Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

multiple instances of mshta.exe


  • This topic is locked This topic is locked
22 replies to this topic

#1 m00n

m00n

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:55 AM

Posted 09 December 2010 - 10:49 AM

Hello heroes,

A coworkers PC has a virus. Please help.

I appreciate any time and help you can give me on this virus battle and will do my best to follow instructions faithfully and provide timely and relevant information to you.

Besides the multiple instances of mshta.exe running in task manager and the Just In Time debugger message that continues to pop up, the browser (IE) is constantly redirecting.

Here are my logs:


DDS (Ver_10-12-05.01) - NTFSx86
Run by markm at 17:22:47.33 on Wed 12/08/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2002.1071 [GMT -8:00]

AV: Trend Micro OfficeScan Antivirus *On-access scanning enabled* (Updated) {4CA5B9AB-4295-4D4C-9664-0EBE85AE0525}
FW: Trend Micro Personal Firewall *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Intel\AMT\atchksrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\AMT\UNS.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe
C:\Program Files\TechSmith\SnagIt 9\TSCHelp.exe
C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe
C:\Program Files\TechSmith\SnagIt 9\SnagPriv.exe
C:\Program Files\TechSmith\SnagIt 9\snagiteditor.exe
C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\WScript.exe
C:\WINDOWS\System32\mshta.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\System32\WScript.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\WScript.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\system32\rdpclip.exe
C:\Documents and Settings\markm\Desktop\for marks virus\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
mStart Page = about:blank
uWindows: load=?
uWindows: Run=?
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 9\SnagItBHO.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 9\SnagItIEAddin.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [atchk] "c:\program files\intel\amt\atchk.exe"
mRun: [SDMSSplash] "c:\program files\hp_sdms\sdmssplash\launcher.exe" "launchdir=c:\program files\hp_sdms\SDMSSplash"
mRun: [SetRefresh] c:\program files\compaq\setrefresh\SetRefresh.exe
mRun: [Recguard] c:\windows\sminst\Recguard.exe
mRun: [Reminder] c:\windows\creator\Remind_XP.exe
mRun: [Scheduler] c:\windows\sminst\Scheduler.exe
mRun: [OfficeScanNT Monitor] "c:\program files\trend micro\officescan client\pccntmon.exe" -HideWindow
mRun: [hpbdfawep] c:\program files\hp\dfawep\bin\hpbdfawep.exe 1
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe"
mRun: [SmartDefrag] "c:\program files\iobit\iobit smartdefrag\IObit SmartDefrag.exe" /StartUp
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\snagit~1.lnk - c:\program files\techsmith\snagit 9\SnagIt32.exe
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {00134F72-5284-44F7-95A8-52A619F70751} - hxxps://ensign.cmc.cmartin.com:4343/officescan/console/html/ClientInstall/WinNTChk.cab
DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} - hxxps://ensign.cmc.cmartin.com:4343/officescan/console/html/ClientInstall/setup.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1236189304611
DPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} - hxxps://vpn.cmartin.com/NELX.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

============= SERVICES / DRIVERS ===============

R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2010-11-5 57424]
R2 TmFilter;Trend Micro Filter;c:\program files\trend micro\officescan client\tmxpflt.sys [2008-11-26 249424]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\trend micro\officescan client\tmpreflt.sys [2008-11-26 36432]
R2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\intel\amt\UNS.EXE [2008-4-22 2521880]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2008-4-22 41216]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2007-4-20 341520]
R3 TmPfw;OfficeScan NT Firewall;c:\program files\trend micro\officescan client\TmPfw.exe [2007-4-4 497080]
R3 TmProxy;OfficeScan NT Proxy Service;c:\program files\trend micro\officescan client\TmProxy.exe [2007-4-27 689416]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-10-6 133104]
S3 NxDrv;SonicWALL NetExtender Adapter;c:\windows\system32\drivers\NxDrv.sys [2009-10-21 22600]

=============== Created Last 30 ================

2010-12-08 18:40:58 87040 ----a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2010-12-08 18:39:57 794654 ----a-w- c:\windows\system32\dllcache\usr1801.sys
2010-12-08 18:38:59 315520 ----a-w- c:\windows\system32\dllcache\trid3d.dll
2010-12-08 18:37:58 10240 ----a-w- c:\windows\system32\dllcache\swpidflt.dll
2010-12-08 18:36:59 58368 ----a-w- c:\windows\system32\dllcache\smiminib.sys
2010-12-08 18:35:58 161568 ----a-w- c:\windows\system32\dllcache\sgsmusb.sys
2010-12-08 18:34:57 182272 ----a-w- c:\windows\system32\dllcache\s3mt3d.dll
2010-12-08 18:33:59 33152 ----a-w- c:\windows\system32\dllcache\ql10wnt.sys
2010-12-08 18:32:58 35328 ----a-w- c:\windows\system32\dllcache\pcntpci5.sys
2010-12-08 18:31:57 51552 ----a-w- c:\windows\system32\dllcache\ntgrip.sys
2010-12-08 18:30:59 103296 ----a-w- c:\windows\system32\dllcache\mtxvideo.sys
2010-12-08 18:29:59 58368 ----a-w- c:\windows\system32\dllcache\m3091dc.dll
2010-12-08 18:28:58 28160 ----a-w- c:\windows\system32\dllcache\irmon.dll
2010-12-08 18:27:59 353184 ----a-w- c:\windows\system32\dllcache\i740dnt5.dll
2010-12-08 18:26:57 2688 ----a-w- c:\windows\system32\dllcache\hidswvd.sys
2010-12-08 18:25:59 45568 ----a-w- c:\windows\system32\dllcache\esunib.dll
2010-12-08 18:24:59 8704 ----a-w- c:\windows\system32\dllcache\dot4scan.sys
2010-12-08 18:23:59 6912 ----a-w- c:\windows\system32\dllcache\ctlfacem.sys
2010-12-08 18:22:59 9728 ----a-w- c:\windows\system32\dllcache\brcoinst.dll
2010-12-08 18:21:58 2189952 ----a-w- c:\windows\system32\dllcache\OLDF5.tmp
2010-12-08 18:21:53 7680 ----a-w- c:\windows\system32\dllcache\inetmgr.exe
2010-12-08 18:21:53 19968 ----a-w- c:\windows\system32\dllcache\inetsloc.dll
2010-12-08 18:21:52 5632 ----a-w- c:\windows\system32\dllcache\iisrstap.dll
2010-12-08 18:21:52 169984 ----a-w- c:\windows\system32\dllcache\iisui.dll
2010-12-08 18:21:51 6144 ----a-w- c:\windows\system32\dllcache\ftpsapi2.dll
2010-12-08 18:21:51 14336 ----a-w- c:\windows\system32\dllcache\iisreset.exe
2010-12-07 23:18:33 -------- d-----w- c:\docume~1\markm\applic~1\Malwarebytes

==================== Find3M ====================

2010-09-18 19:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600

CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A628555]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a62e7b0]; MOV EAX, [0x8a62e82c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8A688AB8]
3 CLASSPNP[0xBA0E8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\0000006c[0x8A68DF18]
5 ACPI[0xB9F7F620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8A63CD98]
\Driver\atapi[0x8A6252E8] -> IRP_MJ_CREATE -> 0x8A628555
kernel: MBR read successfully
_asm { XOR DI, DI; MOV SI, 0x200; MOV SS, DI; MOV SP, 0x7a00; MOV BX, 0x7a0; MOV CX, SI; MOV DS, BX; MOV ES, BX; REP MOVSB ; JMP FAR 0x7a0:0x5d; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A62839B
user != kernel MBR !!!
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

============= FINISH: 17:24:26.90 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 rigacci

rigacci

    Fiorentino


  • Members
  • 2,604 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:55 PM

Posted 16 December 2010 - 08:35 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Thanks.

