Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google gets redirected. Please help


  • Please log in to reply
12 replies to this topic

#1 dannybito

dannybito

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:55 AM

Posted 07 December 2010 - 04:57 AM

I've been trying to fix this problem on my own but to no avail. So i'm turning to you experts. My google searches and even websites get redirected.I've scanned with MalwareBytes, TDSS Killer and SUPERantispyware but the problem keeps persistent that is why I think it's a Rootkit. My default browser is Google Chrome but Internet Explorer gets redirected too. Please help, I've attached an OTL report and a Rootkit Unhooker report because I thought it'd help to make the process quicker.





RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0xBFA87000 C:\WINDOWS\System32\ati3duag.dll 2519040 bytes (ATI Technologies Inc. , ati3duag.dll)
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2189056 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2189056 bytes
0x804D7000 RAW 2189056 bytes
0x804D7000 WMIxWDM 2189056 bytes
0xBF800000 Win32k 1847296 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1847296 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF6F7B000 C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 1466368 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)
0xBFCEE000 C:\WINDOWS\System32\ativvaxx.dll 1093632 bytes (ATI Technologies Inc. , Radeon Video Acceleration Universal Driver)
0xF6CCE000 C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS 1036288 bytes (Conexant Systems, Inc., HSF_DP driver)
0xF6C21000 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 708608 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xF72FD000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xF4880000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF6E9A000 C:\WINDOWS\system32\DRIVERS\bcmwl5.sys 425984 bytes (Broadcom Corporation, Broadcom 802.11 Network Adapter wireless driver)
0xF6B43000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xF49AF000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xF1F1A000 C:\WINDOWS\system32\DRIVERS\srv.sys 335872 bytes (Microsoft Corporation, Server driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xBF9D5000 C:\WINDOWS\System32\ati2dvag.dll 270336 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)
0xF1C31000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF6E22000 C:\WINDOWS\system32\drivers\stac97.sys 266240 bytes (SigmaTel, Inc., SigmaTel Audio Driver (WDM))
0xBFA17000 C:\WINDOWS\System32\ati2cqag.dll 237568 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module)
0xBFA51000 C:\WINDOWS\System32\atikvmag.dll 221184 bytes (ATI Technologies Inc., Virtual Command And Memory Manager)
0xF6DCB000 C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys 208896 bytes (Conexant Systems, Inc., HSFHWICH WDM driver)
0xF6BA1000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF7545000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xF20AC000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF72D0000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xF1890000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xF4918000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xF6F19000 C:\WINDOWS\system32\DRIVERS\b57xp32.sys 172032 bytes (Broadcom Corporation, Broadcom NetXtreme Gigabit Ethernet NDIS5.1 Driver.)
0xF4987000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF485A000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xF6DFE000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF6F43000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF6E63000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xF4965000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xF4943000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0xF73B4000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF73EC000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF740B000 pcmcia.sys 122880 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0xF483C000 C:\WINDOWS\System32\Drivers\usbvideo.sys 122880 bytes (Microsoft Corporation, USB Video Class Driver)
0xF72B6000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF73D4000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF4824000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF7429000 C:\WINDOWS\System32\Drivers\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xF739D000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF6C0A000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xF6F02000 C:\WINDOWS\system32\DRIVERS\ozscr.sys 94208 bytes (O2Micro, OZSCR)
0xF22BF000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF6E86000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF6F67000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0x806EE000 ACPI_HAL 81152 bytes
0x806EE000 C:\WINDOWS\system32\hal.dll 81152 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF4A08000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xF738A000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xBF9C3000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF7534000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF6BF9000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF76A4000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF77A4000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF7784000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF77C4000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF77B4000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xF261C000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF7644000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF75D4000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF7774000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF77D4000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF75B4000 VolSnap.sys 53248 bytes
0xF77F4000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF75E4000 agp440.sys 45056 bytes (Microsoft Corporation, 440 NT AGP Filter)
0xF7674000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF7794000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF75A4000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF77E4000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF7594000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF7614000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF7604000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF75C4000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF7764000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF7804000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF7664000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xF253C000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF7684000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF794C000 C:\ComboFix\catchme.sys 32768 bytes
0xF78D4000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF791C000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF792C000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xF78BC000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF7814000 C:\WINDOWS\System32\Drivers\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF78CC000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF78C4000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF7924000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0xF78B4000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF790C000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF7914000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF781C000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF78E4000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF78EC000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF78DC000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF793C000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF79AC000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xF7A60000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xF7A8C000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xF26CC000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF7A68000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF7A64000 C:\WINDOWS\system32\DRIVERS\SMCLIB.SYS 16384 bytes (Microsoft Corporation, Smard Card Driver Library)
0xF79A4000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF79A8000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xF6BE5000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF2078000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 12288 bytes (Conexant, Diagnostic Interface DRIVER)
0xF7A70000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF7A2C000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF7AB6000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7AC2000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF7AB4000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7A98000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xF7A94000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7AB8000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7B4E000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF7B48000 C:\WINDOWS\system32\Drivers\PROCEXP113.SYS 8192 bytes
0xF7ABA000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7AAE000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7AB0000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7A96000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7C68000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7BD6000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7CE6000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7B5C000 PCIIde.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================
0xF75B4000 WARNING: Virus alike driver modification [VolSnap.sys], 53248 bytes


!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)

Attached Files



BC AdBot (Login to Remove)

 


#2 sjpritch25

sjpritch25

  • Security Colleague
  • 899 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Coast of Florida, USA
  • Local time:01:55 AM

Posted 14 December 2010 - 10:21 PM

Welcome to BC :)

Did you run TDSSKILLER?
Microsoft MVP Consumer Security--2007-2010

#3 dannybito

dannybito
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:55 AM

Posted 15 December 2010 - 02:36 PM

Yes,yes I did.

#4 sjpritch25

sjpritch25

  • Security Colleague
  • 899 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Coast of Florida, USA
  • Local time:01:55 AM

Posted 15 December 2010 - 08:14 PM

did it find anything? There should be a log file in C: drive called TDSSkiller.......txt. Please post the log. Thanks
Microsoft MVP Consumer Security--2007-2010

