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2010-09-09 13:38 . 2004-08-10 11:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 13:38 . 2004-08-10 11:00 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-09 13:38 . 2004-08-10 11:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-09 13:38 . 2004-08-10 11:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-09-08 16:17 . 2010-09-08 16:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 16:17 . 2010-09-08 16:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-08 15:57 . 2004-08-10 11:00 389120 ----a-w- c:\windows\system32\html.iec
2010-09-01 11:51 . 2004-08-10 11:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2004-08-10 11:00 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2004-08-10 11:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2004-08-10 11:00 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2004-08-10 11:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-05-18 22:52 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2004-08-10 11:00 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2004-08-10 11:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2004-08-10 11:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-08-12 04:07 . 2010-09-09 21:12 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2010-08-12 04:07 . 2010-09-09 21:12 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2010-08-12 04:07 . 2010-09-09 21:12 123888 ------w- c:\windows\system32\pxcpyi64.exe
2010-08-12 04:07 . 2010-09-09 21:12 126448 ------w- c:\windows\system32\pxinsi64.exe
2010-08-12 04:07 . 2010-09-09 21:12 133616 ------w- c:\windows\system32\pxafs.dll
2010-08-12 04:07 . 2009-05-18 19:06 45648 ------w- c:\windows\system32\drivers\pxhelp20.sys
.

------- Sigcheck -------

[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys
[-] 2004-08-10 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys

[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys
[-] 2004-08-10 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys

[-] 2004-08-10 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
[-] 2004-08-10 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys

[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
[-] 2004-08-10 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys

[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
[-] 2004-08-10 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ndis.sys

[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys
[-] 2007-02-09 . 05AB81909514BFD69CBB1F2C147CF6B9 . 574976 . . [5.1.2600.3081] . . c:\windows\SoftwareDistribution\Download\f7c10c2b68f88196f082e36f7313e169\sp2qfe\ntfs.sys
[-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\windows\SoftwareDistribution\Download\f7c10c2b68f88196f082e36f7313e169\sp2gdr\ntfs.sys
[-] 2004-08-10 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntfs.sys

[-] 2004-08-10 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys
[-] 2004-08-10 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys

[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll
[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll
[-] 2004-08-10 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll

[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
[-] 2004-08-10 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe

[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll
[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\SoftwareDistribution\Download\f7a4b3723a3aad7955ede9785b307e88\sp2gdr\netman.dll
[-] 2005-08-22 . 3516D8A18B36784B1005B950B84232E1 . 197632 . . [5.1.2600.2743] . . c:\windows\SoftwareDistribution\Download\f7a4b3723a3aad7955ede9785b307e88\sp2qfe\netman.dll
[-] 2004-08-10 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netman.dll

[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll
[-] 2004-08-10 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\$NtServicePackUninstall$\qmgr.dll

[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2004-08-10 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe

[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
[-] 2004-08-10 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll

[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
[-] 2004-08-10 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll

[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll
[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
[-] 2005-09-01 . 648BF0B4DDE4F7A1156DAE7174D36EFA . 19968 . . [5.1.2600.2751] . . c:\windows\SoftwareDistribution\Download\0ad26524c298df9a41026d3b49a38936\sp2qfe\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\SoftwareDistribution\Download\0ad26524c298df9a41026d3b49a38936\sp2gdr\linkinfo.dll
[-] 2004-08-10 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll

[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll
[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
[-] 2004-08-10 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lpk.dll

[-] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
[-] 2004-08-10 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll
[-] 2004-08-10 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
[-] 2004-08-10 . 98EC447E00229AFD88D5161A25D065DA . 343040 . . [7.0.2600.2180] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll

[7] 2009-02-06 . 6C476D33D82F1054849790181E8F7772 . 408064 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[7] 2009-02-06 . 6C476D33D82F1054849790181E8F7772 . 408064 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
[-] 2004-08-10 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netlogon.dll

[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
[-] 2004-08-10 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll

[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll
[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
[-] 2004-08-10 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\scecli.dll

[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
[-] 2004-08-10 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfc.dll

[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
[-] 2004-08-10 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe

[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll
[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
[-] 2005-07-08 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . . c:\windows\SoftwareDistribution\Download\c97484bc3f0a909669b5abb5a1bd9a86\sp2qfe\tapisrv.dll
[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\SoftwareDistribution\Download\c97484bc3f0a909669b5abb5a1bd9a86\sp2gdr\tapisrv.dll
[-] 2004-08-10 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll

[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2007-03-08 . 7AA4F6C00405DFC4B70ED4214E7D687B . 578048 . . [5.1.2600.3099] . . c:\windows\SoftwareDistribution\Download\4d9d678c0d8af22c04a4a7fc7f1ff86c\sp2qfe\user32.dll
[-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . c:\windows\SoftwareDistribution\Download\4d9d678c0d8af22c04a4a7fc7f1ff86c\sp2gdr\user32.dll
[-] 2005-03-02 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\windows\SoftwareDistribution\Download\dc3b8fb011c281dea1cb7a45f880da78\sp2qfe\user32.dll
[-] 2005-03-02 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . c:\windows\SoftwareDistribution\Download\dc3b8fb011c281dea1cb7a45f880da78\sp2gdr\user32.dll
[-] 2004-08-10 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\user32.dll