DR

#3 m00n

m00n
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:55 AM

Posted 16 December 2010 - 12:03 PM

Here it is, Thanks!

~~~~~



DDS (Ver_10-12-12.02) - NTFSx86
Run by markm at 8:22:15.59 on Thu 12/16/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2002.1133 [GMT -8:00]

AV: Trend Micro OfficeScan Antivirus *Enabled/Updated* {4CA5B9AB-4295-4D4C-9664-0EBE85AE0525}
FW: Trend Micro Personal Firewall *Enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Intel\AMT\atchksrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\Intel\AMT\UNS.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\AMT\atchk.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe
C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
C:\Program Files\TechSmith\SnagIt 9\TSCHelp.exe
C:\Program Files\TechSmith\SnagIt 9\SnagPriv.exe
C:\Program Files\TechSmith\SnagIt 9\snagiteditor.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\VS7JIT.EXE
X:\CSTPOINT.EXE
X:\CPGSYDMN.EXE
X:\CPMODDMN.EXE
X:\PPRPRRQ.EXE
X:\RCMPORC.EXE
C:\WINDOWS\system32\rdpclip.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\markm\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mStart Page = about:blank
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 9\SnagItBHO.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 9\SnagItIEAddin.dll
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [atchk] "c:\program files\intel\amt\atchk.exe"
mRun: [SDMSSplash] "c:\program files\hp_sdms\sdmssplash\launcher.exe" "launchdir=c:\program files\hp_sdms\SDMSSplash"
mRun: [SetRefresh] c:\program files\compaq\setrefresh\SetRefresh.exe
mRun: [Recguard] c:\windows\sminst\Recguard.exe
mRun: [Reminder] c:\windows\creator\Remind_XP.exe
mRun: [Scheduler] c:\windows\sminst\Scheduler.exe
mRun: [OfficeScanNT Monitor] "c:\program files\trend micro\officescan client\pccntmon.exe" -HideWindow
mRun: [hpbdfawep] c:\program files\hp\dfawep\bin\hpbdfawep.exe 1
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe"
mRun: [SmartDefrag] "c:\program files\iobit\iobit smartdefrag\IObit SmartDefrag.exe" /StartUp
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\snagit~1.lnk - c:\program files\techsmith\snagit 9\SnagIt32.exe
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {00134F72-5284-44F7-95A8-52A619F70751} - hxxps://ensign.cmc.cmartin.com:4343/officescan/console/html/ClientInstall/WinNTChk.cab
DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} - hxxps://ensign.cmc.cmartin.com:4343/officescan/console/html/ClientInstall/setup.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1236189304611
DPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} - hxxps://vpn.cmartin.com/NELX.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

============= SERVICES / DRIVERS ===============

R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2010-11-5 57424]
R2 TmFilter;Trend Micro Filter;c:\program files\trend micro\officescan client\tmxpflt.sys [2008-11-26 249424]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\trend micro\officescan client\tmpreflt.sys [2008-11-26 36432]
R2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\intel\amt\UNS.EXE [2008-4-22 2521880]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2008-4-22 41216]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2007-4-20 341520]
R3 TmPfw;OfficeScan NT Firewall;c:\program files\trend micro\officescan client\TmPfw.exe [2007-4-4 497080]
R3 TmProxy;OfficeScan NT Proxy Service;c:\program files\trend micro\officescan client\TmProxy.exe [2007-4-27 689416]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-10-6 133104]
S3 NxDrv;SonicWALL NetExtender Adapter;c:\windows\system32\drivers\NxDrv.sys [2009-10-21 22600]

=============== Created Last 30 ================

2010-12-16 15:36:49 118784 ----a-w- c:\windows\system32\chg.exe
2010-12-11 00:03:58 -------- d-sha-r- C:\cmdcons
2010-12-10 23:54:13 98816 ----a-w- c:\windows\sed.exe
2010-12-10 23:54:13 89088 ----a-w- c:\windows\MBR.exe
2010-12-10 23:54:13 256512 ----a-w- c:\windows\PEV.exe
2010-12-10 23:54:13 161792 ----a-w- c:\windows\SWREG.exe
2010-12-09 20:11:32 -------- d-----w- c:\docume~1\markm\locals~1\applic~1\Google
2010-12-08 18:40:58 87040 ----a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2010-12-08 18:39:57 794654 ----a-w- c:\windows\system32\dllcache\usr1801.sys
2010-12-08 18:38:59 315520 ----a-w- c:\windows\system32\dllcache\trid3d.dll
2010-12-08 18:37:58 10240 ----a-w- c:\windows\system32\dllcache\swpidflt.dll
2010-12-08 18:36:59 58368 ----a-w- c:\windows\system32\dllcache\smiminib.sys
2010-12-08 18:35:58 161568 ----a-w- c:\windows\system32\dllcache\sgsmusb.sys
2010-12-08 18:34:57 182272 ----a-w- c:\windows\system32\dllcache\s3mt3d.dll
2010-12-08 18:33:59 33152 ----a-w- c:\windows\system32\dllcache\ql10wnt.sys
2010-12-08 18:32:58 35328 ----a-w- c:\windows\system32\dllcache\pcntpci5.sys
2010-12-08 18:31:57 51552 ----a-w- c:\windows\system32\dllcache\ntgrip.sys
2010-12-08 18:30:59 103296 ----a-w- c:\windows\system32\dllcache\mtxvideo.sys
2010-12-08 18:29:59 58368 ----a-w- c:\windows\system32\dllcache\m3091dc.dll
2010-12-08 18:28:58 28160 ----a-w- c:\windows\system32\dllcache\irmon.dll
2010-12-08 18:27:59 353184 ----a-w- c:\windows\system32\dllcache\i740dnt5.dll
2010-12-08 18:26:57 2688 ----a-w- c:\windows\system32\dllcache\hidswvd.sys
2010-12-08 18:25:59 45568 ----a-w- c:\windows\system32\dllcache\esunib.dll
2010-12-08 18:24:59 8704 ----a-w- c:\windows\system32\dllcache\dot4scan.sys
2010-12-08 18:23:59 6912 ----a-w- c:\windows\system32\dllcache\ctlfacem.sys
2010-12-08 18:22:59 9728 ----a-w- c:\windows\system32\dllcache\brcoinst.dll
2010-12-08 18:21:53 7680 ----a-w- c:\windows\system32\dllcache\inetmgr.exe
2010-12-08 18:21:53 19968 ----a-w- c:\windows\system32\dllcache\inetsloc.dll
2010-12-08 18:21:52 5632 ----a-w- c:\windows\system32\dllcache\iisrstap.dll
2010-12-08 18:21:52 169984 ----a-w- c:\windows\system32\dllcache\iisui.dll
2010-12-08 18:21:51 6144 ----a-w- c:\windows\system32\dllcache\ftpsapi2.dll
2010-12-08 18:21:51 14336 ----a-w- c:\windows\system32\dllcache\iisreset.exe
2010-12-07 23:18:33 -------- d-----w- c:\docume~1\markm\applic~1\Malwarebytes

==================== Find3M ====================

2010-09-18 19:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST380815AS rev.3.CHF -> Harddisk0\DR0 -> \Device\Ide\IdePort2 P2T0L0-16

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A630555]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a6367b0]; MOV EAX, [0x8a63682c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8A6A5AB8]
3 CLASSPNP[0xBA0E8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\0000006c[0x8A690570]
5 ACPI[0xB9F7F620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8A6A6D98]
\Driver\atapi[0x8A6552E8] -> IRP_MJ_CREATE -> 0x8A630555
kernel: MBR read successfully
_asm { XOR DI, DI; MOV SI, 0x200; MOV SS, DI; MOV SP, 0x7a00; MOV BX, 0x7a0; MOV CX, SI; MOV DS, BX; MOV ES, BX; REP MOVSB ; JMP FAR 0x7a0:0x5d; }
detected disk devices:
\Device\Ide\IdeDeviceP2T0L0-16 -> \??\IDE#DiskST380815AS______________________________3.CHF___#5239315752544a35202020202020202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A63039B
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !

============= FINISH: 8:24:12.39 ===============

Attached Files

  • Attached File  ark.txt   19.31KB   0 downloads


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:55 PM

Posted 17 December 2010 - 12:50 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 m00n

m00n
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:55 AM

Posted 17 December 2010 - 07:49 PM

I am working on it - it seems to be locking up and not fully running when I execute the combofix file

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:55 PM

Posted 17 December 2010 - 07:52 PM

Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:55 PM

Posted 20 December 2010 - 04:29 AM