#5 dannybito

dannybito
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:55 AM

Posted 16 December 2010 - 12:17 AM

2010/12/15 20:46:04.0922 TDSS rootkit removing tool 2.4.10.1 Dec 2 2010 12:28:01
2010/12/15 20:46:04.0922 ================================================================================
2010/12/15 20:46:04.0922 SystemInfo:
2010/12/15 20:46:04.0922
2010/12/15 20:46:04.0922 OS Version: 5.1.2600 ServicePack: 3.0
2010/12/15 20:46:04.0922 Product type: Workstation
2010/12/15 20:46:04.0922 ComputerName: ADMIN
2010/12/15 20:46:04.0922 UserName: Administrator
2010/12/15 20:46:04.0922 Windows directory: C:\WINDOWS
2010/12/15 20:46:04.0922 System windows directory: C:\WINDOWS
2010/12/15 20:46:04.0922 Processor architecture: Intel x86
2010/12/15 20:46:04.0922 Number of processors: 1
2010/12/15 20:46:04.0922 Page size: 0x1000
2010/12/15 20:46:04.0922 Boot type: Normal boot
2010/12/15 20:46:04.0922 ================================================================================
2010/12/15 20:46:05.0553 Initialize success
2010/12/15 20:46:11.0201 ================================================================================
2010/12/15 20:46:11.0201 Scan started
2010/12/15 20:46:11.0201 Mode: Manual;
2010/12/15 20:46:11.0201 ================================================================================
2010/12/15 20:46:14.0326 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/12/15 20:46:14.0416 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/12/15 20:46:14.0546 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/12/15 20:46:14.0676 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/12/15 20:46:14.0716 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/12/15 20:46:16.0028 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/12/15 20:46:16.0369 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/12/15 20:46:16.0649 ati2mtag (246248aada156450be611eceaa5fe033) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2010/12/15 20:46:16.0799 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/12/15 20:46:17.0600 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/12/15 20:46:17.0851 b57w2k (3a3a82ffd268bcfb7ae6a48cecf00ad9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2010/12/15 20:46:18.0081 BCM43XX (69f940672be0ecee5bd1e905706ba8ce) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2010/12/15 20:46:18.0562 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/12/15 20:46:18.0832 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/12/15 20:46:19.0123 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/12/15 20:46:19.0964 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/12/15 20:46:20.0485 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/12/15 20:46:20.0955 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/12/15 20:46:21.0326 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/12/15 20:46:21.0396 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/12/15 20:46:21.0586 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/12/15 20:46:21.0656 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/12/15 20:46:21.0887 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/12/15 20:46:21.0937 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/12/15 20:46:22.0017 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/12/15 20:46:22.0217 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/12/15 20:46:22.0327 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/12/15 20:46:22.0427 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2010/12/15 20:46:22.0507 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/12/15 20:46:22.0558 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/12/15 20:46:22.0648 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2010/12/15 20:46:23.0269 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/12/15 20:46:23.0399 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/12/15 20:46:23.0599 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/12/15 20:46:23.0739 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/12/15 20:46:24.0330 HSFHWICH (a84bbbdd125d370593004f6429f8445c) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
2010/12/15 20:46:24.0520 HSF_DPV (b678fa91cf4a1c19b462d8db04cd02ab) C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS
2010/12/15 20:46:24.0691 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/12/15 20:46:25.0021 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/12/15 20:46:25.0071 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/12/15 20:46:25.0231 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/12/15 20:46:25.0261 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/12/15 20:46:25.0332 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2010/12/15 20:46:25.0402 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/12/15 20:46:25.0502 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/12/15 20:46:25.0572 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/12/15 20:46:25.0622 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/12/15 20:46:25.0842 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/12/15 20:46:25.0932 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/12/15 20:46:26.0093 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/12/15 20:46:26.0203 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/12/15 20:46:26.0303 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/12/15 20:46:26.0493 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/12/15 20:46:26.0754 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/12/15 20:46:26.0894 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/12/15 20:46:27.0024 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/12/15 20:46:27.0144 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/12/15 20:46:27.0214 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/12/15 20:46:27.0334 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/12/15 20:46:27.0455 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/12/15 20:46:27.0675 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/12/15 20:46:27.0805 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/12/15 20:46:27.0865 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/12/15 20:46:28.0106 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/12/15 20:46:28.0216 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/12/15 20:46:28.0316 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/12/15 20:46:28.0356 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/12/15 20:46:28.0426 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/12/15 20:46:28.0666 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/12/15 20:46:28.0787 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/12/15 20:46:28.0847 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/12/15 20:46:28.0897 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/12/15 20:46:29.0017 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/12/15 20:46:29.0067 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/12/15 20:46:29.0137 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/12/15 20:46:29.0237 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/12/15 20:46:29.0468 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/12/15 20:46:29.0558 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/12/15 20:46:29.0928 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/12/15 20:46:29.0988 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/12/15 20:46:30.0058 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/12/15 20:46:30.0179 OZSCR (ab2b07ac4afd38f574d903eaf9e98a60) C:\WINDOWS\system32\DRIVERS\ozscr.sys
2010/12/15 20:46:30.0269 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/12/15 20:46:30.0329 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/12/15 20:46:30.0519 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/12/15 20:46:31.0130 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/12/15 20:46:31.0601 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
2010/12/15 20:46:31.0901 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2010/12/15 20:46:32.0191 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/12/15 20:46:32.0221 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/12/15 20:46:32.0272 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/12/15 20:46:32.0432 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/12/15 20:46:32.0512 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/12/15 20:46:32.0552 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/12/15 20:46:32.0572 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/12/15 20:46:32.0622 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/12/15 20:46:32.0652 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/12/15 20:46:32.0742 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/12/15 20:46:32.0812 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/12/15 20:46:32.0892 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/12/15 20:46:33.0083 RT61 (b1a055f3b4cf2a60ada63009f157126c) C:\WINDOWS\system32\DRIVERS\RT61.sys
2010/12/15 20:46:33.0273 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2010/12/15 20:46:33.0293 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2010/12/15 20:46:33.0613 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/12/15 20:46:33.0704 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/12/15 20:46:33.0754 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/12/15 20:46:33.0814 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/12/15 20:46:33.0944 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/12/15 20:46:34.0184 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/12/15 20:46:34.0304 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
2010/12/15 20:46:34.0715 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/12/15 20:46:34.0825 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/12/15 20:46:35.0106 STAC97 (5813d453ef8ce49d607c255cf128aceb) C:\WINDOWS\system32\drivers\stac97.sys
2010/12/15 20:46:35.0226 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/12/15 20:46:35.0426 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/12/15 20:46:35.0586 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/12/15 20:46:35.0827 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/12/15 20:46:35.0937 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/12/15 20:46:36.0267 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/12/15 20:46:36.0858 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/12/15 20:46:38.0340 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/12/15 20:46:41.0305 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/12/15 20:46:45.0210 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/12/15 20:46:46.0512 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/12/15 20:46:47.0463 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/12/15 20:46:48.0285 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/12/15 20:46:48.0555 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/12/15 20:46:49.0176 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/12/15 20:46:50.0418 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/12/15 20:46:50.0648 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/12/15 20:46:50.0788 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2010/12/15 20:46:50.0888 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/12/15 20:46:51.0029 VolSnap (31eda41f98868b92eeed6e16d7424a86) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/12/15 20:46:51.0189 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/12/15 20:46:51.0319 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/12/15 20:46:51.0499 winachsf (0c5b9cf1bdf998750d9c5eeb5f8c55ac) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2010/12/15 20:46:52.0040 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2010/12/15 20:46:52.0200 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/12/15 20:46:52.0300 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/12/15 20:46:52.0410 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/12/15 20:46:53.0112 ================================================================================
2010/12/15 20:46:53.0112 Scan finished
2010/12/15 20:46:53.0112 ================================================================================
2010/12/15 20:46:58.0059 Deinitialize success

#6 dannybito

dannybito
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:55 AM

Posted 16 December 2010 - 12:17 AM

2010/12/15 20:46:04.0922 TDSS rootkit removing tool 2.4.10.1 Dec 2 2010 12:28:01
2010/12/15 20:46:04.0922 ================================================================================
2010/12/15 20:46:04.0922 SystemInfo:
2010/12/15 20:46:04.0922
2010/12/15 20:46:04.0922 OS Version: 5.1.2600 ServicePack: 3.0
2010/12/15 20:46:04.0922 Product type: Workstation
2010/12/15 20:46:04.0922 ComputerName: ADMIN
2010/12/15 20:46:04.0922 UserName: Administrator
2010/12/15 20:46:04.0922 Windows directory: C:\WINDOWS
2010/12/15 20:46:04.0922 System windows directory: C:\WINDOWS
2010/12/15 20:46:04.0922 Processor architecture: Intel x86
2010/12/15 20:46:04.0922 Number of processors: 1
2010/12/15 20:46:04.0922 Page size: 0x1000
2010/12/15 20:46:04.0922 Boot type: Normal boot
2010/12/15 20:46:04.0922 ================================================================================
2010/12/15 20:46:05.0553 Initialize success
2010/12/15 20:46:11.0201 ================================================================================
2010/12/15 20:46:11.0201 Scan started
2010/12/15 20:46:11.0201 Mode: Manual;
2010/12/15 20:46:11.0201 ================================================================================
2010/12/15 20:46:14.0326 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/12/15 20:46:14.0416 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/12/15 20:46:14.0546 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/12/15 20:46:14.0676 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/12/15 20:46:14.0716 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/12/15 20:46:16.0028 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/12/15 20:46:16.0369 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/12/15 20:46:16.0649 ati2mtag (246248aada156450be611eceaa5fe033) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2010/12/15 20:46:16.0799 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/12/15 20:46:17.0600 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/12/15 20:46:17.0851 b57w2k (3a3a82ffd268bcfb7ae6a48cecf00ad9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2010/12/15 20:46:18.0081 BCM43XX (69f940672be0ecee5bd1e905706ba8ce) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2010/12/15 20:46:18.0562 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/12/15 20:46:18.0832 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/12/15 20:46:19.0123 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/12/15 20:46:19.0964 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/12/15 20:46:20.0485 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/12/15 20:46:20.0955 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/12/15 20:46:21.0326 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/12/15 20:46:21.0396 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/12/15 20:46:21.0586 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/12/15 20:46:21.0656 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/12/15 20:46:21.0887 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/12/15 20:46:21.0937 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/12/15 20:46:22.0017 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/12/15 20:46:22.0217 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/12/15 20:46:22.0327 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/12/15 20:46:22.0427 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2010/12/15 20:46:22.0507 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/12/15 20:46:22.0558 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/12/15 20:46:22.0648 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2010/12/15 20:46:23.0269 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/12/15 20:46:23.0399 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/12/15 20:46:23.0599 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/12/15 20:46:23.0739 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/12/15 20:46:24.0330 HSFHWICH (a84bbbdd125d370593004f6429f8445c) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
2010/12/15 20:46:24.0520 HSF_DPV (b678fa91cf4a1c19b462d8db04cd02ab) C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS
2010/12/15 20:46:24.0691 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/12/15 20:46:25.0021 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/12/15 20:46:25.0071 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/12/15 20:46:25.0231 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/12/15 20:46:25.0261 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/12/15 20:46:25.0332 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2010/12/15 20:46:25.0402 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/12/15 20:46:25.0502 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/12/15 20:46:25.0572 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/12/15 20:46:25.0622 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/12/15 20:46:25.0842 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/12/15 20:46:25.0932 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/12/15 20:46:26.0093 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/12/15 20:46:26.0203 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/12/15 20:46:26.0303 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/12/15 20:46:26.0493 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/12/15 20:46:26.0754 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/12/15 20:46:26.0894 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/12/15 20:46:27.0024 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/12/15 20:46:27.0144 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/12/15 20:46:27.0214 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/12/15 20:46:27.0334 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/12/15 20:46:27.0455 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/12/15 20:46:27.0675 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/12/15 20:46:27.0805 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/12/15 20:46:27.0865 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/12/15 20:46:28.0106 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/12/15 20:46:28.0216 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/12/15 20:46:28.0316 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/12/15 20:46:28.0356 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/12/15 20:46:28.0426 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/12/15 20:46:28.0666 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/12/15 20:46:28.0787 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/12/15 20:46:28.0847 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/12/15 20:46:28.0897 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/12/15 20:46:29.0017 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/12/15 20:46:29.0067 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/12/15 20:46:29.0137 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/12/15 20:46:29.0237 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/12/15 20:46:29.0468 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/12/15 20:46:29.0558 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/12/15 20:46:29.0928 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/12/15 20:46:29.0988 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/12/15 20:46:30.0058 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/12/15 20:46:30.0179 OZSCR (ab2b07ac4afd38f574d903eaf9e98a60) C:\WINDOWS\system32\DRIVERS\ozscr.sys
2010/12/15 20:46:30.0269 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/12/15 20:46:30.0329 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/12/15 20:46:30.0519 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/12/15 20:46:31.0130 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/12/15 20:46:31.0601 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
2010/12/15 20:46:31.0901 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2010/12/15 20:46:32.0191 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/12/15 20:46:32.0221 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/12/15 20:46:32.0272 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/12/15 20:46:32.0432 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/12/15 20:46:32.0512 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/12/15 20:46:32.0552 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/12/15 20:46:32.0572 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/12/15 20:46:32.0622 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/12/15 20:46:32.0652 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/12/15 20:46:32.0742 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/12/15 20:46:32.0812 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/12/15 20:46:32.0892 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/12/15 20:46:33.0083 RT61 (b1a055f3b4cf2a60ada63009f157126c) C:\WINDOWS\system32\DRIVERS\RT61.sys
2010/12/15 20:46:33.0273 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2010/12/15 20:46:33.0293 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2010/12/15 20:46:33.0613 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/12/15 20:46:33.0704 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/12/15 20:46:33.0754 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/12/15 20:46:33.0814 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/12/15 20:46:33.0944 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/12/15 20:46:34.0184 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/12/15 20:46:34.0304 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
2010/12/15 20:46:34.0715 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/12/15 20:46:34.0825 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/12/15 20:46:35.0106 STAC97 (5813d453ef8ce49d607c255cf128aceb) C:\WINDOWS\system32\drivers\stac97.sys
2010/12/15 20:46:35.0226 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/12/15 20:46:35.0426 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/12/15 20:46:35.0586 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/12/15 20:46:35.0827 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/12/15 20:46:35.0937 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/12/15 20:46:36.0267 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/12/15 20:46:36.0858 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/12/15 20:46:38.0340 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/12/15 20:46:41.0305 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/12/15 20:46:45.0210 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/12/15 20:46:46.0512 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/12/15 20:46:47.0463 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/12/15 20:46:48.0285 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/12/15 20:46:48.0555 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/12/15 20:46:49.0176 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/12/15 20:46:50.0418 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/12/15 20:46:50.0648 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/12/15 20:46:50.0788 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2010/12/15 20:46:50.0888 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/12/15 20:46:51.0029 VolSnap (31eda41f98868b92eeed6e16d7424a86) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/12/15 20:46:51.0189 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/12/15 20:46:51.0319 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/12/15 20:46:51.0499 winachsf (0c5b9cf1bdf998750d9c5eeb5f8c55ac) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2010/12/15 20:46:52.0040 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2010/12/15 20:46:52.0200 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/12/15 20:46:52.0300 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/12/15 20:46:52.0410 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/12/15 20:46:53.0112 ================================================================================
2010/12/15 20:46:53.0112 Scan finished
2010/12/15 20:46:53.0112 ================================================================================
2010/12/15 20:46:58.0059 Deinitialize success