[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[-] 2004-08-10 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe

[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
[-] 2004-08-10 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll

[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2help.dll
[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll
[-] 2004-08-10 . 9BEACB911CA61E5881102188AB7FB431 . 19968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2help.dll

[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\SoftwareDistribution\Download\44d74c37f0595a363bcec5e9229d8564\sp2qfe\explorer.exe
[-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\SoftwareDistribution\Download\44d74c37f0595a363bcec5e9229d8564\sp2gdr\explorer.exe
[-] 2004-08-10 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe

[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2004-08-10 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll

[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[-] 2004-08-10 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wscntfy.exe

[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
[-] 2004-08-10 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\xmlprov.dll

[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
[-] 2004-08-10 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll

[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[-] 2004-08-10 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll

[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2004-08-10 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe

[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll
[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\system32\shsvcs.dll
[-] 2006-12-19 . 6815DEF9B810AEFAC107EEAF72DA6F82 . 134656 . . [6.00.2900.3051] . . c:\windows\SoftwareDistribution\Download\b45151c33087fb9df3e7d6e3700f80ed\sp2gdr\shsvcs.dll
[-] 2006-12-19 . 53D9184A21C5CBF600D918E51EF3A7E5 . 135168 . . [6.00.2900.3051] . . c:\windows\SoftwareDistribution\Download\b45151c33087fb9df3e7d6e3700f80ed\sp2qfe\shsvcs.dll
[-] 2004-08-10 . E7518DC542D3EBDCB80EDD98462C7821 . 134656 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll

[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll
[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
[-] 2004-08-10 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regsvc.dll

[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\schedsvc.dll
[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
[-] 2004-08-10 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll

[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll
[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
[-] 2004-08-10 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll

[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
[-] 2004-08-10 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\termsrv.dll

[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\appmgmts.dll
[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll
[-] 2004-08-10 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\appmgmts.dll

[-] 2004-08-10 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys

[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
[-] 2006-02-15 00:30 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\SoftwareDistribution\Download\11e16da0817126b62afaea7136882d9f\sp2qfe\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\SoftwareDistribution\Download\11e16da0817126b62afaea7136882d9f\sp2gdr\aec.sys
[-] 2004-08-10 11:00 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\$NtServicePackUninstall$\aec.sys

[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\agp440.sys
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\agp440.sys
[-] 2004-08-10 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\agp440.sys

[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
[-] 2004-08-10 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ip6fw.sys

[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msgsvc.dll
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
[-] 2004-08-10 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll

[-] 2005-08-04 01:29 . B9715B9C18BC6C8F4B66733D208CC9F7 . 25088 . . [10.0.3790.4332] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
[-] 2005-08-04 01:29 . B9715B9C18BC6C8F4B66733D208CC9F7 . 25088 . . [10.0.3790.4332] . . c:\windows\system32\MsPMSNSv.dll
[-] 2005-08-04 01:29 . B9715B9C18BC6C8F4B66733D208CC9F7 . 25088 . . [10.0.3790.4332] . . c:\windows\system32\dllcache\mspmsnsv.dll
[-] 2004-08-10 11:00 . 6EAA72FD9EF993EC1FA9A06DE65105DA . 25088 . . [10.0.3790.3646] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll

[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll
[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
[-] 2004-08-10 11:00 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll

[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll
[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
[-] 2007-02-05 . 36ACA6CDC19C95FF468A1426EB7F32F0 . 185344 . . [5.1.2600.3077] . . c:\windows\SoftwareDistribution\Download\b3183a1e00bc9d14758dc26c2b339e76\sp2qfe\upnphost.dll
[-] 2007-02-05 . ACA5D98663D879C6BAAFCEA7E2F1B710 . 185344 . . [5.1.2600.3077] . . c:\windows\SoftwareDistribution\Download\b3183a1e00bc9d14758dc26c2b339e76\sp2gdr\upnphost.dll
[-] 2004-08-10 . 0546477BDE979E33294FE97F6B3DE84A . 185344 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\upnphost.dll

[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\dsound.dll
[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll
[-] 2004-08-10 . 55E148C01296696588EAFA425782C3E8 . 367616 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\dsound.dll

[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\d3d9.dll
[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll
[-] 2004-08-10 . D67BDBBDA86CC9AEEBBAF3217C1717D8 . 1689088 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\d3d9.dll

[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\ddraw.dll
[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll
[-] 2004-08-10 . 7ED462F353B3D915A418A689FA881F96 . 266240 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\ddraw.dll

[-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\olepro32.dll
[-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll
[-] 2004-08-10 11:00 . B48D3193DD1474DCBCC32BF4779AC698 . 83456 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\olepro32.dll

