Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

svchost.exe memory and cpu hog. Malware?


  • This topic is locked This topic is locked
6 replies to this topic

#1 ComputerGeek101

ComputerGeek101

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:30 AM

Posted 30 June 2011 - 04:52 PM

First off let me just say I am a new member but have been eye balling Bleeping Computers for a while now with its helpful tools and such.

I have been combating computer infections for years now so I would not consider myself new at this nor would I consider myself a "nuke and re-install" type of guy. I would rather like to know how to fix the problem by doing it so that if it happens again I know what to do.

PROBLEM: Computer was severely infected and I used several tools (Ad-Aware, AVAST, AVIRA, Malwarebyte's, Spybote, SpywareBlaster, ComboFix, Fake Antivirus Remover, McAfee Stinger, SpyDLLRemover, ClamWin and several online scanners like House Call, BitDefender, SmitFraudFix and ESET). All of them picked up some kind of infection which was cleaned/removed I then scanned a second time and no infections were found. Everything seems to be fine now except that Svchost.exe will randomly hog and continue to hog close to 99% CPU and will never stop eating up memory. I have spotted it hit over 600k and it never stops consuming memory until windows crashes. I currently have AVAST free and Threat Fire installed and AVAST pops up every minute showing that a website was blocked by windows\system32\svchost.exe.AVAST seems to classify it as Malware.

I have tried the following...

1. Ran all the above listed tools twice.
2. Replaced the svchost.exe in windows\system32\ with a fresh xp sp3 32bit vmware copy.
3. Used Process Explorer but not exactly sure how I can pinpoint the problem with that.

QUESTION: I am simply out of ideas and am seeking help. I have attached a Hijackthis log to help.

Computer Specs: Windows XP Pro SP3 32bit.

Thank you!

<BUMP>

Gonna have another go at this. Does no one have any suggestions that I can do next?

So no one has any suggestions? Am I not providing enough information or not enough in the post or is it because I am a new member? It has been almost a week now and no one has responded. How about the moderators? Anyone?

EDIT: Please be patient. There are over 330 unanswered topics in this forum at present and the current average wait time to receive help is 13 days. ~Budapest

Attached Files


Edited by Budapest, 06 July 2011 - 04:32 PM.
Moved from XP to Malware Removal Logs.


BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,449 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:30 PM

Posted 10 July 2011 - 03:18 AM

Hello ,
And :welcome: to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new DDS log (don't forget attach.txt)

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#3 ComputerGeek101

ComputerGeek101
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:30 AM

Posted 11 July 2011 - 05:13 PM

Thank you for your response. Here is the requested information.


DDS:

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Run by Matthew at 22:48:40 on 2005-10-03
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.447 [GMT -5:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\System32\svchost.exe -k Akamaia
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\AutoExNT.Exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NETGEAR\WPN311\wlancfg5.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\ThreatFire\TFService.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No File
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\microsoft office\office12\GrooveShellExtensions.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
mRun: [\\CHIP-PC\EPSON Stylus Photo R200 Series] c:\windows\system32\spool\drivers\w32x86\3\e_s4i2h1.exe /p40 "\\chip-pc\EPSON Stylus Photo R200 Series" /O6 "USB002" /M "Stylus Photo R200"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [ThreatFire] c:\program files\threatfire\TFTray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wpn311\wlancfg5.exe
IE: E&xport to Microsoft Excel - c:\micros~1\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\micros~1\office12\ONBttnIE.dll
IE: {44226DFF-747E-4edc-B30C-78752E50CD0C} - {44226DFF-747E-4edc-B30C-78752E50CD0C} - c:\program files\ati multimedia\dtv\EXPLBAR.DLL
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\micros~1\office12\REFIEBAR.DLL
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {0EC4C9E3-EC6A-11CF-8E3B-444553540000} - file:///D:/setup/RiffLick.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1200965808453
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: Antiwpa - antiwpa.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\matthew\application data\mozilla\firefox\profiles\zpo06ifc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://mn.iamwired.net/websearch.php?src=tops&search=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://blackle.com/
FF - prefs.js: keyword.URL - hxxp://mn.iamwired.net/websearch.php?src=tops&search=
FF - component: c:\program files\mozilla firefox\extensions\{916cb95e-239f-a2ad-28b6-bb2eb30a4466}\components\-JANhcx-5-a.dll
FF - plugin: c:\documents and settings\matthew\application data\mozilla\firefox\profiles\zpo06ifc.default\extensions\{1bc9ba34-1eed-42ca-a505-6d2f1a935bbb}\plugins\npietab2.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Mignet Assistant Service: {916cb95e-239f-a2ad-28b6-bb2eb30a4466} - c:\program files\mozilla firefox\extensions\{916cb95e-239f-a2ad-28b6-bb2eb30a4466}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: IE Tab 2 (FF 3.6+): {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} - %profile%\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\avast software\avast\webrep\FF
.
---- FIREFOX POLICIES ----
FF - user.js: google.toolbar.linkdoctor.enabled - false
.
============= SERVICES / DRIVERS ===============
.
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2011-6-29 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2011-6-29 69392]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-6-29 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-6-29 307928]
R1 SASDIFSV;SASDIFSV;c:\docume~1\matthew\locals~1\temp\sas_selfextract\SASDIFSV.SYS [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\docume~1\matthew\locals~1\temp\sas_selfextract\SASKUTIL.SYS [2010-5-10 67656]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2003-7-7 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-6-29 19544]
R2 AutoExNT;AutoExNT;c:\windows\system32\Autoexnt.exe [2011-6-28 5904]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-6-29 42184]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2010-12-6 1238408]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-6-30 2214504]
R2 ThreatFire;ThreatFire;c:\program files\threatfire\tfservice.exe service --> c:\program files\threatfire\TFService.exe service [?]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-2-26 24652]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2011-6-29 33552]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S2 gupdate1ca5358d8575ef4;Google Update Service (gupdate1ca5358d8575ef4);c:\program files\google\update\GoogleUpdate.exe [2009-10-22 133104]