#7 sjpritch25

sjpritch25

  • Security Colleague
  • 899 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Coast of Florida, USA
  • Local time:01:55 AM

Posted 16 December 2010 - 11:13 AM

Download Combofix from this webpage: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.


--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" .
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

Microsoft MVP Consumer Security--2007-2010

#8 dannybito

dannybito
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:55 AM

Posted 16 December 2010 - 02:34 PM

ComboFix 10-12-15.07 - Administrator 12/16/2010 14:07:40.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.694 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\bbbxxxxxxx.exe
c:\documents and settings\Administrator\Application Data\dwm.exe
c:\documents and settings\Administrator\Application Data\Microsoft\conhost.exe
c:\documents and settings\Administrator\Application Data\Microsoft\stor.cfg

c:\windows\system32\winlogon.exe . . . is infected!!

c:\windows\explorer.exe . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2010-11-16 to 2010-12-16 )))))))))))))))))))))))))))))))
.

2010-12-15 02:14 . 2010-12-15 02:14 -------- d-----w- c:\program files\Daniel Corp
2010-12-08 19:38 . 2010-12-08 19:38 -------- d-----w- c:\documents and settings\Administrator\.yawcam
2010-12-08 19:38 . 2010-12-08 19:38 -------- d-----w- c:\program files\Yawcam
2010-12-07 09:01 . 2010-12-07 09:01 -------- d-----w- C:\!KillBox
2010-12-07 08:08 . 2010-12-07 08:23 -------- d-----w- C:\TDSSKiller_Quarantine
2010-12-07 06:44 . 2010-12-07 06:58 -------- d-----w- c:\windows\system32\NtmsData
2010-12-07 02:38 . 2010-12-07 02:38 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-12-07 02:38 . 2010-12-07 02:38 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2010-12-07 02:37 . 2010-12-16 06:56 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-12-07 00:29 . 2010-12-07 00:27 182784 ----a-w- c:\windows\Pqahea.exe
2010-12-07 00:26 . 2010-12-07 01:41 0 ----a-w- c:\windows\system32\drivers\ciwkpqrp.sys
2010-12-06 21:26 . 2008-04-14 05:16 17024 -c--a-w- c:\windows\system32\dllcache\ccdecode.sys
2010-12-06 21:26 . 2008-04-14 05:16 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2010-12-06 21:26 . 2008-04-14 10:42 91136 ----a-w- c:\windows\system32\kswdmcap.ax
2010-12-06 21:26 . 2008-04-14 10:42 28672 ----a-w- c:\windows\system32\vidcap.ax
2010-12-06 21:26 . 2008-04-14 10:42 61952 ----a-w- c:\windows\system32\kstvtune.ax
2010-12-06 21:26 . 2008-04-14 10:42 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2010-12-06 21:26 . 2008-04-14 10:42 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2010-12-06 21:26 . 2008-04-14 05:16 121984 -c--a-w- c:\windows\system32\dllcache\usbvideo.sys
2010-12-06 21:26 . 2008-04-14 05:16 121984 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2010-12-06 21:26 . 2008-04-14 10:42 43008 ----a-w- c:\windows\system32\ksxbar.ax
2010-12-06 21:26 . 2008-04-14 10:42 20992 ----a-w- c:\windows\system32\dshowext.ax

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-07 08:21 . 2008-04-14 11:00 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
2010-11-29 22:42 . 2004-06-10 23:36 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-29 22:42 . 2004-06-10 23:35 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-18 17:23 . 2008-04-14 11:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2008-04-14 11:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2008-04-14 11:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2008-04-14 11:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
.

------- Sigcheck -------

[-] 2008-04-14 . 0AE8272577FDBAF26C9B37B9ADCC3E5F . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

[-] 2008-04-14 . 33B7F71596566C87F15B396332AFE199 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe

[-] 2008-05-08 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-12-07_08.52.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-12-16 18:45 . 2010-12-16 18:45 16384 c:\windows\Temp\Perflib_Perfdata_288.dat
+ 2010-12-16 19:23 . 2010-12-16 19:23 16384 c:\windows\Temp\Perflib_Perfdata_21c.dat
+ 2008-04-14 11:00 . 2009-06-25 08:25 54272 c:\windows\system32\wdigest.dll
+ 2008-04-14 11:00 . 2010-06-21 14:46 46080 c:\windows\system32\tzchange.exe
+ 2008-04-14 11:00 . 2009-06-12 12:31 80896 c:\windows\system32\tlntsess.exe
+ 2008-04-14 11:00 . 2009-06-12 12:31 76288 c:\windows\system32\telnet.exe
- 2008-12-07 02:36 . 2008-07-09 07:38 26488 c:\windows\system32\spupdsvc.exe
+ 2008-12-07 02:36 . 2007-07-28 04:11 26488 c:\windows\system32\spupdsvc.exe
+ 2008-04-14 11:00 . 2010-08-17 13:17 58880 c:\windows\system32\spoolsv.exe
- 2008-12-07 02:37 . 2007-11-30 12:39 17272 c:\windows\system32\spmsg.dll
+ 2008-12-07 02:37 . 2010-02-22 14:23 17272 c:\windows\system32\spmsg.dll
- 2008-04-14 11:00 . 2009-02-03 19:59 56832 c:\windows\system32\secur32.dll
+ 2008-04-14 11:00 . 2009-06-25 08:25 56832 c:\windows\system32\secur32.dll
- 2008-04-14 11:00 . 2008-04-14 11:00 79872 c:\windows\system32\raschap.dll
+ 2008-04-14 11:00 . 2009-10-12 13:38 79872 c:\windows\system32\raschap.dll
+ 2008-05-08 17:28 . 2010-09-09 13:38 44544 c:\windows\system32\pngfilt.dll
- 2008-05-08 17:28 . 2009-06-29 16:12 44544 c:\windows\system32\pngfilt.dll
- 2008-04-14 11:00 . 2004-11-28 00:21 46270 c:\windows\system32\perfc009.dat
+ 2008-04-14 11:00 . 2010-12-13 05:19 46270 c:\windows\system32\perfc009.dat
+ 2008-04-14 05:42 . 2009-11-27 17:11 17920 c:\windows\system32\msyuv.dll
+ 2008-04-14 11:00 . 2009-11-27 16:07 28672 c:\windows\system32\msvidc32.dll
- 2008-04-14 11:00 . 2008-04-14 11:00 11264 c:\windows\system32\msrle32.dll
+ 2008-04-14 11:00 . 2009-11-27 16:07 11264 c:\windows\system32\msrle32.dll
+ 2008-05-08 17:28 . 2010-09-09 13:38 52224 c:\windows\system32\msfeedsbs.dll
- 2008-05-08 17:28 . 2009-06-29 16:12 52224 c:\windows\system32\msfeedsbs.dll
+ 2008-04-14 11:00 . 2009-09-04 21:03 58880 c:\windows\system32\msasn1.dll
+ 2008-05-08 17:28 . 2010-09-09 13:38 27648 c:\windows\system32\jsproxy.dll
- 2008-05-08 17:28 . 2009-06-29 16:12 27648 c:\windows\system32\jsproxy.dll
+ 2008-04-14 05:41 . 2009-11-27 16:07 48128 c:\windows\system32\iyuv_32.dll
- 2008-05-08 17:28 . 2009-06-29 11:07 13824 c:\windows\system32\ieudinit.exe
+ 2008-05-08 17:28 . 2010-09-08 15:57 13824 c:\windows\system32\ieudinit.exe
- 2008-05-08 17:28 . 2009-06-29 16:12 44544 c:\windows\system32\iernonce.dll
+ 2008-05-08 17:28 . 2010-09-09 13:38 44544 c:\windows\system32\iernonce.dll
+ 2008-05-08 17:28 . 2010-09-09 13:38 78336 c:\windows\system32\ieencode.dll
- 2008-05-08 17:28 . 2009-06-29 16:12 78336 c:\windows\system32\ieencode.dll
- 2008-05-08 17:28 . 2009-06-29 11:07 70656 c:\windows\system32\ie4uinit.exe
+ 2008-05-08 17:28 . 2010-09-08 15:57 70656 c:\windows\system32\ie4uinit.exe
- 2008-04-14 11:00 . 2008-04-14 11:00 80384 c:\windows\system32\iccvid.dll
+ 2008-04-14 11:00 . 2010-06-17 14:03 80384 c:\windows\system32\iccvid.dll
- 2008-05-08 17:28 . 2009-06-29 16:12 63488 c:\windows\system32\icardie.dll
+ 2008-05-08 17:28 . 2010-09-09 13:38 63488 c:\windows\system32\icardie.dll
- 2008-04-14 11:00 . 2009-06-16 14:36 81920 c:\windows\system32\fontsub.dll
+ 2008-04-14 11:00 . 2009-10-15 16:28 81920 c:\windows\system32\fontsub.dll
+ 2008-04-14 11:00 . 2009-06-24 11:18 92928 c:\windows\system32\drivers\ksecdd.sys
+ 2008-04-14 11:00 . 2009-06-25 08:25 54272 c:\windows\system32\dllcache\wdigest.dll
+ 2008-04-14 11:00 . 2009-06-12 12:31 80896 c:\windows\system32\dllcache\tlntsess.exe
+ 2008-04-14 11:00 . 2009-06-12 12:31 76288 c:\windows\system32\dllcache\telnet.exe
+ 2008-04-14 11:00 . 2010-08-17 13:17 58880 c:\windows\system32\dllcache\spoolsv.exe
+ 2008-04-14 11:00 . 2009-06-25 08:25 56832 c:\windows\system32\dllcache\secur32.dll
- 2008-04-14 11:00 . 2009-02-03 19:59 56832 c:\windows\system32\dllcache\secur32.dll
+ 2008-04-14 11:00 . 2009-10-12 13:38 79872 c:\windows\system32\dllcache\raschap.dll
- 2008-04-14 11:00 . 2008-04-14 11:00 79872 c:\windows\system32\dllcache\raschap.dll
+ 2008-05-08 17:28 . 2010-09-09 13:38 44544 c:\windows\system32\dllcache\pngfilt.dll
- 2008-05-08 17:28 . 2009-06-29 16:12 44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2009-11-27 17:11 . 2009-11-27 17:11 17920 c:\windows\system32\dllcache\msyuv.dll
+ 2008-04-14 11:00 . 2009-11-27 16:07 28672 c:\windows\system32\dllcache\msvidc32.dll
+ 2008-04-14 11:00 . 2009-11-27 16:07 11264 c:\windows\system32\dllcache\msrle32.dll
- 2008-04-14 11:00 . 2008-04-14 11:00 11264 c:\windows\system32\dllcache\msrle32.dll
+ 2008-08-26 07:24 . 2010-09-09 13:38 52224 c:\windows\system32\dllcache\msfeedsbs.dll
- 2008-08-26 07:24 . 2009-06-29 16:12 52224 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-04-14 11:00 . 2009-09-04 21:03 58880 c:\windows\system32\dllcache\msasn1.dll
+ 2008-04-14 11:00 . 2009-06-24 11:18 92928 c:\windows\system32\dllcache\ksecdd.sys
+ 2008-05-08 17:28 . 2010-09-09 13:38 27648 c:\windows\system32\dllcache\jsproxy.dll
- 2008-05-08 17:28 . 2009-06-29 16:12 27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-11-27 16:07 . 2009-11-27 16:07 48128 c:\windows\system32\dllcache\iyuv_32.dll
- 2008-08-25 08:38 . 2009-06-29 11:07 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2008-08-25 08:38 . 2010-09-08 15:57 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2008-05-08 17:28 . 2010-09-09 13:38 44544 c:\windows\system32\dllcache\iernonce.dll
- 2008-05-08 17:28 . 2009-06-29 16:12 44544 c:\windows\system32\dllcache\iernonce.dll
- 2008-05-08 17:28 . 2009-06-29 16:12 78336 c:\windows\system32\dllcache\ieencode.dll
+ 2008-05-08 17:28 . 2010-09-09 13:38 78336 c:\windows\system32\dllcache\ieencode.dll
+ 2008-05-08 17:28 . 2010-09-08 15:57 70656 c:\windows\system32\dllcache\ie4uinit.exe
- 2008-05-08 17:28 . 2009-06-29 11:07 70656 c:\windows\system32\dllcache\ie4uinit.exe
- 2008-08-26 07:24 . 2009-06-29 16:12 63488 c:\windows\system32\dllcache\icardie.dll
+ 2008-08-26 07:24 . 2010-09-09 13:38 63488 c:\windows\system32\dllcache\icardie.dll
+ 2008-04-14 11:00 . 2009-10-15 16:28 81920 c:\windows\system32\dllcache\fontsub.dll
- 2008-04-14 11:00 . 2009-06-16 14:36 81920 c:\windows\system32\dllcache\fontsub.dll
+ 2008-04-14 11:00 . 2009-12-14 07:08 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2008-05-08 17:28 . 2010-09-09 13:38 17408 c:\windows\system32\dllcache\corpol.dll
- 2008-05-08 17:28 . 2009-06-29 16:12 17408 c:\windows\system32\dllcache\corpol.dll
+ 2008-04-14 11:00 . 2010-01-13 14:01 86016 c:\windows\system32\dllcache\cabview.dll
+ 2008-04-14 11:00 . 2009-11-27 16:07 84992 c:\windows\system32\dllcache\avifil32.dll
- 2008-04-14 11:00 . 2008-04-14 11:00 84992 c:\windows\system32\dllcache\avifil32.dll
- 2008-04-14 11:00 . 2008-04-14 11:00 58880 c:\windows\system32\dllcache\atl.dll
+ 2008-04-14 11:00 . 2009-07-17 19:01 58880 c:\windows\system32\dllcache\atl.dll
+ 2008-04-14 11:00 . 2010-03-05 14:37 65536 c:\windows\system32\dllcache\asycfilt.dll
+ 2008-04-14 11:00 . 2009-12-14 07:08 33280 c:\windows\system32\csrsrv.dll
+ 2008-05-08 17:28 . 2010-09-09 13:38 17408 c:\windows\system32\corpol.dll
- 2008-05-08 17:28 . 2009-06-29 16:12 17408 c:\windows\system32\corpol.dll
+ 2008-04-14 11:00 . 2010-01-13 14:01 86016 c:\windows\system32\cabview.dll
- 2008-04-14 11:00 . 2008-04-14 11:00 84992 c:\windows\system32\avifil32.dll
+ 2008-04-14 11:00 . 2009-11-27 16:07 84992 c:\windows\system32\avifil32.dll