[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\perfctrs.dll
[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll
[-] 2004-08-10 . 96492C721C6EA517E2BFD5381FEF55E3 . 39936 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\perfctrs.dll

[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\version.dll
[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll
[-] 2004-08-10 . D38408967BE738D0C1B47005BCE8CEEB . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\version.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Online Files]
@="{B82655E9-B81D-4A97-8154-0D84A4C048E4}"
[HKEY_CLASSES_ROOT\CLSID\{B82655E9-B81D-4A97-8154-0D84A4C048E4}]
2010-09-19 00:52 197632 ----a-w- c:\program files\Common Files\OnlineFilesManager.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-07-23 401408]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-07-23 385024]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-07-07 7118848]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"DLCGCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCGtime.dll" [2006-10-20 73728]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2005-07-23 05:46 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"ctfmon.exe"=c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"ehTray"=c:\windows\ehome\ehtray.exe
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"DwlClient"=c:\program files\Common Files\Dell\EUSW\Support.exe
"nwiz"=nwiz.exe /installquiet
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\system32\\dlcgcoms.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

S2 gupdate1ca1e9d70970e1f;Google Update Service (gupdate1ca1e9d70970e1f);c:\program files\Google\Update\GoogleUpdate.exe [8/16/2009 1:14 PM 133104]
S2 WinDefend;Windows Defender;"c:\program files\Windows Defender\MsMpEng.exe" --> c:\program files\Windows Defender\MsMpEng.exe [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5/22/2009 6:04 PM 721904]
.
Contents of the 'Scheduled Tasks' folder

2010-11-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2010-11-06 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-16 18:11]

2010-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-16 18:14]

2010-11-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-16 18:14]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-Windows Defender - c:\program files\Windows Defender\MSASCui.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-06 10:19
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCGCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCGtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(872)
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
Completion time: 2010-11-06 10:27:51
ComboFix-quarantined-files.txt 2010-11-06 15:27

Pre-Run: 11,154,075,648 bytes free
Post-Run: 13,807,599,616 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - 6C03654B9028B21A84CBDDE50C3C07C0

#8 snowboarder5150

snowboarder5150
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:24 AM

Posted 06 November 2010 - 10:36 AM

I should also note that after finishing the combofix scan, I'm still getting dozens of IE windows opening and taking me to advertising sites.

#9 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:04:24 AM

Posted 06 November 2010 - 06:14 PM

I'm going to put AVG back on my computer. I hope that's okay.

Please do, you dont want to be without antivirus. Not looking good, TDSSkiller and combofix look ok and your still getting IE opening sites. I will post back.

How Can I Reduce My Risk to Malware?


#10 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:04:24 AM

Posted 07 November 2010 - 09:59 AM

Please Download Rootkit Unhooker Save it to your desktop


Double-click on RKUnhookerLE.exe to run it.

Click the Report tab at the top, then click Scan at the bottom.

Leave Drivers, Stealth Code, Files, Code Hooks checked. Uncheck the other three. Click OK.

Wait until the scanner has finished and then click File, Save Report.
This can take a while. Please be patient.
Save the report somewhere where so you can find it. Click Close.
Copy the contents of this saved log in your next reply.
This log can be lengthy you may have to post it in separate replies.
Note - you may get this warning it is ok, just ignore: "Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

How Can I Reduce My Risk to Malware?


#11 snowboarder5150

snowboarder5150
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:24 AM

Posted 07 November 2010 - 02:52 PM

The link that you sent for Rookkit Unhooker was not working, so I downloaded it from here: http://www.freewaregeeks.com/?page=detail&get_id=1637&category=64.

I should say that my avg picked up a trojan when I first tried running the scan. I had AVG remove it:

File name: C:\WINDOWS\SYSTEM32\B1212024.EXE. AVG also deleted registry key:
hkey_local_machine\system\currentcontrolset\services\b1212024

Perhaps it was due to this that the initial rootkit unhooker scan encountered an error and I had to start over. While scanning the second time, another interesting thing was that my computer kept on going into standby when left sitting for ~15 minutes, and then asked for an admin password to return to windows. I just hit enter to get pass the password. But it's strange, since I've never set my computer to go on standby so quickly, nor to ask for a password.

The log for the second scan is posted below, thanks again.

RkUnhooker report generator v0.7
==============================================
Rootkit Unhooker kernel version: 3.8.341.552
==============================================
Windows Major Version: 5
Windows Minor Version: 1
Windows Build Number: 2600
==============================================
>Drivers
Driver: C:\WINDOWS\System32\nv4_disp.dll
Address: 0xBF012000
Size: 3915776 bytes

Driver: C:\WINDOWS\system32\DRIVERS\w29n51.sys
Address: 0xF5F78000
Size: 3289088 bytes

Driver: C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
Address: 0xF6310000
Size: 3211264 bytes

Driver: C:\WINDOWS\system32\ntkrnlpa.exe
Address: 0x804D7000
Size: 2066816 bytes

Driver: PnpManager
Address: 0x804D7000
Size: 2066816 bytes

Driver: RAW
Address: 0x804D7000
Size: 2066816 bytes

Driver: WMIxWDM
Address: 0x804D7000
Size: 2066816 bytes

Driver: Win32k
Address: 0xBF800000
Size: 1855488 bytes

Driver: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000
Size: 1855488 bytes