Hello

three day bump

It has been Three days since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 m00n

m00n
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:55 AM

Posted 20 December 2010 - 10:47 AM

Yes. Apologies... I didn't have access to the PC over the weekend. I will be running that today in safemode

#9 m00n

m00n
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:55 AM

Posted 20 December 2010 - 04:43 PM

I tried to run it in safe mode - it said that there was an update so I said yes to the update. once it downloaded the update and restarted, it gave the following error message:

"you appear to have a corrupted download. Please download a fresh copy of combofix.exe

you can close combofix by clicking the right corner of the progress bar."

I downloaded a fresh copy and got the same thing.

I downloaded to another PC and then moved it over via thumb drive and got the same message.

No matter what I try, it isn't running.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:55 PM

Posted 20 December 2010 - 05:59 PM

Hello

It looks like the rootkit is still active. I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 m00n

m00n
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:55 AM

Posted 20 December 2010 - 08:11 PM

2010/12/20 17:05:57.0661 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
2010/12/20 17:05:57.0661 ================================================================================
2010/12/20 17:05:57.0661 SystemInfo:
2010/12/20 17:05:57.0661
2010/12/20 17:05:57.0661 OS Version: 5.1.2600 ServicePack: 3.0
2010/12/20 17:05:57.0661 Product type: Workstation
2010/12/20 17:05:57.0661 ComputerName: STACEYHP
2010/12/20 17:05:57.0661 UserName: markm
2010/12/20 17:05:57.0661 Windows directory: C:\WINDOWS
2010/12/20 17:05:57.0661 System windows directory: C:\WINDOWS
2010/12/20 17:05:57.0661 Processor architecture: Intel x86
2010/12/20 17:05:57.0661 Number of processors: 2
2010/12/20 17:05:57.0661 Page size: 0x1000
2010/12/20 17:05:57.0661 Boot type: Normal boot
2010/12/20 17:05:57.0661 ================================================================================
2010/12/20 17:05:57.0880 Initialize success
2010/12/20 17:06:04.0989 ================================================================================
2010/12/20 17:06:04.0989 Scan started
2010/12/20 17:06:04.0989 Mode: Manual;
2010/12/20 17:06:04.0989 ================================================================================
2010/12/20 17:06:05.0380 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
2010/12/20 17:06:05.0474 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/12/20 17:06:05.0505 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/12/20 17:06:05.0567 ADIHdAudAddService (4e6e32df81005355056a76491d29d05c) C:\WINDOWS\system32\drivers\ADIHdAud.sys
2010/12/20 17:06:05.0599 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2010/12/20 17:06:05.0630 adpu320 (0ea9b1f0c6c90a509c8603775366adb7) C:\WINDOWS\system32\DRIVERS\adpu320.sys
2010/12/20 17:06:05.0677 AEAudio (058cdc314672a28a90566a787d9876e7) C:\WINDOWS\system32\drivers\AEAudio.sys
2010/12/20 17:06:05.0724 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/12/20 17:06:05.0771 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/12/20 17:06:05.0833 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2010/12/20 17:06:05.0864 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2010/12/20 17:06:06.0036 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/12/20 17:06:06.0099 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/12/20 17:06:06.0161 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/12/20 17:06:06.0224 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/12/20 17:06:06.0286 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/12/20 17:06:06.0411 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/12/20 17:06:06.0458 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/12/20 17:06:06.0505 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/12/20 17:06:06.0521 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/12/20 17:06:06.0661 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/12/20 17:06:06.0833 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/12/20 17:06:06.0880 DLABMFSM (e328f653bb38dca443b6b5c209550f16) C:\WINDOWS\system32\DLA\DLABMFSM.SYS
2010/12/20 17:06:06.0896 DLABOIOM (5324fbe31307eddd03df5539225454c8) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
2010/12/20 17:06:06.0927 DLACDBHM (5230cdb7e715f3a3b4a882e254cdd35d) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2010/12/20 17:06:06.0974 DLADResM (29d4dd39678bda04d76e6ddb56355c21) C:\WINDOWS\system32\DLA\DLADResM.SYS
2010/12/20 17:06:07.0005 DLAIFS_M (b89653704319073f71311a676baf70d4) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2010/12/20 17:06:07.0052 DLAOPIOM (e08f04c7f7e0c31c9ac928abac9d0193) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2010/12/20 17:06:07.0114 DLAPoolM (daa942572d1b3393040209bf5eadf4a8) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
2010/12/20 17:06:07.0161 DLARTL_M (77fe51f0f8d86804cb81f6ef6bfb86dd) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
2010/12/20 17:06:07.0192 DLAUDFAM (e1160a37a6f1a7607510744267501836) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2010/12/20 17:06:07.0239 DLAUDF_M (26dad89dc9de1f7f4990849bc5731d03) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
2010/12/20 17:06:07.0302 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/12/20 17:06:07.0427 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/12/20 17:06:07.0427 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/12/20 17:06:07.0458 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/12/20 17:06:07.0489 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2010/12/20 17:06:07.0521 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/12/20 17:06:07.0552 DRVMCDB (c00440385cf9f3d142917c63f989e244) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2010/12/20 17:06:07.0567 DRVNDDM (ffc371525aa55d1bae18715ebcb8797c) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2010/12/20 17:06:07.0599 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2010/12/20 17:06:07.0630 e1express (34aaa3b298a852b3663e6e0d94d12945) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
2010/12/20 17:06:07.0692 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/12/20 17:06:07.0708 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/12/20 17:06:07.0755 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/12/20 17:06:07.0849 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/12/20 17:06:07.0880 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/12/20 17:06:07.0896 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/12/20 17:06:07.0927 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/12/20 17:06:07.0989 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/12/20 17:06:08.0052 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/12/20 17:06:08.0083 HECI (c865d1f6d03595df213dc3c67e4e4c58) C:\WINDOWS\system32\DRIVERS\HECI.sys
2010/12/20 17:06:08.0146 HidBatt (748031ff4fe45ccc47546294905feab8) C:\WINDOWS\system32\DRIVERS\HidBatt.sys
2010/12/20 17:06:08.0224 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/12/20 17:06:08.0286 HPFXBULK (e4e0b356a8756066cf89080d9da69f22) C:\WINDOWS\system32\drivers\hpfxbulk.sys
2010/12/20 17:06:08.0380 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/12/20 17:06:08.0442 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/12/20 17:06:08.0505 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
2010/12/20 17:06:08.0630 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
2010/12/20 17:06:08.0677 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
2010/12/20 17:06:08.0692 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