- 2008-04-14 11:00 . 2008-04-14 11:00 58880 c:\windows\system32\atl.dll
+ 2008-04-14 11:00 . 2009-07-17 19:01 58880 c:\windows\system32\atl.dll
+ 2008-04-14 11:00 . 2010-03-05 14:37 65536 c:\windows\system32\asycfilt.dll
+ 2010-12-14 05:44 . 2009-06-29 16:12 44544 c:\windows\ie7updates\KB2360131-IE7\pngfilt.dll
+ 2010-12-14 05:44 . 2009-06-29 16:12 52224 c:\windows\ie7updates\KB2360131-IE7\msfeedsbs.dll
+ 2010-12-14 05:44 . 2009-06-29 16:12 27648 c:\windows\ie7updates\KB2360131-IE7\jsproxy.dll
+ 2010-12-14 05:44 . 2009-06-29 11:07 13824 c:\windows\ie7updates\KB2360131-IE7\ieudinit.exe
+ 2010-12-14 05:44 . 2009-06-29 16:12 44544 c:\windows\ie7updates\KB2360131-IE7\iernonce.dll
+ 2010-12-14 05:44 . 2009-06-29 16:12 78336 c:\windows\ie7updates\KB2360131-IE7\ieencode.dll
+ 2010-12-14 05:44 . 2009-06-29 11:07 70656 c:\windows\ie7updates\KB2360131-IE7\ie4uinit.exe
+ 2010-12-14 05:44 . 2009-06-29 16:12 63488 c:\windows\ie7updates\KB2360131-IE7\icardie.dll
+ 2010-12-14 05:44 . 2009-06-29 16:12 17408 c:\windows\ie7updates\KB2360131-IE7\corpol.dll
+ 2009-11-27 17:11 . 2009-11-27 17:11 17920 c:\windows\Driver Cache\i386\msyuv.dll
+ 2009-11-27 16:07 . 2009-11-27 16:07 48128 c:\windows\Driver Cache\i386\iyuv_32.dll
+ 2004-10-01 22:29 . 2010-08-13 12:53 5120 c:\windows\system32\xpsp4res.dll
+ 2001-08-17 22:36 . 2009-11-27 16:07 8704 c:\windows\system32\tsbyuv.dll
+ 2009-11-27 16:07 . 2009-11-27 16:07 8704 c:\windows\system32\dllcache\tsbyuv.dll
+ 2009-11-27 16:07 . 2009-11-27 16:07 8704 c:\windows\Driver Cache\i386\tsbyuv.dll
+ 2006-10-19 02:47 . 2009-04-02 04:02 604160 c:\windows\system32\wmspdmod.dll
+ 2006-10-19 02:47 . 2009-07-14 04:43 286208 c:\windows\system32\wmpdxm.dll
+ 2008-04-14 11:00 . 2009-06-10 06:14 132096 c:\windows\system32\wkssvc.dll
- 2008-04-14 11:00 . 2008-04-14 11:00 132096 c:\windows\system32\wkssvc.dll
+ 2008-04-14 11:00 . 2009-12-24 06:59 177664 c:\windows\system32\wintrust.dll
- 2008-04-14 11:00 . 2008-04-14 11:00 293376 c:\windows\system32\winsrv.dll
+ 2008-04-14 11:00 . 2010-06-18 17:45 293376 c:\windows\system32\winsrv.dll
+ 2008-05-08 17:28 . 2010-09-09 13:38 832512 c:\windows\system32\wininet.dll
+ 2008-09-06 04:29 . 2009-03-11 03:18 934792 c:\windows\system32\WgaTray.exe
+ 2008-09-06 04:30 . 2009-03-11 03:18 239496 c:\windows\system32\WgaLogon.dll
- 2008-05-08 17:28 . 2009-06-29 16:12 233472 c:\windows\system32\webcheck.dll
+ 2008-05-08 17:28 . 2010-09-09 13:38 233472 c:\windows\system32\webcheck.dll
- 2008-04-14 11:00 . 2008-05-09 10:53 430080 c:\windows\system32\vbscript.dll
+ 2008-04-14 11:00 . 2010-03-09 11:09 430080 c:\windows\system32\vbscript.dll
- 2008-04-14 11:00 . 2008-04-14 11:00 406016 c:\windows\system32\usp10.dll
+ 2008-04-14 11:00 . 2010-04-16 15:36 406016 c:\windows\system32\usp10.dll
- 2008-05-08 17:28 . 2009-06-29 16:12 105984 c:\windows\system32\url.dll
+ 2008-05-08 17:28 . 2010-09-09 13:38 105984 c:\windows\system32\url.dll
- 2008-04-14 11:00 . 2009-06-16 14:36 119808 c:\windows\system32\t2embed.dll
+ 2008-04-14 11:00 . 2010-08-27 08:02 119808 c:\windows\system32\t2embed.dll
- 2008-12-07 02:38 . 2008-10-03 10:42 247326 c:\windows\system32\strmdll.dll
+ 2008-12-07 02:38 . 2009-08-26 08:03 247326 c:\windows\system32\strmdll.dll
+ 2008-04-14 11:00 . 2009-12-08 09:23 474112 c:\windows\system32\shlwapi.dll
- 2008-04-14 11:00 . 2008-04-14 11:00 474112 c:\windows\system32\shlwapi.dll
+ 2008-04-14 11:00 . 2010-06-30 12:31 149504 c:\windows\system32\schannel.dll
+ 2008-04-14 11:00 . 2010-08-16 08:45 590848 c:\windows\system32\rpcrt4.dll
+ 2008-04-14 11:00 . 2009-10-12 13:38 149504 c:\windows\system32\rastls.dll
+ 2008-04-14 11:00 . 2010-12-13 05:19 365266 c:\windows\system32\perfh009.dat
- 2008-04-14 11:00 . 2004-11-28 00:21 365266 c:\windows\system32\perfh009.dat
- 2008-05-08 17:28 . 2009-06-29 16:12 102912 c:\windows\system32\occache.dll
+ 2008-05-08 17:28 . 2010-09-09 13:38 102912 c:\windows\system32\occache.dll
- 2008-04-14 11:00 . 2008-04-14 11:00 270336 c:\windows\system32\oakley.dll
+ 2008-04-14 11:00 . 2009-10-13 10:30 270336 c:\windows\system32\oakley.dll
+ 2008-04-14 11:00 . 2009-08-05 09:01 204800 c:\windows\system32\mswebdvd.dll
+ 2008-04-14 11:00 . 2009-09-11 14:18 136192 c:\windows\system32\msv1_0.dll
+ 2008-05-08 17:28 . 2010-09-09 13:38 671232 c:\windows\system32\mstime.dll
- 2008-05-08 17:28 . 2009-06-29 16:12 671232 c:\windows\system32\mstime.dll
+ 2008-05-08 17:28 . 2010-09-09 13:38 193024 c:\windows\system32\msrating.dll
- 2008-05-08 17:28 . 2009-06-29 16:12 193024 c:\windows\system32\msrating.dll
+ 2004-07-08 15:20 . 2009-12-16 18:43 343040 c:\windows\system32\mspaint.exe
- 2004-07-08 15:20 . 2008-04-14 11:00 343040 c:\windows\system32\mspaint.exe
+ 2008-05-08 17:28 . 2010-09-09 13:38 478208 c:\windows\system32\mshtmled.dll
+ 2008-05-08 17:28 . 2010-09-09 13:38 468480 c:\windows\system32\msfeeds.dll
+ 2006-10-19 02:47 . 2010-03-30 17:24 317440 c:\windows\system32\mp4sdecd.dll
- 2006-10-19 02:47 . 2006-10-19 02:47 317440 c:\windows\system32\MP4SDECD.dll
+ 2008-04-14 11:00 . 2009-06-25 08:25 730112 c:\windows\system32\lsasrv.dll
+ 2008-04-14 11:00 . 2009-06-25 08:25 301568 c:\windows\system32\kerberos.dll
+ 2008-04-14 11:00 . 2009-08-13 15:16 512000 c:\windows\system32\jscript.dll
- 2008-04-14 11:00 . 2008-05-09 10:53 512000 c:\windows\system32\jscript.dll
+ 2004-07-08 15:22 . 2010-01-29 15:01 691712 c:\windows\system32\inetcomm.dll
- 2004-07-08 15:22 . 2008-04-11 19:04 691712 c:\windows\system32\inetcomm.dll
- 2008-05-08 17:28 . 2009-06-29 16:12 268288 c:\windows\system32\iertutil.dll
+ 2008-05-08 17:28 . 2010-09-09 13:38 268288 c:\windows\system32\iertutil.dll
+ 2008-05-08 17:28 . 2010-09-09 13:38 192512 c:\windows\system32\iepeers.dll
+ 2008-05-08 17:28 . 2010-09-09 13:38 384512 c:\windows\system32\iedkcs32.dll
- 2008-05-08 17:28 . 2009-06-29 16:12 380928 c:\windows\system32\ieapfltr.dll
+ 2008-05-08 17:28 . 2010-09-09 13:38 380928 c:\windows\system32\ieapfltr.dll
- 2008-05-08 17:28 . 2009-06-29 08:33 161792 c:\windows\system32\ieakui.dll
+ 2008-05-08 17:28 . 2010-08-25 11:29 161792 c:\windows\system32\ieakui.dll
+ 2008-05-08 17:28 . 2010-09-09 13:38 230400 c:\windows\system32\ieaksie.dll
- 2008-05-08 17:28 . 2009-06-29 16:12 230400 c:\windows\system32\ieaksie.dll
+ 2008-05-08 17:28 . 2010-09-09 13:38 153088 c:\windows\system32\ieakeng.dll
- 2008-05-08 17:28 . 2009-06-29 16:12 153088 c:\windows\system32\ieakeng.dll
+ 2008-05-08 17:28 . 2010-09-09 13:38 133120 c:\windows\system32\extmgr.dll
- 2008-05-08 17:28 . 2009-06-29 16:12 133120 c:\windows\system32\extmgr.dll
+ 2008-05-08 17:28 . 2010-09-09 13:38 214528 c:\windows\system32\dxtrans.dll
- 2008-05-08 17:28 . 2009-06-29 16:12 214528 c:\windows\system32\dxtrans.dll
- 2008-05-08 17:28 . 2009-06-29 16:12 347136 c:\windows\system32\dxtmsft.dll
+ 2008-05-08 17:28 . 2010-09-09 13:38 347136 c:\windows\system32\dxtmsft.dll
+ 2008-04-14 11:00 . 2010-02-11 12:02 226880 c:\windows\system32\drivers\tcpip6.sys
+ 2008-04-14 11:00 . 2010-06-21 15:27 354304 c:\windows\system32\drivers\srv.sys
+ 2008-11-24 15:54 . 2008-11-24 15:54 495104 c:\windows\system32\drivers\rt61.sys
+ 2008-04-14 11:00 . 2010-02-24 13:11 455680 c:\windows\system32\drivers\mrxsmb.sys
+ 2004-07-08 15:20 . 2010-07-12 12:55 218112 c:\windows\system32\dllcache\wordpad.exe
+ 2008-12-07 02:38 . 2009-04-02 04:02 604160 c:\windows\system32\dllcache\wmspdmod.dll
+ 2008-12-07 02:38 . 2009-07-14 04:43 286208 c:\windows\system32\dllcache\wmpdxm.dll
+ 2008-04-14 11:00 . 2009-06-10 06:14 132096 c:\windows\system32\dllcache\wkssvc.dll