S3 cpuz132;cpuz132;\??\c:\docume~1\matthew\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\matthew\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-10-22 133104]
.
=============== Created Last 30 ================
.
2011-06-30 20:51:37 -------- d-----w- c:\documents and settings\all users\application data\NVIDIA Corporation
2011-06-30 20:49:01 154728 ----a-w- c:\windows\system32\nvsvc32.exe
2011-06-30 20:49:01 145000 ----a-w- c:\windows\system32\nvcolor.exe
2011-06-30 20:49:00 13895272 ----a-w- c:\windows\system32\nvcpl.dll
2011-06-30 20:49:00 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-06-30 20:46:55 -------- d-----w- C:\NVIDIA
2011-06-30 20:35:58 16856 ----a-w- c:\program files\mozilla firefox\plugin-container.exe
2011-06-30 20:35:56 719832 ----a-w- c:\program files\mozilla firefox\mozcpp19.dll
2011-06-30 19:15:25 -------- d-----w- c:\documents and settings\matthew\local settings\application data\AVERT
2011-06-30 03:07:03 266360 ----a-w- c:\windows\system32\TweakUI.exe
2011-06-30 03:03:05 0 ----a-w- c:\documents and settings\matthew\ntuser.tmp
2011-06-30 01:30:58 -------- d-----w- c:\documents and settings\matthew\application data\SUPERAntiSpyware.com
2011-06-30 01:30:58 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-06-30 01:24:43 60416 ----a-w- c:\windows\system32\antiwpa.dll16A0D8
2011-06-30 01:24:43 60416 ----a-w- c:\windows\system32\antiwpa.dll
2011-06-29 19:12:26 -------- d-sha-r- C:\cmdcons
2011-06-29 17:19:54 69392 ----a-w- c:\windows\system32\drivers\TfSysMon.sys
2011-06-29 17:19:54 33552 ----a-w- c:\windows\system32\drivers\TfNetMon.sys
2011-06-29 17:19:53 51984 ----a-w- c:\windows\system32\drivers\TfFsMon.sys
2011-06-29 17:19:47 -------- d-----w- c:\program files\ThreatFire
2011-06-29 17:19:47 -------- d-----w- c:\documents and settings\all users\application data\PC Tools
2011-06-29 16:44:26 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-06-29 16:42:23 40112 ----a-w- c:\windows\avastSS.scr
2011-06-29 16:41:35 -------- d-----w- c:\program files\AVAST Software
2011-06-29 16:41:35 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2011-06-29 03:24:45 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-06-29 02:26:33 15360 ----a-w- c:\windows\system32\ctfmon.exe.backup
2011-06-29 01:51:36 98816 ----a-w- c:\windows\sed.exe
2011-06-29 01:51:36 518144 ----a-w- c:\windows\SWREG.exe
2011-06-29 01:51:36 256000 ----a-w- c:\windows\PEV.exe
2011-06-29 01:51:36 208896 ----a-w- c:\windows\MBR.exe
2011-06-29 01:14:49 -------- d-----w- c:\documents and settings\matthew\application data\Malwarebytes
2011-06-29 01:14:09 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-29 01:14:09 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-06-29 01:14:05 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-29 01:14:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-28 23:44:45 2364 ----a-w- c:\windows\system32\1.reg
2011-06-28 23:44:44 34064 ----a-w- c:\windows\system32\Instexnt.exe
2011-06-28 23:44:44 2320 ----a-w- c:\windows\system32\Servmess.dll
2011-06-28 23:44:43 5904 ----a-w- c:\windows\system32\Autoexnt.exe
2011-06-28 23:44:42 175 ----a-w- c:\windows\system32\Autoexnt.bat
2011-06-28 23:44:41 45175 ----a-w- c:\windows\system32\WGA.exe
2011-06-28 23:29:05 174 ----a-w- c:\documents and settings\matthew\application data\SpcxTIrW.bat
2011-06-28 22:51:11 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-06-09 00:04:02 0 ----a-w- c:\windows\Mjotu.bin
2011-06-09 00:02:23 146 ----a-w- c:\documents and settings\matthew\application data\a2ha4dk8.bat
2011-06-08 03:20:41 -------- d-----w- c:\documents and settings\matthew\MSYNC
2011-06-08 03:20:06 -------- d-----w- c:\program files\Easy Phone Tunes
2011-05-14 02:11:54 641536 ----a-w- c:\program files\common files\microsoft shared\vc\msdia80.dll
2011-05-11 22:59:51 -------- d-----w- c:\documents and settings\matthew\application data\uTorrent