2010/12/20 17:06:08.0755 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
2010/12/20 17:06:08.0802 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
2010/12/20 17:06:08.0880 iAimFP5 (0308aef61941e4af478fa1a0f83812f5) C:\WINDOWS\system32\DRIVERS\wADV07nt.sys
2010/12/20 17:06:08.0942 iAimFP6 (714038a8aa5de08e12062202cd7eaeb5) C:\WINDOWS\system32\DRIVERS\wADV08nt.sys
2010/12/20 17:06:09.0021 iAimFP7 (7bb3aa595e4507a788de1cdc63f4c8c4) C:\WINDOWS\system32\DRIVERS\wADV09nt.sys
2010/12/20 17:06:09.0067 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
2010/12/20 17:06:09.0130 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
2010/12/20 17:06:09.0177 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
2010/12/20 17:06:09.0224 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
2010/12/20 17:06:09.0302 iAimTV5 (791cc45de6e50445be72e8ad6401ff45) C:\WINDOWS\system32\DRIVERS\wATV10nt.sys
2010/12/20 17:06:09.0364 iAimTV6 (352fa0e98bc461ce1ce5d41f64db558d) C:\WINDOWS\system32\DRIVERS\wATV06nt.sys
2010/12/20 17:06:09.0520 ialm (12c7f8d581c4a9f126f5f8f5683a1c29) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2010/12/20 17:06:09.0911 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\WINDOWS\system32\DRIVERS\iaStor.sys
2010/12/20 17:06:09.0974 IFXTPM (667cfdb801df771f47b7c39373c2d850) C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
2010/12/20 17:06:10.0052 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/12/20 17:06:10.0177 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/12/20 17:06:10.0239 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/12/20 17:06:10.0270 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/12/20 17:06:10.0349 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/12/20 17:06:10.0427 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/12/20 17:06:10.0489 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/12/20 17:06:10.0536 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/12/20 17:06:10.0567 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/12/20 17:06:10.0614 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/12/20 17:06:10.0645 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/12/20 17:06:10.0692 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/12/20 17:06:10.0708 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/12/20 17:06:10.0770 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/12/20 17:06:10.0817 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/12/20 17:06:10.0849 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/12/20 17:06:10.0880 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/12/20 17:06:10.0942 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/12/20 17:06:11.0005 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/12/20 17:06:11.0020 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/12/20 17:06:11.0036 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/12/20 17:06:11.0067 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/12/20 17:06:11.0114 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/12/20 17:06:11.0177 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/12/20 17:06:11.0239 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/12/20 17:06:11.0270 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/12/20 17:06:11.0302 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/12/20 17:06:11.0380 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/12/20 17:06:11.0427 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/12/20 17:06:11.0489 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/12/20 17:06:11.0536 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/12/20 17:06:11.0583 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/12/20 17:06:11.0599 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/12/20 17:06:11.0692 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/12/20 17:06:11.0739 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/12/20 17:06:11.0770 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/12/20 17:06:11.0833 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/12/20 17:06:11.0880 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/12/20 17:06:11.0927 NxDrv (cdf2a5f20509593140f8b3b965448c5b) C:\WINDOWS\system32\DRIVERS\NxDrv.sys
2010/12/20 17:06:12.0005 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
2010/12/20 17:06:12.0067 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/12/20 17:06:12.0145 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/12/20 17:06:12.0177 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/12/20 17:06:12.0224 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/12/20 17:06:12.0286 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/12/20 17:06:12.0349 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/12/20 17:06:12.0614 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/12/20 17:06:12.0661 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/12/20 17:06:12.0692 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/12/20 17:06:12.0739 PxHelp20 (feffcfdc528764a04c8ed63d5fa6e711) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/12/20 17:06:12.0911 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/12/20 17:06:12.0942 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/12/20 17:06:12.0974 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/12/20 17:06:13.0052 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/12/20 17:06:13.0099 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/12/20 17:06:13.0114 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/12/20 17:06:13.0177 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/12/20 17:06:13.0255 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/12/20 17:06:13.0333 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/12/20 17:06:13.0427 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/12/20 17:06:13.0458 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/12/20 17:06:13.0505 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/12/20 17:06:13.0552 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/12/20 17:06:13.0692 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/12/20 17:06:13.0755 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/12/20 17:06:13.0786 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/12/20 17:06:13.0817 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/12/20 17:06:13.0849 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/12/20 17:06:13.0911 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2010/12/20 17:06:13.0927 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2010/12/20 17:06:13.0974 Symmpi (f2b7e8416f508368ac6730e2ae1c614f) C:\WINDOWS\system32\DRIVERS\symmpi.sys
2010/12/20 17:06:14.0005 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2010/12/20 17:06:14.0036 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2010/12/20 17:06:14.0083 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/12/20 17:06:14.0145 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/12/20 17:06:14.0239 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/12/20 17:06:14.0270 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/12/20 17:06:14.0349 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/12/20 17:06:14.0395 tmactmon (d4b828ac85827f3e48dcb4f55d686ae6) C:\WINDOWS\system32\drivers\tmactmon.sys
2010/12/20 17:06:14.0474 tmcfw (2135cb168c142e152f1f9255b6cae5bc) C:\WINDOWS\system32\DRIVERS\TM_CFW.sys
2010/12/20 17:06:14.0552 tmcomm (36411a1874ee29c005a1de559d96bfe1) C:\WINDOWS\system32\drivers\tmcomm.sys
2010/12/20 17:06:14.0599 tmevtmgr (4dc486b36c75f30eff9e5c46a110f171) C:\WINDOWS\system32\drivers\tmevtmgr.sys
2010/12/20 17:06:14.0677 TmFilter (ac940a15959be57958b91cdb914aaa6c) C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys
2010/12/20 17:06:14.0724 TmPreFilter (8651a867c78bd2b69f1d5f982138a074) C:\Program Files\Trend Micro\OfficeScan Client\TmPreFlt.sys