- 2008-04-14 11:00 . 2008-04-14 11:00 132096 c:\windows\system32\dllcache\wkssvc.dll
+ 2008-04-14 11:00 . 2009-12-24 06:59 177664 c:\windows\system32\dllcache\wintrust.dll
+ 2008-04-14 11:00 . 2010-06-18 17:45 293376 c:\windows\system32\dllcache\winsrv.dll
- 2008-04-14 11:00 . 2008-04-14 11:00 293376 c:\windows\system32\dllcache\winsrv.dll
+ 2008-05-08 17:28 . 2010-09-09 13:38 832512 c:\windows\system32\dllcache\wininet.dll
+ 2008-09-06 04:29 . 2009-03-11 03:18 934792 c:\windows\system32\dllcache\WgaTray.exe
+ 2008-09-06 04:30 . 2009-03-11 03:18 239496 c:\windows\system32\dllcache\wgaLogon.dll
+ 2008-05-08 17:28 . 2010-09-09 13:38 233472 c:\windows\system32\dllcache\webcheck.dll
- 2008-05-08 17:28 . 2009-06-29 16:12 233472 c:\windows\system32\dllcache\webcheck.dll
+ 2008-04-14 11:00 . 2010-03-09 11:09 430080 c:\windows\system32\dllcache\vbscript.dll
- 2008-04-14 11:00 . 2008-05-09 10:53 430080 c:\windows\system32\dllcache\vbscript.dll
- 2008-04-14 11:00 . 2008-04-14 11:00 406016 c:\windows\system32\dllcache\usp10.dll
+ 2008-04-14 11:00 . 2010-04-16 15:36 406016 c:\windows\system32\dllcache\usp10.dll
- 2008-05-08 17:28 . 2009-06-29 16:12 105984 c:\windows\system32\dllcache\url.dll
+ 2008-05-08 17:28 . 2010-09-09 13:38 105984 c:\windows\system32\dllcache\url.dll
- 2004-07-08 15:22 . 2008-04-14 11:00 153088 c:\windows\system32\dllcache\triedit.dll
+ 2004-07-08 15:22 . 2009-06-21 21:44 153088 c:\windows\system32\dllcache\triedit.dll
+ 2008-04-14 11:00 . 2010-02-11 12:02 226880 c:\windows\system32\dllcache\tcpip6.sys
+ 2008-04-14 11:00 . 2010-08-27 08:02 119808 c:\windows\system32\dllcache\t2embed.dll
- 2008-04-14 11:00 . 2009-06-16 14:36 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2008-12-07 02:38 . 2009-08-26 08:03 247326 c:\windows\system32\dllcache\strmdll.dll
- 2008-12-07 02:38 . 2008-10-03 10:42 247326 c:\windows\system32\dllcache\strmdll.dll
+ 2008-04-14 11:00 . 2010-06-21 15:27 354304 c:\windows\system32\dllcache\srv.sys
+ 2008-04-14 11:00 . 2009-12-08 09:23 474112 c:\windows\system32\dllcache\shlwapi.dll
- 2008-04-14 11:00 . 2008-04-14 11:00 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2008-04-14 11:00 . 2010-06-30 12:31 149504 c:\windows\system32\dllcache\schannel.dll
+ 2008-04-14 11:00 . 2010-08-16 08:45 590848 c:\windows\system32\dllcache\rpcrt4.dll
+ 2008-04-14 11:00 . 2009-10-12 13:38 149504 c:\windows\system32\dllcache\rastls.dll
+ 2008-05-08 17:28 . 2010-09-09 13:38 102912 c:\windows\system32\dllcache\occache.dll
- 2008-05-08 17:28 . 2009-06-29 16:12 102912 c:\windows\system32\dllcache\occache.dll
+ 2008-04-14 11:00 . 2009-10-13 10:30 270336 c:\windows\system32\dllcache\oakley.dll
- 2008-04-14 11:00 . 2008-04-14 11:00 270336 c:\windows\system32\dllcache\oakley.dll
+ 2008-04-14 11:00 . 2009-08-05 09:01 204800 c:\windows\system32\dllcache\mswebdvd.dll
+ 2008-04-14 11:00 . 2009-09-11 14:18 136192 c:\windows\system32\dllcache\msv1_0.dll
- 2008-05-08 17:28 . 2009-06-29 16:12 671232 c:\windows\system32\dllcache\mstime.dll
+ 2008-05-08 17:28 . 2010-09-09 13:38 671232 c:\windows\system32\dllcache\mstime.dll
- 2008-05-08 17:28 . 2009-06-29 16:12 193024 c:\windows\system32\dllcache\msrating.dll
+ 2008-05-08 17:28 . 2010-09-09 13:38 193024 c:\windows\system32\dllcache\msrating.dll
- 2004-07-08 15:20 . 2008-04-14 11:00 343040 c:\windows\system32\dllcache\mspaint.exe
+ 2004-07-08 15:20 . 2009-12-16 18:43 343040 c:\windows\system32\dllcache\mspaint.exe
+ 2008-05-08 17:28 . 2010-09-09 13:38 478208 c:\windows\system32\dllcache\mshtmled.dll
+ 2008-08-26 07:24 . 2010-09-09 13:38 468480 c:\windows\system32\dllcache\msfeeds.dll
+ 2008-12-07 02:46 . 2010-02-24 13:11 455680 c:\windows\system32\dllcache\mrxsmb.sys
+ 2010-03-30 17:24 . 2010-03-30 17:24 317440 c:\windows\system32\dllcache\mp4sdecd.dll
+ 2008-04-14 11:00 . 2010-09-18 17:23 974848 c:\windows\system32\dllcache\mfc42u.dll
+ 2008-04-14 11:00 . 2010-09-18 06:53 974848 c:\windows\system32\dllcache\mfc42.dll
+ 2008-04-14 11:00 . 2010-09-18 06:53 953856 c:\windows\system32\dllcache\mfc40u.dll
+ 2008-04-14 11:00 . 2010-09-18 06:53 954368 c:\windows\system32\dllcache\mfc40.dll
+ 2008-04-14 11:00 . 2009-06-25 08:25 730112 c:\windows\system32\dllcache\lsasrv.dll
+ 2008-04-14 11:00 . 2009-06-25 08:25 301568 c:\windows\system32\dllcache\kerberos.dll
+ 2008-04-14 11:00 . 2009-08-13 15:16 512000 c:\windows\system32\dllcache\jscript.dll
- 2008-04-14 11:00 . 2008-05-09 10:53 512000 c:\windows\system32\dllcache\jscript.dll
- 2004-07-08 15:22 . 2008-04-11 19:04 691712 c:\windows\system32\dllcache\inetcomm.dll
+ 2004-07-08 15:22 . 2010-01-29 15:01 691712 c:\windows\system32\dllcache\inetcomm.dll
+ 2004-07-08 15:22 . 2010-08-25 11:30 634648 c:\windows\system32\dllcache\iexplore.exe
- 2008-08-26 07:24 . 2009-06-29 16:12 268288 c:\windows\system32\dllcache\iertutil.dll
+ 2008-08-26 07:24 . 2010-09-09 13:38 268288 c:\windows\system32\dllcache\iertutil.dll
+ 2008-05-08 17:28 . 2010-09-09 13:38 192512 c:\windows\system32\dllcache\iepeers.dll
+ 2008-05-08 17:28 . 2010-09-09 13:38 384512 c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-08-26 07:24 . 2010-09-09 13:38 380928 c:\windows\system32\dllcache\ieapfltr.dll
- 2008-08-26 07:24 . 2009-06-29 16:12 380928 c:\windows\system32\dllcache\ieapfltr.dll
+ 2008-05-08 17:28 . 2010-08-25 11:29 161792 c:\windows\system32\dllcache\ieakui.dll
- 2008-05-08 17:28 . 2009-06-29 08:33 161792 c:\windows\system32\dllcache\ieakui.dll
- 2008-05-08 17:28 . 2009-06-29 16:12 230400 c:\windows\system32\dllcache\ieaksie.dll
+ 2008-05-08 17:28 . 2010-09-09 13:38 230400 c:\windows\system32\dllcache\ieaksie.dll
- 2008-05-08 17:28 . 2009-06-29 16:12 153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2008-05-08 17:28 . 2010-09-09 13:38 153088 c:\windows\system32\dllcache\ieakeng.dll
- 2004-07-08 15:22 . 2008-04-14 11:00 744448 c:\windows\system32\dllcache\helpsvc.exe
+ 2004-07-08 15:22 . 2010-06-14 14:31 744448 c:\windows\system32\dllcache\helpsvc.exe
+ 2008-05-08 17:28 . 2010-09-09 13:38 133120 c:\windows\system32\dllcache\extmgr.dll
- 2008-05-08 17:28 . 2009-06-29 16:12 133120 c:\windows\system32\dllcache\extmgr.dll
- 2008-05-08 17:28 . 2009-06-29 16:12 214528 c:\windows\system32\dllcache\dxtrans.dll
+ 2008-05-08 17:28 . 2010-09-09 13:38 214528 c:\windows\system32\dllcache\dxtrans.dll
+ 2008-05-08 17:28 . 2010-09-09 13:38 347136 c:\windows\system32\dllcache\dxtmsft.dll
- 2008-05-08 17:28 . 2009-06-29 16:12 347136 c:\windows\system32\dllcache\dxtmsft.dll
+ 2008-04-14 11:00 . 2010-08-23 16:12 617472 c:\windows\system32\dllcache\comctl32.dll
- 2008-04-14 11:00 . 2008-04-14 11:00 617472 c:\windows\system32\dllcache\comctl32.dll
+ 2008-04-14 11:00 . 2010-09-01 11:51 285824 c:\windows\system32\dllcache\atmfd.dll
+ 2008-05-08 17:28 . 2010-09-09 13:38 124928 c:\windows\system32\dllcache\advpack.dll
- 2008-05-08 17:28 . 2009-06-29 16:12 124928 c:\windows\system32\dllcache\advpack.dll
+ 2008-04-14 11:00 . 2009-11-21 15:51 471552 c:\windows\system32\dllcache\aclayers.dll
+ 2008-04-14 11:00 . 2010-02-12 04:33 100864 c:\windows\system32\dllcache\6to4svc.dll
- 2008-04-14 11:00 . 2008-04-14 11:00 617472 c:\windows\system32\comctl32.dll
+ 2008-04-14 11:00 . 2010-08-23 16:12 617472 c:\windows\system32\comctl32.dll
+ 2008-04-14 11:00 . 2010-09-01 11:51 285824 c:\windows\system32\atmfd.dll
+ 2008-05-08 17:28 . 2010-09-09 13:38 124928 c:\windows\system32\advpack.dll
- 2008-05-08 17:28 . 2009-06-29 16:12 124928 c:\windows\system32\advpack.dll
+ 2008-04-14 11:00 . 2010-02-12 04:33 100864 c:\windows\system32\6to4svc.dll