2011-05-11 20:49:35 -------- d-----w- c:\documents and settings\matthew\application data\com.adobe.downloadassistant.AdobeDownloadAssistant
2011-04-19 09:47:04 670032 ----a-w- c:\program files\common files\microsoft shared\vc\msdia90.dll
2011-04-01 21:02:30 2081280 ----a-w- c:\program files\mozilla firefox\extensions\{916cb95e-239f-a2ad-28b6-bb2eb30a4466}\components\-JANhcx-5-a.dll
2011-04-01 21:00:08 127190 ----a-w- c:\windows\system32\SOQS1-.exe
2011-04-01 21:00:02 77824 ----a-w- c:\windows\system32\xvid.ax
2011-04-01 21:00:02 -------- d-----w- c:\program files\Xvid
2011-03-29 20:34:58 -------- d-----w- c:\documents and settings\all users\application data\PopCap Games
2011-03-29 20:34:40 -------- d-----w- c:\program files\PopCap Games
2011-03-26 06:12:53 -------- d-----w- c:\documents and settings\matthew\local settings\application data\LogMeIn Hamachi
2011-03-26 06:10:42 -------- d-----w- c:\program files\LogMeIn Hamachi
2011-03-26 05:57:34 -------- d-----w- c:\program files\Fantasy Grounds II
2011-03-26 05:57:34 -------- d-----w- c:\documents and settings\matthew\application data\Fantasy Grounds II
2011-03-20 10:40:44 1079144 ----a-w- c:\program files\common files\microsoft shared\office12\RICHED20.DLL
2011-02-17 00:00:38 17370496 ----a-w- c:\program files\common files\microsoft shared\office12\MSO.DLL
2011-02-09 13:53:52 270848 -c----w- c:\windows\system32\dllcache\sbe.dll
2011-02-09 13:53:52 186880 -c----w- c:\windows\system32\dllcache\encdec.dll
2011-02-02 07:58:35 2067456 -c----w- c:\windows\system32\dllcache\lhmstscx.dll
2011-01-27 11:57:06 677888 -c----w- c:\windows\system32\dllcache\lhmstsc.exe
2011-01-21 14:44:37 439296 -c----w- c:\windows\system32\dllcache\shimgvw.dll
2010-12-31 20:05:54 -------- d--h--w- c:\windows\PIF
2010-12-31 19:35:16 -------- d-----w- c:\documents and settings\matthew\local settings\application data\iRinger
2010-12-27 03:41:44 -------- d-----w- c:\program files\iPod
2010-12-27 03:41:37 -------- d-----w- c:\documents and settings\all users\application data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-12-27 03:37:53 -------- d-----w- c:\program files\Bonjour
2010-12-20 17:32:15 551936 -c----w- c:\windows\system32\dllcache\oleaut32.dll
2010-12-14 23:55:06 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-14 23:53:46 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2010-11-29 23:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 23:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-22 20:39:18 -------- d-----w- c:\documents and settings\all users\application data\regid.1986-12.com.adobe
2010-11-22 20:36:50 -------- d-----w- c:\documents and settings\all users\application data\ALM
2010-11-22 19:20:44 -------- d-----w- c:\program files\common files\Akamai
2010-11-18 18:12:44 81920 -c----w- c:\windows\system32\dllcache\isign32.dll
2010-11-09 14:52:35 536576 -c----w- c:\windows\system32\dllcache\msado15.dll
2010-11-09 14:52:35 249856 -c----w- c:\windows\system32\dllcache\odbc32.dll
2010-11-09 14:52:35 200704 -c----w- c:\windows\system32\dllcache\msadox.dll
2010-11-09 14:52:35 180224 -c----w- c:\windows\system32\dllcache\msadomd.dll
2010-11-09 14:52:35 143360 -c----w- c:\windows\system32\dllcache\msadco.dll
2010-11-09 14:52:35 102400 -c----w- c:\windows\system32\dllcache\msjro.dll
2010-11-09 08:22:26 -------- d-----w- c:\documents and settings\matthew\application data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-11-09 08:13:42 -------- d-----w- c:\documents and settings\matthew\application data\PhotoScape
2010-11-09 08:07:28 -------- d-----w- c:\program files\PhotoScape
2010-11-08 07:26:53 -------- d-----w- c:\documents and settings\matthew\application data\LolClient
2010-11-08 00:01:08 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2010-11-08 00:01:08 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2010-11-06 00:16:11 -------- d-----w- c:\documents and settings\matthew\.maptool
2010-11-06 00:14:33 -------- d-----w- c:\documents and settings\matthew\maptool-1.3.b76
2010-10-30 20:21:13 165376 ----a-w- c:\windows\system32\unrar.dll