2010/12/20 17:06:14.0817 tmtdi (aed2f6998e0c9f14e00cccc6db800617) C:\WINDOWS\system32\DRIVERS\tmtdi.sys
2010/12/20 17:06:14.0895 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/12/20 17:06:14.0989 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/12/20 17:06:15.0067 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/12/20 17:06:15.0114 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/12/20 17:06:15.0145 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/12/20 17:06:15.0192 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/12/20 17:06:15.0239 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/12/20 17:06:15.0270 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/12/20 17:06:15.0302 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/12/20 17:06:15.0349 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/12/20 17:06:15.0411 VSApiNt (71a53597bfb4bad7218ad2beaba5c564) C:\Program Files\Trend Micro\OfficeScan Client\VSApiNt.sys
2010/12/20 17:06:15.0520 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/12/20 17:06:15.0583 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/12/20 17:06:15.0645 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2010/12/20 17:06:15.0677 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/12/20 17:06:15.0724 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/12/20 17:06:15.0755 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/12/20 17:06:15.0770 ================================================================================
2010/12/20 17:06:15.0770 Scan finished
2010/12/20 17:06:15.0770 ================================================================================
2010/12/20 17:06:15.0770 Detected object count: 1
2010/12/20 17:06:40.0004 \HardDisk0 - will be cured after reboot
2010/12/20 17:06:40.0004 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2010/12/20 17:06:43.0817 Deinitialize success

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:55 PM

Posted 21 December 2010 - 12:54 AM

Hello

Good that removed the rootkit, I want you to run combofix in safe mode again but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 m00n

m00n
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:55 AM

Posted 22 December 2010 - 04:43 PM

Okay - got it to run - here is the log -


ComboFix 10-12-22.01 - markm 12/22/2010 12:27:19.2.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2002.1740 [GMT -8:00]
Running from: c:\documents and settings\markm\Desktop\for marks virus\ComboFix.exe
AV: Trend Micro OfficeScan Antivirus *Enabled/Updated* {4CA5B9AB-4295-4D4C-9664-0EBE85AE0525}
FW: Trend Micro Personal Firewall *Enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Oeminfo.ini

.
((((((((((((((((((((((((( Files Created from 2010-11-22 to 2010-12-22 )))))))))))))))))))))))))))))))
.

2010-12-21 11:20 . 2010-12-21 11:20 118784 ----a-w- c:\windows\system32\chg.exe
2010-12-09 20:11 . 2010-12-09 20:11 -------- d-----w- c:\documents and settings\markm\Local Settings\Application Data\Google
2010-12-08 18:40 . 2006-02-28 12:00 41600 ----a-w- c:\windows\system32\dllcache\weitekp9.dll
2010-12-08 18:39 . 2001-08-17 21:28 794654 ----a-w- c:\windows\system32\dllcache\usr1801.sys
2010-12-08 18:38 . 2001-08-17 22:56 315520 ----a-w- c:\windows\system32\dllcache\trid3d.dll
2010-12-08 18:37 . 2001-08-18 06:36 10240 ----a-w- c:\windows\system32\dllcache\swpidflt.dll
2010-12-08 18:36 . 2001-08-17 20:51 58368 ----a-w- c:\windows\system32\dllcache\smiminib.sys
2010-12-08 18:35 . 2001-07-21 22:29 161568 ----a-w- c:\windows\system32\dllcache\sgsmusb.sys
2010-12-08 18:34 . 2001-08-17 22:56 182272 ----a-w- c:\windows\system32\dllcache\s3mt3d.dll
2010-12-08 18:33 . 2001-08-17 21:52 33152 ----a-w- c:\windows\system32\dllcache\ql10wnt.sys
2010-12-08 18:32 . 2001-08-17 20:11 35328 ----a-w- c:\windows\system32\dllcache\pcntpci5.sys
2010-12-08 18:31 . 2001-08-18 06:36 38912 ----a-w- c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
2010-12-08 18:30 . 2001-08-17 20:50 103296 ----a-w- c:\windows\system32\dllcache\mtxvideo.sys
2010-12-08 18:29 . 2001-08-18 06:36 58368 ----a-w- c:\windows\system32\dllcache\m3091dc.dll
2010-12-08 18:28 . 2008-04-14 00:11 28160 ----a-w- c:\windows\system32\dllcache\irmon.dll
2010-12-08 18:27 . 2008-04-13 18:41 18560 ----a-w- c:\windows\system32\dllcache\i2omp.sys
2010-12-08 18:26 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll
2010-12-08 18:25 . 2001-08-18 06:36 45568 ----a-w- c:\windows\system32\dllcache\esunib.dll
2010-12-08 18:24 . 2001-08-17 21:47 8704 ----a-w- c:\windows\system32\dllcache\dot4scan.sys
2010-12-08 18:23 . 2001-08-17 20:19 6912 ----a-w- c:\windows\system32\dllcache\ctlfacem.sys
2010-12-08 18:22 . 2001-08-18 06:36 9728 ----a-w- c:\windows\system32\dllcache\brcoinst.dll
2010-12-08 18:21 . 2006-02-28 12:00 7680 ----a-w- c:\windows\system32\dllcache\inetmgr.exe
2010-12-08 18:21 . 2006-02-28 12:00 19968 ----a-w- c:\windows\system32\dllcache\inetsloc.dll
2010-12-08 18:21 . 2006-02-28 12:00 5632 ----a-w- c:\windows\system32\dllcache\iisrstap.dll
2010-12-08 18:21 . 2006-02-28 12:00 169984 ----a-w- c:\windows\system32\dllcache\iisui.dll
2010-12-08 18:21 . 2006-02-28 12:00 6144 ----a-w- c:\windows\system32\dllcache\ftpsapi2.dll
2010-12-08 18:21 . 2006-02-28 12:00 14336 ----a-w- c:\windows\system32\dllcache\iisreset.exe
2010-12-08 17:11 . 2010-12-08 17:11 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-12-07 23:18 . 2010-12-07 23:18 -------- d-----w- c:\documents and settings\markm\Application Data\Malwarebytes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-30 01:42 . 2010-06-09 17:31 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-30 01:42 . 2010-06-09 17:31 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-18 18:12 . 2004-08-04 07:56 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-06 00:34 . 2004-08-04 07:56 832512 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:34 . 2009-10-28 14:04 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-11-06 00:34 . 2004-08-04 07:56 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-06 00:34 . 2004-08-04 07:56 17408 ----a-w- c:\windows\system32\corpol.dll
2010-11-03 12:25 . 2004-08-04 05:59 389120 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2001-08-17 20:55 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2004-08-04 07:56 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2004-08-04 06:17 1853312 ----a-w- c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-12-11_00.46.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-22 18:57 . 2010-11-03 13:12 46080 c:\windows\system32\tzchange.exe
- 2008-04-22 18:57 . 2010-06-21 14:46 46080 c:\windows\system32\tzchange.exe
+ 2004-08-04 07:56 . 2010-11-06 00:34 44544 c:\windows\system32\pngfilt.dll
- 2004-08-04 07:56 . 2010-09-09 13:38 44544 c:\windows\system32\pngfilt.dll
+ 2006-04-26 00:43 . 2010-12-22 20:27 75656 c:\windows\system32\perfc009.dat
+ 2007-08-14 02:54 . 2010-11-06 00:34 52224 c:\windows\system32\msfeedsbs.dll
- 2007-08-14 02:54 . 2010-09-09 13:38 52224 c:\windows\system32\msfeedsbs.dll
- 2004-08-04 07:56 . 2010-09-09 13:38 27648 c:\windows\system32\jsproxy.dll
+ 2004-08-04 07:56 . 2010-11-06 00:34 27648 c:\windows\system32\jsproxy.dll
+ 2004-08-04 07:56 . 2010-11-06 00:34 44544 c:\windows\system32\iernonce.dll
- 2004-08-04 07:56 . 2010-09-09 13:38 44544 c:\windows\system32\iernonce.dll
+ 2004-08-04 07:56 . 2010-11-03 12:24 70656 c:\windows\system32\ie4uinit.exe
- 2004-08-04 07:56 . 2010-09-08 15:57 70656 c:\windows\system32\ie4uinit.exe
- 2007-08-14 02:36 . 2010-09-09 13:38 63488 c:\windows\system32\icardie.dll
+ 2007-08-14 02:36 . 2010-11-06 00:34 63488 c:\windows\system32\icardie.dll
+ 2004-08-04 07:56 . 2010-10-11 14:59 45568 c:\windows\system32\dllcache\wab.exe
+ 2004-08-04 07:56 . 2010-11-06 00:34 44544 c:\windows\system32\dllcache\pngfilt.dll