- 2004-07-08 15:22 . 2008-04-14 11:00 744448 c:\windows\pchealth\helpctr\binaries\HelpSvc.exe
+ 2004-07-08 15:22 . 2010-06-14 14:31 744448 c:\windows\pchealth\helpctr\binaries\helpsvc.exe
+ 2010-12-14 05:44 . 2009-06-29 16:12 827392 c:\windows\ie7updates\KB2360131-IE7\wininet.dll
+ 2010-12-14 05:44 . 2009-06-29 16:12 233472 c:\windows\ie7updates\KB2360131-IE7\webcheck.dll
+ 2010-12-14 05:44 . 2009-06-29 16:12 105984 c:\windows\ie7updates\KB2360131-IE7\url.dll
+ 2010-12-14 05:44 . 2010-02-22 14:23 382840 c:\windows\ie7updates\KB2360131-IE7\spuninst\updspapi.dll
+ 2010-12-14 05:44 . 2010-02-22 14:23 231288 c:\windows\ie7updates\KB2360131-IE7\spuninst\spuninst.exe
+ 2010-12-14 05:44 . 2009-06-29 16:12 102912 c:\windows\ie7updates\KB2360131-IE7\occache.dll
+ 2010-12-14 05:44 . 2009-06-29 16:12 671232 c:\windows\ie7updates\KB2360131-IE7\mstime.dll
+ 2010-12-14 05:44 . 2009-06-29 16:12 193024 c:\windows\ie7updates\KB2360131-IE7\msrating.dll
+ 2010-12-14 05:44 . 2009-06-29 16:12 477696 c:\windows\ie7updates\KB2360131-IE7\mshtmled.dll
+ 2010-12-14 05:44 . 2009-06-29 16:12 459264 c:\windows\ie7updates\KB2360131-IE7\msfeeds.dll
+ 2010-12-14 05:44 . 2009-06-29 08:35 634632 c:\windows\ie7updates\KB2360131-IE7\iexplore.exe
+ 2010-12-14 05:44 . 2009-06-29 16:12 268288 c:\windows\ie7updates\KB2360131-IE7\iertutil.dll
+ 2010-12-14 05:44 . 2008-05-08 17:28 191488 c:\windows\ie7updates\KB2360131-IE7\iepeers.dll
+ 2010-12-14 05:44 . 2009-06-29 16:12 385024 c:\windows\ie7updates\KB2360131-IE7\iedkcs32.dll
+ 2010-12-14 05:44 . 2009-06-29 16:12 380928 c:\windows\ie7updates\KB2360131-IE7\ieapfltr.dll
+ 2010-12-14 05:44 . 2009-06-29 08:33 161792 c:\windows\ie7updates\KB2360131-IE7\ieakui.dll
+ 2010-12-14 05:44 . 2009-06-29 16:12 230400 c:\windows\ie7updates\KB2360131-IE7\ieaksie.dll
+ 2010-12-14 05:44 . 2009-06-29 16:12 153088 c:\windows\ie7updates\KB2360131-IE7\ieakeng.dll
+ 2010-12-14 05:44 . 2009-06-29 16:12 133120 c:\windows\ie7updates\KB2360131-IE7\extmgr.dll
+ 2010-12-14 05:44 . 2009-06-29 16:12 214528 c:\windows\ie7updates\KB2360131-IE7\dxtrans.dll
+ 2010-12-14 05:44 . 2009-06-29 16:12 347136 c:\windows\ie7updates\KB2360131-IE7\dxtmsft.dll
+ 2010-12-14 05:44 . 2009-06-29 16:12 124928 c:\windows\ie7updates\KB2360131-IE7\advpack.dll
+ 2008-12-07 02:46 . 2010-02-24 13:11 455680 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2008-04-14 11:00 . 2009-11-21 15:51 471552 c:\windows\AppPatch\aclayers.dll
+ 2010-12-14 05:24 . 2009-08-13 13:55 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
+ 2010-12-14 05:24 . 2010-08-23 16:12 1054208 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
+ 2006-10-19 02:47 . 2010-04-06 09:52 2462720 c:\windows\system32\WMVCore.dll
+ 2008-04-14 11:00 . 2010-08-31 13:42 1852800 c:\windows\system32\win32k.sys
+ 2008-05-08 17:28 . 2010-09-09 13:38 1168384 c:\windows\system32\urlmon.dll
+ 2008-04-14 11:00 . 2010-07-27 06:30 8462336 c:\windows\system32\shell32.dll
- 2008-04-14 11:00 . 2008-04-14 11:00 1435648 c:\windows\system32\query.dll
+ 2008-04-14 11:00 . 2009-07-17 16:22 1435648 c:\windows\system32\query.dll
+ 2008-04-14 11:00 . 2010-02-05 18:27 1291776 c:\windows\system32\quartz.dll
+ 2008-04-14 11:00 . 2010-07-16 12:05 1288192 c:\windows\system32\ole32.dll
+ 2008-04-14 11:00 . 2010-04-28 02:25 2189952 c:\windows\system32\ntoskrnl.exe
+ 2008-04-14 00:01 . 2010-04-27 13:05 2066816 c:\windows\system32\ntkrnlpa.exe
+ 2008-04-14 11:00 . 2009-07-31 15:05 1372672 c:\windows\system32\msxml6.dll
+ 2008-04-14 11:00 . 2009-07-31 04:35 1172480 c:\windows\system32\msxml3.dll
+ 2004-07-08 15:20 . 2009-06-10 14:19 2066432 c:\windows\system32\mstscax.dll
+ 2008-05-08 17:28 . 2010-09-09 13:38 3601920 c:\windows\system32\mshtml.dll
+ 2008-09-06 04:30 . 2009-03-11 03:18 1482112 c:\windows\system32\LegitCheckControl.dll
+ 2008-05-08 17:28 . 2010-09-09 13:38 6075904 c:\windows\system32\ieframe.dll
+ 2004-07-09 00:13 . 2010-12-14 05:58 1556216 c:\windows\system32\FNTCACHE.DAT
- 2004-07-09 00:13 . 2010-12-07 02:08 1556216 c:\windows\system32\FNTCACHE.DAT
+ 2008-12-07 02:38 . 2010-04-06 09:52 2462720 c:\windows\system32\dllcache\WMVCore.dll
+ 2008-04-14 11:00 . 2010-08-31 13:42 1852800 c:\windows\system32\dllcache\win32k.sys
+ 2008-05-08 17:28 . 2010-09-09 13:38 1168384 c:\windows\system32\dllcache\urlmon.dll
+ 2008-04-14 11:00 . 2010-07-27 06:30 8462336 c:\windows\system32\dllcache\shell32.dll
+ 2008-04-14 11:00 . 2009-07-17 16:22 1435648 c:\windows\system32\dllcache\query.dll
- 2008-04-14 11:00 . 2008-04-14 11:00 1435648 c:\windows\system32\dllcache\query.dll
+ 2008-04-14 11:00 . 2010-02-05 18:27 1291776 c:\windows\system32\dllcache\quartz.dll
+ 2008-04-14 11:00 . 2010-07-16 12:05 1288192 c:\windows\system32\dllcache\ole32.dll
+ 2008-12-07 02:46 . 2010-04-28 02:25 2189952 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2008-12-07 02:46 . 2010-04-27 13:05 2024448 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2008-12-07 02:46 . 2010-04-27 13:05 2066816 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-12-07 02:46 . 2010-04-27 13:59 2146304 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2008-04-14 11:00 . 2009-07-31 15:05 1372672 c:\windows\system32\dllcache\msxml6.dll
+ 2008-04-14 11:00 . 2009-07-31 04:35 1172480 c:\windows\system32\dllcache\msxml3.dll
+ 2009-06-10 14:19 . 2009-06-10 14:19 2066432 c:\windows\system32\dllcache\mstscax.dll
+ 2004-07-08 15:22 . 2010-01-29 15:01 1315328 c:\windows\system32\dllcache\msoe.dll
+ 2008-05-08 17:28 . 2010-09-09 13:38 3601920 c:\windows\system32\dllcache\mshtml.dll
+ 2004-07-08 15:22 . 2010-06-18 13:36 3558912 c:\windows\system32\dllcache\moviemk.exe
- 2004-07-08 15:22 . 2008-04-14 11:00 3558912 c:\windows\system32\dllcache\moviemk.exe
+ 2008-10-03 17:41 . 2010-09-09 13:38 6075904 c:\windows\system32\dllcache\ieframe.dll
+ 2010-12-14 05:44 . 2009-06-29 16:12 1159680 c:\windows\ie7updates\KB2360131-IE7\urlmon.dll
+ 2010-12-14 05:44 . 2009-07-19 13:33 3597824 c:\windows\ie7updates\KB2360131-IE7\mshtml.dll
+ 2010-12-14 05:44 . 2009-07-19 13:32 6067200 c:\windows\ie7updates\KB2360131-IE7\ieframe.dll
+ 2008-12-07 02:46 . 2010-04-28 02:25 2189952 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2008-12-07 02:46 . 2010-04-27 13:05 2024448 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-12-07 02:46 . 2010-04-27 13:05 2066816 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-12-07 02:46 . 2010-04-27 13:59 2146304 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2006-10-19 02:47 . 2010-08-26 04:36 10841088 c:\windows\system32\wmp.dll
+ 2008-12-07 02:49 . 2010-11-02 21:47 35758536 c:\windows\system32\MRT.exe
+ 2008-12-07 02:38 . 2010-08-26 04:36 10841088 c:\windows\system32\dllcache\wmp.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2004-11-17 136176]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-12-16 2424560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-11-11 344064]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\Administrator\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
R3 OZSCR;O2Micro SmartCardBus Smartcard Reader;c:\windows\system32\drivers\ozscr.sys [12/6/2008 9:22 PM 92550]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5/23/2004 3:43 PM 691696]
S3 FeMouWDM;Fellowes Mouse Driver;c:\windows\system32\DRIVERS\FeMouWDM.sys --> c:\windows\system32\DRIVERS\FeMouWDM.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-12-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-1708537768-1343024091-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2004-11-17 06:24]