Driver: C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
Address: 0xF5DBE000
Size: 1044480 bytes

Driver: C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
Address: 0xF5D16000
Size: 688128 bytes

Driver: Ntfs.sys
Address: 0xF7332000
Size: 577536 bytes

Driver: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Address: 0xF2895000
Size: 458752 bytes

Driver: C:\WINDOWS\system32\DRIVERS\update.sys
Address: 0xF4A74000
Size: 385024 bytes

Driver: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Address: 0xF29E8000
Size: 364544 bytes

Driver: C:\WINDOWS\system32\DRIVERS\srv.sys
Address: 0xB9193000
Size: 360448 bytes

Driver: C:\WINDOWS\system32\DRIVERS\avgtdix.sys
Address: 0xF29A0000
Size: 294912 bytes

Driver: C:\WINDOWS\System32\ATMFD.DLL
Address: 0xBFFA0000
Size: 286720 bytes

Driver: C:\WINDOWS\system32\drivers\STAC97.sys
Address: 0xF5F35000
Size: 274432 bytes

Driver: C:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0xB92DB000
Size: 266240 bytes

Driver: C:\WINDOWS\system32\DRIVERS\iwca.sys
Address: 0xF5CBF000
Size: 249856 bytes

Driver: C:\WINDOWS\system32\DRIVERS\avgldx86.sys
Address: 0xF2859000
Size: 245760 bytes

Driver: C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
Address: 0xF5EBD000
Size: 200704 bytes

Driver: C:\WINDOWS\system32\DRIVERS\rdpdr.sys
Address: 0xF4AD2000
Size: 196608 bytes

Driver: ACPI.sys
Address: 0xF74AC000
Size: 188416 bytes

Driver: NDIS.sys
Address: 0xF7305000
Size: 184320 bytes

Driver: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Address: 0xF2905000
Size: 176128 bytes

Driver: C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
Address: 0xB9053000
Size: 163840 bytes

Driver: C:\WINDOWS\system32\DRIVERS\netbt.sys
Address: 0xF2952000
Size: 163840 bytes

Driver: dmio.sys
Address: 0xF7438000
Size: 155648 bytes

Driver: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Address: 0xF297A000
Size: 155648 bytes

Driver: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xF5F11000
Size: 147456 bytes

Driver: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Address: 0xF62D8000
Size: 147456 bytes

Driver: C:\WINDOWS\system32\drivers\ks.sys
Address: 0xF5EEE000
Size: 143360 bytes

Driver: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xF2930000
Size: 139264 bytes

Driver: ACPI_HAL
Address: 0x806D0000
Size: 131840 bytes

Driver: C:\WINDOWS\system32\hal.dll
Address: 0x806D0000
Size: 131840 bytes

Driver: fltmgr.sys
Address: 0xF73E8000
Size: 131072 bytes

Driver: ftdisk.sys
Address: 0xF745E000
Size: 126976 bytes

Driver: pcmcia.sys
Address: 0xF747D000
Size: 122880 bytes

Driver: C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
Address: 0xF5CFC000
Size: 106496 bytes

Driver: Mup.sys
Address: 0xF72EB000
Size: 106496 bytes

Driver: atapi.sys
Address: 0xF7420000
Size: 98304 bytes

Driver: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF2790000
Size: 98304 bytes

Driver: C:\WINDOWS\System32\Drivers\SCSIPORT.SYS
Address: 0xF7408000
Size: 98304 bytes

Driver: KSecDD.sys
Address: 0xF73BF000
Size: 94208 bytes

Driver: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Address: 0xF5CA8000
Size: 94208 bytes

Driver: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0xB9782000
Size: 86016 bytes

Driver: C:\WINDOWS\system32\DRIVERS\sdbus.sys
Address: 0xF62C4000
Size: 81920 bytes

Driver: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Address: 0xF62FC000
Size: 81920 bytes

Driver: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Address: 0xF2A41000
Size: 77824 bytes

Driver: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF000000
Size: 73728 bytes

Driver: sr.sys
Address: 0xF73D6000
Size: 73728 bytes

Driver: pci.sys
Address: 0xF749B000
Size: 69632 bytes

Driver: C:\WINDOWS\system32\DRIVERS\psched.sys
Address: 0xF5C97000
Size: 69632 bytes

Driver: C:\WINDOWS\System32\Drivers\Udfs.SYS
Address: 0xF27A8000
Size: 69632 bytes

Driver: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Address: 0xF772B000
Size: 65536 bytes

Driver: C:\WINDOWS\system32\DRIVERS\nic1394.sys
Address: 0xF76EB000
Size: 65536 bytes

Driver: ohci1394.sys
Address: 0xF75DB000
Size: 65536 bytes

Driver: C:\WINDOWS\system32\DRIVERS\arp1394.sys
Address: 0xF5BDA000
Size: 61440 bytes

Driver: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xF76FB000
Size: 61440 bytes