- 2004-08-04 07:56 . 2010-09-09 13:38 44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2001-08-17 20:55 . 2010-11-02 15:17 40960 c:\windows\system32\dllcache\ndproxy.sys
+ 2009-03-04 19:47 . 2010-11-06 00:34 52224 c:\windows\system32\dllcache\msfeedsbs.dll
- 2009-03-04 19:47 . 2010-09-09 13:38 52224 c:\windows\system32\dllcache\msfeedsbs.dll
- 2004-08-04 07:56 . 2010-09-09 13:38 27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2004-08-04 07:56 . 2010-11-06 00:34 27648 c:\windows\system32\dllcache\jsproxy.dll
- 2004-08-04 07:56 . 2008-04-14 00:11 81920 c:\windows\system32\dllcache\isign32.dll
+ 2004-08-04 07:56 . 2010-11-18 18:12 81920 c:\windows\system32\dllcache\isign32.dll
+ 2009-03-04 19:47 . 2010-11-03 12:24 13824 c:\windows\system32\dllcache\ieudinit.exe
- 2009-03-04 19:47 . 2010-09-08 15:57 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2004-08-04 07:56 . 2010-11-06 00:34 44544 c:\windows\system32\dllcache\iernonce.dll
- 2004-08-04 07:56 . 2010-09-09 13:38 44544 c:\windows\system32\dllcache\iernonce.dll
- 2009-10-28 14:04 . 2010-09-09 13:38 78336 c:\windows\system32\dllcache\ieencode.dll
+ 2009-10-28 14:04 . 2010-11-06 00:34 78336 c:\windows\system32\dllcache\ieencode.dll
+ 2004-08-04 07:56 . 2010-11-03 12:24 70656 c:\windows\system32\dllcache\ie4uinit.exe
- 2004-08-04 07:56 . 2010-09-08 15:57 70656 c:\windows\system32\dllcache\ie4uinit.exe
- 2009-03-04 19:47 . 2010-09-09 13:38 63488 c:\windows\system32\dllcache\icardie.dll
+ 2009-03-04 19:47 . 2010-11-06 00:34 63488 c:\windows\system32\dllcache\icardie.dll
- 2004-08-04 07:56 . 2010-09-09 13:38 17408 c:\windows\system32\dllcache\corpol.dll
+ 2004-08-04 07:56 . 2010-11-06 00:34 17408 c:\windows\system32\dllcache\corpol.dll
+ 2009-03-05 16:26 . 2010-12-21 11:02 35088 c:\windows\Installer\{91120000-003A-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-03-05 16:26 . 2010-11-10 11:02 35088 c:\windows\Installer\{91120000-003A-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-03-05 16:26 . 2010-11-10 11:02 18704 c:\windows\Installer\{91120000-003A-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-03-05 16:26 . 2010-12-21 11:02 18704 c:\windows\Installer\{91120000-003A-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-03-05 16:26 . 2010-12-21 11:02 20240 c:\windows\Installer\{91120000-003A-0000-0000-0000000FF1CE}\cagicon.exe
- 2009-03-05 16:26 . 2010-11-10 11:02 20240 c:\windows\Installer\{91120000-003A-0000-0000-0000000FF1CE}\cagicon.exe
- 2009-03-09 16:56 . 2010-11-10 11:00 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2009-03-09 16:56 . 2010-12-21 11:02 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2009-03-09 16:56 . 2010-12-21 11:02 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2009-03-09 16:56 . 2010-11-10 11:00 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2009-03-09 16:56 . 2010-11-10 11:00 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2009-03-09 16:56 . 2010-12-21 11:02 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2009-03-09 16:56 . 2010-11-10 11:00 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2009-03-09 16:56 . 2010-12-21 11:02 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2009-03-09 16:56 . 2010-11-10 11:00 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2009-03-09 16:56 . 2010-12-21 11:02 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2009-03-09 16:56 . 2010-12-21 11:02 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2009-03-09 16:56 . 2010-11-10 11:00 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2010-06-05 11:01 . 2010-12-21 11:03 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
- 2010-06-05 11:01 . 2010-10-01 10:00 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2010-12-21 11:02 . 2010-09-09 13:38 44544 c:\windows\ie7updates\KB2416400-IE7\pngfilt.dll
+ 2010-12-21 11:02 . 2010-09-09 13:38 52224 c:\windows\ie7updates\KB2416400-IE7\msfeedsbs.dll
+ 2010-12-21 11:02 . 2010-09-09 13:38 27648 c:\windows\ie7updates\KB2416400-IE7\jsproxy.dll
+ 2010-12-21 11:02 . 2010-09-08 15:57 13824 c:\windows\ie7updates\KB2416400-IE7\ieudinit.exe
+ 2010-12-21 11:02 . 2010-09-09 13:38 44544 c:\windows\ie7updates\KB2416400-IE7\iernonce.dll
+ 2010-12-21 11:02 . 2010-09-09 13:38 78336 c:\windows\ie7updates\KB2416400-IE7\ieencode.dll
+ 2010-12-21 11:02 . 2010-09-08 15:57 70656 c:\windows\ie7updates\KB2416400-IE7\ie4uinit.exe
+ 2010-12-21 11:02 . 2010-09-09 13:38 63488 c:\windows\ie7updates\KB2416400-IE7\icardie.dll
+ 2010-12-21 11:02 . 2010-09-09 13:38 17408 c:\windows\ie7updates\KB2416400-IE7\corpol.dll
- 2009-03-09 16:56 . 2010-11-10 11:00 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2009-03-09 16:56 . 2010-12-21 11:02 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2004-08-04 07:56 . 2010-09-09 13:38 233472 c:\windows\system32\webcheck.dll
+ 2004-08-04 07:56 . 2010-11-06 00:34 233472 c:\windows\system32\webcheck.dll
+ 2004-08-04 07:56 . 2010-11-06 00:34 105984 c:\windows\system32\url.dll
- 2004-08-04 07:56 . 2010-09-09 13:38 105984 c:\windows\system32\url.dll
+ 2006-04-26 00:43 . 2010-12-22 20:27 455440 c:\windows\system32\perfh009.dat
+ 2004-08-04 07:56 . 2010-11-06 00:34 102912 c:\windows\system32\occache.dll
- 2004-08-04 07:56 . 2010-09-09 13:38 102912 c:\windows\system32\occache.dll
- 2004-08-04 07:56 . 2010-09-09 13:38 671232 c:\windows\system32\mstime.dll
+ 2004-08-04 07:56 . 2010-11-06 00:34 671232 c:\windows\system32\mstime.dll
+ 2004-08-04 07:56 . 2010-11-06 00:34 193024 c:\windows\system32\msrating.dll
- 2004-08-04 07:56 . 2010-09-09 13:38 193024 c:\windows\system32\msrating.dll
+ 2004-08-04 07:56 . 2010-11-06 00:34 478208 c:\windows\system32\mshtmled.dll
- 2004-08-04 07:56 . 2010-09-09 13:38 478208 c:\windows\system32\mshtmled.dll
- 2007-08-14 02:54 . 2010-09-09 13:38 468480 c:\windows\system32\msfeeds.dll
+ 2007-08-14 02:54 . 2010-11-06 00:34 468480 c:\windows\system32\msfeeds.dll
+ 2007-08-14 02:34 . 2010-11-06 00:34 268288 c:\windows\system32\iertutil.dll
- 2007-08-14 02:34 . 2010-09-09 13:38 268288 c:\windows\system32\iertutil.dll
- 2008-04-22 18:25 . 2010-09-09 13:38 192512 c:\windows\system32\iepeers.dll
+ 2008-04-22 18:25 . 2010-11-06 00:34 192512 c:\windows\system32\iepeers.dll
+ 2004-08-04 07:56 . 2010-11-06 00:34 384512 c:\windows\system32\iedkcs32.dll
- 2004-08-04 07:56 . 2010-09-09 13:38 384512 c:\windows\system32\iedkcs32.dll
- 2007-07-11 20:27 . 2010-09-09 13:38 380928 c:\windows\system32\ieapfltr.dll
+ 2007-07-11 20:27 . 2010-11-06 00:34 380928 c:\windows\system32\ieapfltr.dll
+ 2001-08-18 05:34 . 2010-10-18 11:06 161792 c:\windows\system32\ieakui.dll
- 2001-08-18 05:34 . 2010-08-25 11:29 161792 c:\windows\system32\ieakui.dll
+ 2004-08-04 07:56 . 2010-11-06 00:34 230400 c:\windows\system32\ieaksie.dll
- 2004-08-04 07:56 . 2010-09-09 13:38 230400 c:\windows\system32\ieaksie.dll
- 2004-08-04 07:56 . 2010-09-09 13:38 153088 c:\windows\system32\ieakeng.dll
+ 2004-08-04 07:56 . 2010-11-06 00:34 153088 c:\windows\system32\ieakeng.dll
- 2006-04-26 00:39 . 2010-10-14 10:19 378448 c:\windows\system32\FNTCACHE.DAT
+ 2006-04-26 00:39 . 2010-12-21 11:20 378448 c:\windows\system32\FNTCACHE.DAT
+ 2004-08-04 07:56 . 2010-11-06 00:34 133120 c:\windows\system32\extmgr.dll
- 2004-08-04 07:56 . 2010-09-09 13:38 133120 c:\windows\system32\extmgr.dll
+ 2004-08-04 07:56 . 2010-11-06 00:34 214528 c:\windows\system32\dxtrans.dll
- 2004-08-04 07:56 . 2010-09-09 13:38 214528 c:\windows\system32\dxtrans.dll
- 2004-08-04 07:56 . 2010-09-09 13:38 347136 c:\windows\system32\dxtmsft.dll
+ 2004-08-04 07:56 . 2010-11-06 00:34 347136 c:\windows\system32\dxtmsft.dll
+ 2004-08-04 07:56 . 2010-11-06 00:34 832512 c:\windows\system32\dllcache\wininet.dll
- 2004-08-04 07:56 . 2010-09-09 13:38 832512 c:\windows\system32\dllcache\wininet.dll
- 2004-08-04 07:56 . 2010-09-09 13:38 233472 c:\windows\system32\dllcache\webcheck.dll
+ 2004-08-04 07:56 . 2010-11-06 00:34 233472 c:\windows\system32\dllcache\webcheck.dll