2010-12-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-1708537768-1343024091-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2004-11-17 06:24]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:60566
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-bbbxxxxxxx.exe - c:\bbbxxxxxxx.exe\bbbxxxxxxx.exe
HKLM-Run-conhost - c:\documents and settings\Administrator\Application Data\Microsoft\conhost.exe
HKU-Default-Run-bbbxxxxxxx.exe - c:\bbbxxxxxxx.exe\bbbxxxxxxx.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-16 14:23
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"NoChange"="1"
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
@=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(712)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3272)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-12-16 14:30:12 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-16 19:30
ComboFix2.txt 2010-12-07 08:57

Pre-Run: 9,352,560,640 bytes free
Post-Run: 9,464,008,704 bytes free

- - End Of File - - 3683A6A57FE06F40B6A315B4D80192AA

#9 sjpritch25

sjpritch25

  • Security Colleague
  • 899 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Coast of Florida, USA
  • Local time:01:55 AM

Posted 16 December 2010 - 09:22 PM

I need you to download service pack3 network install, so we can replace some patched files.

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=5b33b5a8-5e76-401f-be08-1e1555d4f3d4&displaylang=en

Download the file to your root drive (usually c:\drive).
Do not run the sp3 installer!!!!!....
Download the attached file fix.zip and extract fix.bat to your root drive (usually c:). Double-Click on fix.bat and follow the prompts.

Double-Click on ComboFix.exe and let it run. In your next reply, please post the ComboFix.txt log. Thanks.

Attached Files

  • Attached File  fix.zip   408bytes   1 downloads

Edited by sjpritch25, 16 December 2010 - 09:23 PM.

Microsoft MVP Consumer Security--2007-2010

#10 dannybito

dannybito
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:55 AM

Posted 16 December 2010 - 11:04 PM

ComboFix 10-12-16.02 - Administrator 12/16/2010 22:48:55.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.685 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\winlogon.exe . . . is infected!!

c:\windows\explorer.exe . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2010-11-17 to 2010-12-17 )))))))))))))))))))))))))))))))
.

2010-12-17 00:24 . 2010-12-17 00:24 -------- d-----w- c:\program files\AIM
2010-12-17 00:24 . 2010-12-17 00:24 -------- d-----w- c:\program files\Common Files\Software Update Utility
2010-12-15 02:14 . 2010-12-15 02:14 -------- d-----w- c:\program files\Daniel Corp
2010-12-08 19:38 . 2010-12-08 19:38 -------- d-----w- c:\documents and settings\Administrator\.yawcam
2010-12-08 19:38 . 2010-12-08 19:38 -------- d-----w- c:\program files\Yawcam
2010-12-07 09:01 . 2010-12-07 09:01 -------- d-----w- C:\!KillBox
2010-12-07 08:08 . 2010-12-07 08:23 -------- d-----w- C:\TDSSKiller_Quarantine
2010-12-07 06:44 . 2010-12-07 06:58 -------- d-----w- c:\windows\system32\NtmsData
2010-12-07 02:38 . 2010-12-07 02:38 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-12-07 02:38 . 2010-12-07 02:38 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2010-12-07 02:37 . 2010-12-16 06:56 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-12-07 00:29 . 2010-12-07 00:27 182784 ----a-w- c:\windows\Pqahea.exe
2010-12-07 00:26 . 2010-12-07 01:41 0 ----a-w- c:\windows\system32\drivers\ciwkpqrp.sys
2010-12-06 21:26 . 2008-04-14 05:16 17024 -c--a-w- c:\windows\system32\dllcache\ccdecode.sys
2010-12-06 21:26 . 2008-04-14 05:16 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2010-12-06 21:26 . 2008-04-14 10:42 91136 ----a-w- c:\windows\system32\kswdmcap.ax
2010-12-06 21:26 . 2008-04-14 10:42 28672 ----a-w- c:\windows\system32\vidcap.ax
2010-12-06 21:26 . 2008-04-14 10:42 61952 ----a-w- c:\windows\system32\kstvtune.ax
2010-12-06 21:26 . 2008-04-14 10:42 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2010-12-06 21:26 . 2008-04-14 10:42 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2010-12-06 21:26 . 2008-04-14 05:16 121984 -c--a-w- c:\windows\system32\dllcache\usbvideo.sys
2010-12-06 21:26 . 2008-04-14 05:16 121984 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2010-12-06 21:26 . 2008-04-14 10:42 43008 ----a-w- c:\windows\system32\ksxbar.ax
2010-12-06 21:26 . 2008-04-14 10:42 20992 ----a-w- c:\windows\system32\dshowext.ax

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-07 08:21 . 2008-04-14 11:00 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
2010-11-29 22:42 . 2004-06-10 23:36 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-29 22:42 . 2004-06-10 23:35 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-18 17:23 . 2008-04-14 11:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2008-04-14 11:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2008-04-14 11:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2008-04-14 11:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
.

------- Sigcheck -------

[-] 2008-04-14 . 0AE8272577FDBAF26C9B37B9ADCC3E5F . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2008-04-14 10:42 . 063EF1A46C58A731F78AE5AF47070D65 . 265069 . . [------] . . c:\windows\system32\dllcache\winlogon.exe

[-] 2008-04-14 . 33B7F71596566C87F15B396332AFE199 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 10:42 . D7B59A7EC9CB1429FDCEC84A22228555 . 356615 . . [------] . . c:\windows\system32\dllcache\explorer.exe

[-] 2008-05-08 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[-] 2008-04-14 10:42 . 98C52F9DA13AACA1DB5B30312C749E8F . 82729 . . [------] . . c:\windows\system32\dllcache\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2004-11-17 136176]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-12-16 2424560]
"Aim"="c:\program files\AIM\aim.exe" [2010-12-07 4320600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-11-11 344064]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\Administrator\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AIM\\aim.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
R3 OZSCR;O2Micro SmartCardBus Smartcard Reader;c:\windows\system32\drivers\ozscr.sys [12/6/2008 9:22 PM 92550]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5/23/2004 3:43 PM 691696]
S3 FeMouWDM;Fellowes Mouse Driver;c:\windows\system32\DRIVERS\FeMouWDM.sys --> c:\windows\system32\DRIVERS\FeMouWDM.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-12-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-1708537768-1343024091-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2004-11-17 06:24]

2010-12-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-1708537768-1343024091-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2004-11-17 06:24]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:60566
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-16 22:56
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"NoChange"="1"
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
@=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(712)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-12-16 23:00:40
ComboFix-quarantined-files.txt 2010-12-17 04:00
ComboFix2.txt 2010-12-16 19:30
ComboFix3.txt 2010-12-07 08:57

Pre-Run: 9,324,490,752 bytes free
Post-Run: 9,324,179,456 bytes free

- - End Of File - - CF2DE2B0DB520E38AA4C0F6C1434D560

#11 sjpritch25

sjpritch25

  • Security Colleague
  • 899 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Coast of Florida, USA
  • Local time:01:55 AM

Posted 17 December 2010 - 03:40 PM

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Fcopy::
c:\windows\system32\dllcache\winlogon.exe | c:\windows\system32\winlogon.exe
c:\windows\system32\dllcache\explorer.exe | c:\windows\explorer.exe
c:\windows\system32\dllcache\sfcfiles.dll | c:\windows\system32\sfcfiles.dll
DDS::
uStart Page = about:blank
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:60566

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
Microsoft MVP Consumer Security--2007-2010

#12 dannybito

dannybito
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:55 AM

Posted 17 December 2010 - 09:34 PM

So I did what you told me and something must been wrong because Combofix had an error.I told it to keep going with the batch, when it was over and I tried to keep start up my computer it would crash after the Windows screen. So I just formated and reinstalled Windows.

#13 sjpritch25

sjpritch25

  • Security Colleague
  • 899 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Coast of Florida, USA
  • Local time:01:55 AM

Posted 19 December 2010 - 09:18 PM

hmm okay.
Microsoft MVP Consumer Security--2007-2010




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users