Driver: C:\WINDOWS\system32\DRIVERS\redbook.sys
Address: 0xF773B000
Size: 61440 bytes

Driver: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xB9E40000
Size: 61440 bytes

Driver: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Address: 0xF4B22000
Size: 61440 bytes

Driver: C:\WINDOWS\system32\DRIVERS\1394BUS.SYS
Address: 0xF75EB000
Size: 57344 bytes

Driver: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Address: 0xF763B000
Size: 53248 bytes

Driver: C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Address: 0xF770B000
Size: 53248 bytes

Driver: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Address: 0xF774B000
Size: 53248 bytes

Driver: C:\WINDOWS\System32\Drivers\SCDEmu.SYS
Address: 0xF767B000
Size: 53248 bytes

Driver: VolSnap.sys
Address: 0xF761B000
Size: 53248 bytes

Driver: C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
Address: 0xF4B12000
Size: 49152 bytes

Driver: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Address: 0xF776B000
Size: 49152 bytes

Driver: C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
Address: 0xF76DB000
Size: 45056 bytes

Driver: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xF5BAA000
Size: 45056 bytes

Driver: C:\WINDOWS\system32\DRIVERS\imapi.sys
Address: 0xF771B000
Size: 45056 bytes

Driver: MountMgr.sys
Address: 0xF760B000
Size: 45056 bytes

Driver: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Address: 0xF775B000
Size: 45056 bytes

Driver: C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
Address: 0xB9273000
Size: 40960 bytes

Driver: C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
Address: 0xB97C7000
Size: 40960 bytes

Driver: isapnp.sys
Address: 0xF75FB000
Size: 40960 bytes

Driver: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xF4B32000
Size: 40960 bytes

Driver: PxHelp20.sys
Address: 0xF764B000
Size: 40960 bytes

Driver: C:\WINDOWS\system32\DRIVERS\termdd.sys
Address: 0xF4B42000
Size: 40960 bytes

Driver: AVGIDSEH.Sys
Address: 0xF765B000
Size: 36864 bytes

Driver: disk.sys
Address: 0xF762B000
Size: 36864 bytes

Driver: C:\WINDOWS\system32\DRIVERS\intelppm.sys
Address: 0xF76CB000
Size: 36864 bytes

Driver: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Address: 0xF7010000
Size: 36864 bytes

Driver: C:\WINDOWS\system32\DRIVERS\netbios.sys
Address: 0xF4B02000
Size: 36864 bytes

Driver: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Address: 0xF6FC0000
Size: 36864 bytes

Driver: cercsr6.sys
Address: 0xF786B000
Size: 32768 bytes

Driver: C:\WINDOWS\System32\Drivers\Modem.SYS
Address: 0xF78FB000
Size: 32768 bytes

Driver: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xF79DB000
Size: 32768 bytes

Driver: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Address: 0xF78F3000
Size: 32768 bytes

Driver: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Address: 0xF785B000
Size: 28672 bytes

Driver: C:\WINDOWS\System32\Drivers\sybex38.SYS
Address: 0xF7923000
Size: 28672 bytes

Driver: C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
Address: 0xF792B000
Size: 24576 bytes

Driver: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Address: 0xF7913000
Size: 24576 bytes

Driver: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Address: 0xF790B000
Size: 24576 bytes

Driver: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Address: 0xF78EB000
Size: 24576 bytes

Driver: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xF78CB000
Size: 24576 bytes

Driver: avgrkx86.sys
Address: 0xF7873000
Size: 20480 bytes

Driver: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xF78D3000
Size: 20480 bytes

Driver: PartMgr.sys
Address: 0xF7863000
Size: 20480 bytes

Driver: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Address: 0xF4E21000
Size: 20480 bytes

Driver: C:\WINDOWS\system32\DRIVERS\raspti.sys
Address: 0xF78DB000
Size: 20480 bytes

Driver: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Address: 0xF7933000
Size: 20480 bytes

Driver: C:\WINDOWS\System32\watchdog.sys
Address: 0xF7903000
Size: 20480 bytes

Driver: C:\WINDOWS\system32\DRIVERS\AegisP.sys
Address: 0xBA7C4000
Size: 16384 bytes

Driver: C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
Address: 0xF2835000
Size: 16384 bytes

Driver: C:\WINDOWS\system32\DRIVERS\BATTC.SYS
Address: 0xF79F3000
Size: 16384 bytes

Driver: C:\WINDOWS\system32\DRIVERS\CmBatt.sys
Address: 0xF7AB3000
Size: 16384 bytes

Driver: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Address: 0xF5171000
Size: 16384 bytes

Driver: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Address: 0xBA750000
Size: 16384 bytes

Driver: C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
Address: 0xF57C8000
Size: 16384 bytes

Driver: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xF79EB000
Size: 12288 bytes

Driver: compbatt.sys
Address: 0xF79EF000
Size: 12288 bytes

Driver: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xF27D5000
Size: 12288 bytes

Driver: C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
Address: 0xB92BF000
Size: 12288 bytes

Driver: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Address: 0xF7AC7000
Size: 12288 bytes