+ 2004-08-04 07:56 . 2010-11-06 00:34 105984 c:\windows\system32\dllcache\url.dll
- 2004-08-04 07:56 . 2010-09-09 13:38 105984 c:\windows\system32\dllcache\url.dll
+ 2004-08-04 07:56 . 2010-11-06 00:34 102912 c:\windows\system32\dllcache\occache.dll
- 2004-08-04 07:56 . 2010-09-09 13:38 102912 c:\windows\system32\dllcache\occache.dll
- 2004-08-04 07:56 . 2010-09-09 13:38 671232 c:\windows\system32\dllcache\mstime.dll
+ 2004-08-04 07:56 . 2010-11-06 00:34 671232 c:\windows\system32\dllcache\mstime.dll
- 2004-08-04 07:56 . 2010-09-09 13:38 193024 c:\windows\system32\dllcache\msrating.dll
+ 2004-08-04 07:56 . 2010-11-06 00:34 193024 c:\windows\system32\dllcache\msrating.dll
+ 2004-08-04 07:56 . 2010-11-06 00:34 478208 c:\windows\system32\dllcache\mshtmled.dll
- 2004-08-04 07:56 . 2010-09-09 13:38 478208 c:\windows\system32\dllcache\mshtmled.dll
+ 2009-03-04 19:47 . 2010-11-06 00:34 468480 c:\windows\system32\dllcache\msfeeds.dll
- 2009-03-04 19:47 . 2010-09-09 13:38 468480 c:\windows\system32\dllcache\msfeeds.dll
- 2004-08-04 07:56 . 2010-08-25 11:30 634648 c:\windows\system32\dllcache\iexplore.exe
+ 2004-08-04 07:56 . 2010-10-18 11:07 634648 c:\windows\system32\dllcache\iexplore.exe
- 2009-03-04 19:47 . 2010-09-09 13:38 268288 c:\windows\system32\dllcache\iertutil.dll
+ 2009-03-04 19:47 . 2010-11-06 00:34 268288 c:\windows\system32\dllcache\iertutil.dll
- 2008-04-22 18:25 . 2010-09-09 13:38 192512 c:\windows\system32\dllcache\iepeers.dll
+ 2008-04-22 18:25 . 2010-11-06 00:34 192512 c:\windows\system32\dllcache\iepeers.dll
+ 2004-08-04 07:56 . 2010-11-06 00:34 384512 c:\windows\system32\dllcache\iedkcs32.dll
- 2004-08-04 07:56 . 2010-09-09 13:38 384512 c:\windows\system32\dllcache\iedkcs32.dll
- 2009-03-04 19:47 . 2010-09-09 13:38 380928 c:\windows\system32\dllcache\ieapfltr.dll
+ 2009-03-04 19:47 . 2010-11-06 00:34 380928 c:\windows\system32\dllcache\ieapfltr.dll
+ 2001-08-18 05:34 . 2010-10-18 11:06 161792 c:\windows\system32\dllcache\ieakui.dll
- 2001-08-18 05:34 . 2010-08-25 11:29 161792 c:\windows\system32\dllcache\ieakui.dll
- 2004-08-04 07:56 . 2010-09-09 13:38 230400 c:\windows\system32\dllcache\ieaksie.dll
+ 2004-08-04 07:56 . 2010-11-06 00:34 230400 c:\windows\system32\dllcache\ieaksie.dll
+ 2004-08-04 07:56 . 2010-11-06 00:34 153088 c:\windows\system32\dllcache\ieakeng.dll
- 2004-08-04 07:56 . 2010-09-09 13:38 153088 c:\windows\system32\dllcache\ieakeng.dll
- 2004-08-04 07:56 . 2010-09-09 13:38 133120 c:\windows\system32\dllcache\extmgr.dll
+ 2004-08-04 07:56 . 2010-11-06 00:34 133120 c:\windows\system32\dllcache\extmgr.dll
- 2004-08-04 07:56 . 2010-09-09 13:38 214528 c:\windows\system32\dllcache\dxtrans.dll
+ 2004-08-04 07:56 . 2010-11-06 00:34 214528 c:\windows\system32\dllcache\dxtrans.dll
+ 2004-08-04 07:56 . 2010-11-06 00:34 347136 c:\windows\system32\dllcache\dxtmsft.dll
- 2004-08-04 07:56 . 2010-09-09 13:38 347136 c:\windows\system32\dllcache\dxtmsft.dll
+ 2004-08-04 07:56 . 2010-10-28 13:13 290048 c:\windows\system32\dllcache\atmfd.dll
- 2004-08-04 07:56 . 2010-09-09 13:38 124928 c:\windows\system32\dllcache\advpack.dll
+ 2004-08-04 07:56 . 2010-11-06 00:34 124928 c:\windows\system32\dllcache\advpack.dll
+ 2004-08-04 07:56 . 2010-11-06 00:34 124928 c:\windows\system32\advpack.dll
- 2004-08-04 07:56 . 2010-09-09 13:38 124928 c:\windows\system32\advpack.dll
+ 2010-07-23 09:03 . 2010-07-23 09:03 338432 c:\windows\Installer\220e296.msp
- 2009-03-05 16:26 . 2010-11-10 11:02 239376 c:\windows\Installer\{91120000-003A-0000-0000-0000000FF1CE}\pj11icon.exe
+ 2009-03-05 16:26 . 2010-12-21 11:02 239376 c:\windows\Installer\{91120000-003A-0000-0000-0000000FF1CE}\pj11icon.exe
- 2009-03-05 16:26 . 2010-11-10 11:02 217864 c:\windows\Installer\{91120000-003A-0000-0000-0000000FF1CE}\misc.exe
+ 2009-03-05 16:26 . 2010-12-21 11:02 217864 c:\windows\Installer\{91120000-003A-0000-0000-0000000FF1CE}\misc.exe
- 2009-03-09 16:56 . 2010-11-10 11:00 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2009-03-09 16:56 . 2010-12-21 11:02 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2009-03-09 16:56 . 2010-11-10 11:00 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2009-03-09 16:56 . 2010-12-21 11:02 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2009-03-09 16:56 . 2010-12-21 11:02 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2009-03-09 16:56 . 2010-11-10 11:00 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2009-03-09 16:56 . 2010-12-21 11:02 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2009-03-09 16:56 . 2010-11-10 11:00 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2009-03-09 16:56 . 2010-12-21 11:02 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2009-03-09 16:56 . 2010-11-10 11:00 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2009-03-09 16:56 . 2010-11-10 11:00 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2009-03-09 16:56 . 2010-12-21 11:02 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2008-11-04 11:13 . 2008-11-04 11:13 118128 c:\windows\Installer\$PatchCache$\Managed\00002119A30000000000000000F01FEC\12.0.6425\MSCONV97.DLL
+ 2010-12-21 11:02 . 2010-09-09 13:38 832512 c:\windows\ie7updates\KB2416400-IE7\wininet.dll
+ 2010-12-21 11:02 . 2010-09-09 13:38 233472 c:\windows\ie7updates\KB2416400-IE7\webcheck.dll
+ 2010-12-21 11:02 . 2010-09-09 13:38 105984 c:\windows\ie7updates\KB2416400-IE7\url.dll
+ 2010-12-21 11:02 . 2010-02-22 14:23 382840 c:\windows\ie7updates\KB2416400-IE7\spuninst\updspapi.dll
+ 2010-12-21 11:02 . 2010-02-22 14:23 231288 c:\windows\ie7updates\KB2416400-IE7\spuninst\spuninst.exe
+ 2010-12-21 11:02 . 2010-09-09 13:38 102912 c:\windows\ie7updates\KB2416400-IE7\occache.dll
+ 2010-12-21 11:02 . 2010-09-09 13:38 671232 c:\windows\ie7updates\KB2416400-IE7\mstime.dll
+ 2010-12-21 11:02 . 2010-09-09 13:38 193024 c:\windows\ie7updates\KB2416400-IE7\msrating.dll
+ 2010-12-21 11:02 . 2010-09-09 13:38 478208 c:\windows\ie7updates\KB2416400-IE7\mshtmled.dll
+ 2010-12-21 11:02 . 2010-09-09 13:38 468480 c:\windows\ie7updates\KB2416400-IE7\msfeeds.dll
+ 2010-12-21 11:02 . 2010-08-25 11:30 634648 c:\windows\ie7updates\KB2416400-IE7\iexplore.exe
+ 2010-12-21 11:02 . 2010-09-09 13:38 268288 c:\windows\ie7updates\KB2416400-IE7\iertutil.dll
+ 2010-12-21 11:02 . 2010-09-09 13:38 192512 c:\windows\ie7updates\KB2416400-IE7\iepeers.dll
+ 2010-12-21 11:02 . 2010-09-09 13:38 384512 c:\windows\ie7updates\KB2416400-IE7\iedkcs32.dll
+ 2010-12-21 11:02 . 2010-09-09 13:38 380928 c:\windows\ie7updates\KB2416400-IE7\ieapfltr.dll
+ 2010-12-21 11:02 . 2010-08-25 11:29 161792 c:\windows\ie7updates\KB2416400-IE7\ieakui.dll
+ 2010-12-21 11:02 . 2010-09-09 13:38 230400 c:\windows\ie7updates\KB2416400-IE7\ieaksie.dll
+ 2010-12-21 11:02 . 2010-09-09 13:38 153088 c:\windows\ie7updates\KB2416400-IE7\ieakeng.dll
+ 2010-12-21 11:02 . 2010-09-09 13:38 133120 c:\windows\ie7updates\KB2416400-IE7\extmgr.dll
+ 2010-12-21 11:02 . 2010-09-09 13:38 214528 c:\windows\ie7updates\KB2416400-IE7\dxtrans.dll
+ 2010-12-21 11:02 . 2010-09-09 13:38 347136 c:\windows\ie7updates\KB2416400-IE7\dxtmsft.dll
+ 2010-12-21 11:02 . 2010-09-09 13:38 124928 c:\windows\ie7updates\KB2416400-IE7\advpack.dll
+ 2008-04-22 18:25 . 2010-11-06 00:34 1168384 c:\windows\system32\urlmon.dll
- 2008-04-22 18:25 . 2010-09-09 13:38 1168384 c:\windows\system32\urlmon.dll
+ 2008-04-22 18:25 . 2010-11-06 00:34 3604480 c:\windows\system32\mshtml.dll
- 2007-08-14 02:54 . 2010-09-09 13:38 6075904 c:\windows\system32\ieframe.dll
+ 2007-08-14 02:54 . 2010-11-06 00:34 6075904 c:\windows\system32\ieframe.dll
+ 2004-08-04 06:17 . 2010-10-26 13:25 1853312 c:\windows\system32\dllcache\win32k.sys
+ 2008-04-22 18:25 . 2010-11-06 00:34 1168384 c:\windows\system32\dllcache\urlmon.dll
- 2008-04-22 18:25 . 2010-09-09 13:38 1168384 c:\windows\system32\dllcache\urlmon.dll