Driver: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Address: 0xF72A2000
Size: 12288 bytes

Driver: C:\WINDOWS\system32\DRIVERS\s24trans.sys
Address: 0xBA7B4000
Size: 12288 bytes

Driver: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xF7B09000
Size: 8192 bytes

Driver: dmload.sys
Address: 0xF7AE1000
Size: 8192 bytes

Driver: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7B9B000
Size: 8192 bytes

Driver: C:\WINDOWS\SYSTEM32\DRIVERS\filedisk.sys
Address: 0xF7B69000
Size: 8192 bytes

Driver: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xF7AFF000
Size: 8192 bytes

Driver: intelide.sys
Address: 0xF7ADF000
Size: 8192 bytes

Driver: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xF7ADB000
Size: 8192 bytes

Driver: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xF7B03000
Size: 8192 bytes

Driver: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xF7B01000
Size: 8192 bytes

Driver: C:\WINDOWS\system32\DRIVERS\swenum.sys
Address: 0xF7B8F000
Size: 8192 bytes

Driver: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Address: 0xF7B91000
Size: 8192 bytes

Driver: C:\WINDOWS\system32\DRIVERS\WMILIB.SYS
Address: 0xF7ADD000
Size: 8192 bytes

Driver: C:\WINDOWS\system32\DRIVERS\audstub.sys
Address: 0xF7D30000
Size: 4096 bytes

Driver: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xF7C8B000
Size: 4096 bytes

Driver: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xF7CF7000
Size: 4096 bytes

Driver: pciide.sys
Address: 0xF7BA3000
Size: 4096 bytes

==============================================
>Stealth
==============================================
>Files

Suspect File: C:\Documents and Settings\All Users\Application Data\AVG10\Chjw\5410954a10953448\35a5ec3f-889f-402e-b8ae-7e0de7b46126 Status: Hidden


Suspect File: C:\Documents and Settings\All Users\Application Data\AVG10\Chjw\5410954a10953448\8a3a953e-d162-481c-b15c-c32524f1a156 Status: Hidden


Suspect File: C:\Documents and Settings\All Users\Application Data\Real\setup\config.ini::$DATA Status: Hidden


Suspect File: C:\Qoobox\BackEnv\AppData.folder.dat Status: Hidden


Suspect File: C:\Qoobox\BackEnv\Cache.folder.dat Status: Hidden


Suspect File: C:\Qoobox\BackEnv\Cookies.folder.dat Status: Hidden


Suspect File: C:\Qoobox\BackEnv\Desktop.folder.dat Status: Hidden


Suspect File: C:\Qoobox\BackEnv\Favorites.folder.dat Status: Hidden


Suspect File: C:\Qoobox\BackEnv\History.folder.dat Status: Hidden


Suspect File: C:\Qoobox\BackEnv\LocalAppData.folder.dat Status: Hidden


Suspect File: C:\Qoobox\BackEnv\LocalSettings.folder.dat Status: Hidden


Suspect File: C:\Qoobox\BackEnv\Music.folder.dat Status: Hidden


Suspect File: C:\Qoobox\BackEnv\NetHood.folder.dat Status: Hidden


Suspect File: C:\Qoobox\BackEnv\Personal.folder.dat Status: Hidden


Suspect File: C:\Qoobox\BackEnv\Pictures.folder.dat Status: Hidden


Suspect File: C:\Qoobox\BackEnv\PrintHood.folder.dat Status: Hidden


Suspect File: C:\Qoobox\BackEnv\Profiles.Folder.dat Status: Hidden


Suspect File: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat Status: Hidden


Suspect File: C:\Qoobox\BackEnv\Programs.folder.dat Status: Hidden


Suspect File: C:\Qoobox\BackEnv\Recent.folder.dat Status: Hidden


Suspect File: C:\Qoobox\BackEnv\SendTo.folder.dat Status: Hidden


Suspect File: C:\Qoobox\BackEnv\SetPath.bat Status: Hidden


Suspect File: C:\Qoobox\BackEnv\StartMenu.folder.dat Status: Hidden


Suspect File: C:\Qoobox\BackEnv\StartUp.folder.dat Status: Hidden


Suspect File: C:\Qoobox\BackEnv\SysPath.dat Status: Hidden


Suspect File: C:\Qoobox\BackEnv\Templates.folder.dat Status: Hidden


Suspect File: C:\Qoobox\BackEnv\VikPev00 Status: Hidden


Suspect File: C:\WINDOWS\Prefetch\RUNDLL32.EXE-4EE39BB6.pf Status: Hidden


Suspect File: C:\WINDOWS\Prefetch\RUNDLL32.EXE-4F31892D.pf Status: Hidden

==============================================
>Hooks

ntkrnlpa.exe+0x0002AFC0, Type: Inline - RelativeJump 0x80501FC0 [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002B012, Type: Inline - RelativeJump 0x80502012 [ntkrnlpa.exe]
ntkrnlpa.exe+0x0006AA9A, Type: Inline - RelativeJump 0x80541A9A [ntkrnlpa.exe]
[1620]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218 [shimeng.dll]
[1620]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4 [shimeng.dll]
[1620]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268 [shimeng.dll]
[1620]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4 [shimeng.dll]
[1620]explorer.exe-->user32.dll-->GetCursorPos, Type: Inline - RelativeJump 0x7E42974E [hd14A_module.dat]
[1620]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C [shimeng.dll]
[1620]explorer.exe-->user32.dll-->MessageBoxIndirectA, Type: Inline - RelativeJump 0x7E43A082 [hd14A_module.dat]
[1620]explorer.exe-->user32.dll-->MessageBoxIndirectW, Type: Inline - RelativeJump 0x7E4664D5 [hd14A_module.dat]
[1620]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D931480 [shimeng.dll]
[1620]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C [shimeng.dll]
[244]WINWORD.EXE-->kernel32.dll-->SetUnhandledExceptionFilter, Type: Inline - RelativeJump 0x7C84495D [MSO.DLL]

#12 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:04:24 AM

Posted 07 November 2010 - 05:55 PM

I dont recognize any malware. Try running system file checker. Also not sure if thats the latest version of RKU.
Run start and type in sfc /scannow
note the space after the c and before the /
You may be asked for a Windows installation disk.

How Can I Reduce My Risk to Malware?


#13 snowboarder5150

snowboarder5150
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:24 AM

Posted 08 November 2010 - 12:22 PM

I ran the scan twice, by the time I came back to my computer, the window was gone. Does it automatically close when it's done? Does it produce a log somewhere? I should also note that IE windows continue to pop up.

#14 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:04:24 AM

Posted 08 November 2010 - 05:56 PM

It does produce a log in Vista, not sure about XP. I think you would have gotten a prompt somewhere along the way. It was a long shot really. We will get another download to use;

Please also download MBRcheck to your desktop


* Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
* It will show a Black screen with some information that will contain either the below line if no problem is found:
o Done! Press ENTER to exit...

* Or you will see more information like below if a problem is found:
o Found non-standard or infected MBR.
o Enter 'Y' and hit ENTER for more options, or 'N' to exit:

* Either way, just choose to exit the program at this point since we want to see only the scan results to begin with.
* MBRCheck will create a log on your desktop named similar to MBRCheck_07.16.10_00.32.33.txt which is random based on date and time.
* Attach this log to your next message.

How Can I Reduce My Risk to Malware?


#15 snowboarder5150

snowboarder5150
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:24 AM

Posted 08 November 2010 - 10:04 PM

I'm posting the MBR log below:

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000800c

Kernel Drivers (total 134):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806D0000 \WINDOWS\system32\hal.dll
0xF7ADB000 \WINDOWS\system32\KDCOM.DLL
0xF79EB000 \WINDOWS\system32\BOOTVID.dll
0xF74AC000 ACPI.sys
0xF7ADD000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF749B000 pci.sys
0xF75DB000 ohci1394.sys
0xF75EB000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF75FB000 isapnp.sys
0xF79EF000 compbatt.sys
0xF79F3000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7BA3000 pciide.sys
0xF785B000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7ADF000 intelide.sys
0xF747D000 pcmcia.sys
0xF760B000 MountMgr.sys
0xF745E000 ftdisk.sys
0xF7AE1000 dmload.sys
0xF7438000 dmio.sys
0xF7863000 PartMgr.sys
0xF761B000 VolSnap.sys
0xF7420000 atapi.sys
0xF786B000 cercsr6.sys
0xF7408000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xF762B000 disk.sys
0xF763B000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF73E8000 fltmgr.sys
0xF73D6000 sr.sys
0xF764B000 PxHelp20.sys
0xF73BF000 KSecDD.sys
0xF7332000 Ntfs.sys
0xF7305000 NDIS.sys
0xF72EB000 Mup.sys
0xF7873000 avgrkx86.sys
0xF765B000 AVGIDSEH.Sys
0xF76CB000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF7AB3000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF6310000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xF62FC000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF78EB000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF62D8000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF78F3000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF76DB000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys
0xF76EB000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF62C4000 \SystemRoot\system32\DRIVERS\sdbus.sys
0xF5F78000 \SystemRoot\system32\DRIVERS\w29n51.sys
0xF5F35000 \SystemRoot\system32\drivers\STAC97.sys
0xF5F11000 \SystemRoot\system32\drivers\portcls.sys
0xF76FB000 \SystemRoot\system32\drivers\drmk.sys
0xF5EEE000 \SystemRoot\system32\drivers\ks.sys
0xF5EBD000 \SystemRoot\system32\DRIVERS\HSFHWICH.sys
0xF5DBE000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
0xF5D16000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF78FB000 \SystemRoot\System32\Drivers\Modem.SYS
0xF770B000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF5CFC000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0xF790B000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7913000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF771B000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF772B000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF773B000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF792B000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xF5CBF000 \SystemRoot\system32\DRIVERS\iwca.sys
0xF7D30000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF774B000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7AC7000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF5CA8000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF775B000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF776B000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7933000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF5C97000 \SystemRoot\system32\DRIVERS\psched.sys
0xF7010000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF4E21000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF78DB000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF4AD2000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF4B42000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7B8F000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF4A74000 \SystemRoot\system32\DRIVERS\update.sys
0xF5171000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF4B32000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF4B22000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7B91000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF4B12000 \SystemRoot\system32\DRIVERS\avgmfx86.sys
0xF7AFF000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7CF7000 \SystemRoot\System32\Drivers\Null.SYS
0xF7B09000 \SystemRoot\System32\Drivers\Beep.SYS
0xF78CB000 \SystemRoot\System32\drivers\vga.sys
0xF7B03000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7B01000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF78D3000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF79DB000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF72A2000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF2A41000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF29E8000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF29A0000 \SystemRoot\system32\DRIVERS\avgtdix.sys
0xF297A000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF2952000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF2930000 \SystemRoot\System32\drivers\afd.sys
0xF4B02000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF767B000 \SystemRoot\System32\Drivers\SCDEmu.SYS
0xF2905000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF57C8000 \SystemRoot\SYSTEM32\DRIVERS\OMCI.SYS
0xF2895000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF5BAA000 \SystemRoot\System32\Drivers\Fips.SYS
0xF2859000 \SystemRoot\system32\DRIVERS\avgldx86.sys
0xF6FC0000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF5BDA000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xF2835000 \SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS
0xF27A8000 \SystemRoot\System32\Drivers\Udfs.SYS
0xF2790000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7B9B000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF27D5000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7903000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7C8B000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xBA7C4000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xBA7B4000 \SystemRoot\system32\DRIVERS\s24trans.sys
0xBA750000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB9782000 \SystemRoot\system32\drivers\wdmaud.sys
0xB9E40000 \SystemRoot\system32\drivers\sysaudio.sys
0xB97C7000 \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys
0xF7B69000 \??\C:\WINDOWS\SYSTEM32\DRIVERS\filedisk.sys
0xB92DB000 \SystemRoot\System32\Drivers\HTTP.sys
0xB92BF000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xB9193000 \SystemRoot\system32\DRIVERS\srv.sys
0xB9273000 \SystemRoot\system32\DRIVERS\AVGIDSFilter.Sys
0xB9053000 \SystemRoot\system32\DRIVERS\AVGIDSDriver.Sys
0xB8F53000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF7B37000 \SystemRoot\System32\Drivers\hiber_WMILIB.SYS
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 55):
0 System Idle Process
4 System
1156 C:\WINDOWS\system32\smss.exe
1228 C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
2028 csrss.exe
400 C:\WINDOWS\system32\winlogon.exe
760 C:\WINDOWS\system32\services.exe
780 C:\WINDOWS\system32\lsass.exe
1496 C:\WINDOWS\system32\svchost.exe
744 svchost.exe
184 C:\WINDOWS\system32\svchost.exe
416 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
832 C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
944 C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
952 C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
1600 svchost.exe
1880 svchost.exe
1516 C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
1016 C:\WINDOWS\system32\LEXBCES.EXE
1652 C:\WINDOWS\system32\spoolsv.exe
1820 C:\WINDOWS\system32\LEXPPS.EXE
1140 C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
1732 C:\Program Files\Apoint\Apoint.exe
840 C:\Program Files\AVG\AVG10\avgtray.exe
252 C:\Program Files\Apoint\ApntEx.exe
1976 C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
2200 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2228 C:\Program Files\AVG\AVG10\avgwdsvc.exe
2288 C:\Program Files\Bonjour\mDNSResponder.exe
2876 C:\WINDOWS\system32\dlcgcoms.exe
3080 C:\WINDOWS\ehome\ehRecvr.exe
3248 C:\WINDOWS\ehome\ehSched.exe
3804 C:\Program Files\Java\jre6\bin\jqs.exe
4076 C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
1984 C:\WINDOWS\system32\nvsvc32.exe
1780 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
1936 C:\WINDOWS\system32\svchost.exe
2816 mcrdsvc.exe
2980 C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
3848 C:\Program Files\AVG\AVG10\avgnsx.exe
3864 C:\Program Files\AVG\AVG10\avgemcx.exe
2436 C:\WINDOWS\system32\dllhost.exe
3172 alg.exe
692 wmiprvse.exe
1068 C:\PROGRA~1\AVG\AVG10\avgrsx.exe
2628 C:\Program Files\AVG\AVG10\avgcsrvx.exe
1484 C:\Program Files\Mozilla Firefox\firefox.exe
3200 C:\Program Files\DAEMON Tools Pro\DTProShellHlp.exe
2872 C:\Program Files\AVG\AVG10\avgui.exe
1284 C:\WINDOWS\system32\ctfmon.exe
2328 C:\Program Files\Mozilla Firefox\plugin-container.exe
1188 C:\WINDOWS\system32\taskmgr.exe
5120 C:\WINDOWS\explorer.exe
1368 C:\WINDOWS\system32\wuauclt.exe
4596 C:\Documents and Settings\TY$\My Documents\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`02f10c00 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK8026GAX, Rev: PA002D

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users