+ 2008-04-22 18:25 . 2010-11-06 00:34 3604480 c:\windows\system32\dllcache\mshtml.dll
+ 2009-03-04 19:47 . 2010-11-06 00:34 6075904 c:\windows\system32\dllcache\ieframe.dll
- 2009-03-04 19:47 . 2010-09-09 13:38 6075904 c:\windows\system32\dllcache\ieframe.dll
+ 2010-12-06 23:02 . 2010-12-06 23:02 5518848 c:\windows\Installer\220e2ac.msp
+ 2010-12-21 11:02 . 2010-09-09 13:38 1168384 c:\windows\ie7updates\KB2416400-IE7\urlmon.dll
+ 2010-12-21 11:02 . 2010-09-09 13:38 3601920 c:\windows\ie7updates\KB2416400-IE7\mshtml.dll
+ 2010-12-21 11:02 . 2010-09-09 13:38 6075904 c:\windows\ie7updates\KB2416400-IE7\ieframe.dll
+ 2009-03-04 19:45 . 2010-12-21 11:00 37366216 c:\windows\system32\MRT.exe
+ 2010-12-21 11:03 . 2010-12-21 11:03 20304384 c:\windows\Installer\220e2b8.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-01-24 2289664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-13 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-13 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-13 138008]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-04-26 1015808]
"atchk"="c:\program files\Intel\AMT\atchk.exe" [2007-06-07 408344]
"SDMSSplash"="c:\program files\HP_SDMS\SDMSSplash\launcher.exe" [2006-03-10 86016]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2006-05-12 1138688]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-03-31 761856]
"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-07-10 872448]
"OfficeScanNT Monitor"="c:\program files\Trend Micro\OfficeScan Client\pccntmon.exe" [2010-08-12 870712]
"hpbdfawep"="c:\program files\HP\Dfawep\bin\hpbdfawep.exe" [2007-12-24 618496]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-09 54840]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-10-30 1116920]
"SmartDefrag"="c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" [2010-07-10 2712920]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-8-11 113664]
SnagIt 9.lnk - c:\program files\TechSmith\SnagIt 9\SnagIt32.exe [2008-5-15 6822728]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
2008-04-23 09:08 483328 ----a-w- c:\program files\Adobe\Acrobat 7.0\Distillr\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 10:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntivirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"59706:TCP"= 59706:TCP:Trend Micro OfficeScan Listener

R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [4/22/2008 10:19 AM 41216]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [4/20/2007 5:44 PM 341520]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/6/2009 11:19 AM 133104]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [11/5/2010 10:49 AM 57424]
S2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\OfficeScan Client\tmxpflt.sys [11/26/2008 5:42 PM 249424]
S2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\OfficeScan Client\tmpreflt.sys [11/26/2008 5:42 PM 36432]
S2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\Intel\AMT\UNS.EXE [4/22/2008 10:43 AM 2521880]
S3 NxDrv;SonicWALL NetExtender Adapter;c:\windows\system32\drivers\NxDrv.sys [10/21/2009 10:27 AM 22600]
S3 TmPfw;OfficeScan NT Firewall;c:\program files\Trend Micro\OfficeScan Client\TmPfw.exe [4/4/2007 9:35 PM 497080]
S3 TmProxy;OfficeScan NT Proxy Service;c:\program files\Trend Micro\OfficeScan Client\TmProxy.exe [4/27/2007 7:35 PM 689416]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-01-24 20:30 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-06 19:19]

2010-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-06 19:19]

2010-12-21 c:\windows\Tasks\SDMsgUpdate (SD).job
- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2009-03-05 18:09]

2010-12-20 c:\windows\Tasks\Timesheet2.job
- c:\progra~1\INTERN~1\iexplore.exe [2004-08-04 11:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = about:blank
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} - hxxps://vpn.cmartin.com/NELX.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-22 12:33
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2010-12-22 12:34:49
ComboFix-quarantined-files.txt 2010-12-22 20:34
ComboFix2.txt 2010-12-11 00:49

Pre-Run: 51,885,821,952 bytes free
Post-Run: 52,205,424,640 bytes free

- - End Of File - - 9212CABDD35A21CA61225AE11A6335F1

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:55 PM

Posted 22 December 2010 - 04:47 PM

Hello

I would ike to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 m00n

m00n
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:55 AM

Posted 22 December 2010 - 04:53 PM

Adobe Acrobat 7.0 Professional

Adobe Acrobat 7.1.0 Professional

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Photoshop 6.0

Adobe Reader 9

Adobe SVG Viewer

Compatibility Pack for the 2007 Office system

CorePLS_Min_QFolder

Critical Update for Windows Media Player 11 (KB959772)

Google Chrome

Google Earth

Google Update Helper

High Definition Audio Driver Package - KB888111

HijackThis 2.0.2

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

HP Backup and Recovery Manager

HP Care Pack Core

HP Care Pack Products

HP Help and Support

HP LaserJet P2015 Series 1.0

HP Update

hppFonts

hppIOFiles

hppManualsP2015

hppWebRegMM

Intel® Graphics Media Accelerator Driver

Intel® PRO Network Connections 12.1.14.1

Intel® Active Management Technology

Intel® Management Engine Interface

Java™ SE Runtime Environment 6 Update 1

LightScribe System Software 1.12.29.2

Malwarebytes' Anti-Malware

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2416447)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Base Smart Card Cryptographic Service Provider Package

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Professional Edition 2003

Microsoft Office Project 2007 Service Pack 2 (SP2)

Microsoft Office Project MUI (English) 2007

Microsoft Office Project Standard 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Silverlight

Microsoft Software Update for Web Folders (English) 12

Microsoft User-Mode Driver Framework Feature Pack 1.0

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

OGA Notifier 2.0.0048.0

Product_SF_Min_QFolder

Roxio Creator Audio

Roxio Creator Basic v9

Roxio Creator Copy

Roxio Creator Data

Roxio Creator Tools

Roxio Drag-to-Disc

Roxio Express Labeler 3

Roxio MyDVD Basic v9

SDMSSplash

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB2288931)

Security Update for 2007 Microsoft Office System (KB2289158)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Windows Internet Explorer 7 (KB2183461)

Security Update for Windows Internet Explorer 7 (KB2360131)

Security Update for Windows Internet Explorer 7 (KB2416400)

Security Update for Windows Internet Explorer 7 (KB938127-v2)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 7 (KB972260)

Security Update for Windows Internet Explorer 7 (KB974455)

Security Update for Windows Internet Explorer 7 (KB976325)

Security Update for Windows Internet Explorer 7 (KB978207)

Security Update for Windows Internet Explorer 7 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981349)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Smart Defrag

SmartDraw 7

SnagIt 9

Sonic Activation Module

SoundMAX

Spybot - Search & Destroy

Trend Micro OfficeScan Client

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office 2007 Help for Common Features (KB957244)

Update for Microsoft Office Project 2007 Help (KB957248)

Update for Microsoft Script Editor Help (KB957253)

Update for Windows Internet Explorer 7 (KB980182)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB943729)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

VeryPDF PDF2Word v3.0

WebFldrs XP

Windows Genuine Advantage Notifications (KB905474)

Windows Internet Explorer 7

Windows Media Format 11 runtime

Windows Media Player 11

Windows PowerShell™ 1.0

Windows XP Service Pack 3

WinZip 11.2




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users