2010-10-30 20:21:12 839680 ----a-w- c:\windows\system32\lameACM.acm
2010-10-30 20:21:12 819200 ----a-w- c:\windows\system32\xvidcore.dll
2010-10-30 20:21:12 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2010-10-30 20:21:12 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2010-10-30 20:21:12 151552 ----a-w- c:\windows\system32\ac3acm.acm
2010-10-30 20:21:11 108032 ----a-w- c:\windows\system32\ff_vfw.dll
2010-10-30 20:21:09 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-10-30 20:02:44 -------- d-----w- c:\windows\system32\Lang
2010-10-30 19:59:37 49152 ----a-w- c:\windows\system32\ChCfg.exe
2010-10-30 19:59:23 4122368 ----a-r- c:\windows\system32\drivers\alcxwdm.sys
2010-10-30 19:59:05 -------- d-----w- c:\program files\Realtek AC97
2010-10-30 19:59:03 10528768 ----a-w- c:\windows\system32\RTLCPL.exe
2010-10-30 19:59:01 577536 ----a-w- c:\windows\soundman.exe
2010-10-30 19:59:01 18804736 ----a-w- c:\windows\system32\alsndmgr.cpl
2010-10-30 19:59:00 315392 ----a-w- c:\windows\alcupd.exe
2010-10-30 19:59:00 217088 ----a-w- c:\windows\Alcrmv.exe
2010-10-30 19:59:00 147456 ----a-w- c:\windows\system32\RtlCPAPI.dll
2010-10-30 19:58:48 757760 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iKernel.dll
2010-10-30 19:58:48 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\ctor.dll
2010-10-30 19:58:48 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\DotNetInstaller.exe
2010-10-30 19:58:48 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iscript.dll
2010-10-30 19:58:48 204800 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iuser.dll
2010-10-30 19:58:47 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\setup.dll
2010-10-30 19:58:47 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iGdi.dll
2010-10-30 19:50:23 20328 ----a-w- c:\windows\system32\drivers\cpuz134_x32.sys
2010-10-30 19:50:23 -------- d-----w- c:\program files\CPUID
2010-10-28 06:57:25 -------- d-----w- c:\documents and settings\all users\application data\DivX
2010-10-28 06:49:31 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-28 06:49:31 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2010-10-18 18:26:31 978944 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-10-18 18:26:31 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-18 18:26:04 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-10-18 18:25:19 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-10-18 18:23:57 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-10-18 18:17:42 -------- d-----w- c:\program files\SystemRequirementsLab
2010-10-07 18:23:02 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-10-07 18:23:02 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-10-07 18:23:02 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-09-01 11:51:14 290432 -c----w- c:\windows\system32\dllcache\atmfd.dll
2010-08-27 05:57:43 99840 -c----w- c:\windows\system32\dllcache\srvsvc.dll
2010-08-17 13:17:06 58880 -c----w- c:\windows\system32\dllcache\spoolsv.exe
2010-07-22 14:58:54 119160 ----a-w- c:\program files\common files\microsoft shared\textconv\MSCONV97.DLL
2010-07-16 12:05:55 1288192 -c----w- c:\windows\system32\dllcache\ole32.dll
2010-06-18 17:45:17 293376 -c----w- c:\windows\system32\dllcache\winsrv.dll
2010-04-26 22:04:42 353592 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2010-04-16 15:36:56 406016 -c----w- c:\windows\system32\dllcache\usp10.dll
2010-03-31 05:16:34 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-03-31 05:10:40 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-03-30 17:24:40 317440 -c----w- c:\windows\system32\dllcache\mp4sdecd.dll
2010-03-19 03:40:07 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-03-10 19:29:32 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-03-07 22:30:57 -------- d-----w- c:\program files\iTunes
2010-03-05 16:13:40 947472 ----a-w- c:\windows\system32\msjava.dll
2010-03-02 00:44:38 -------- d-----w- c:\windows\Tales of Monkey Island Chapter 2
2010-03-02 00:44:38 -------- d-----w- c:\program files\Tales of Monkey Island Chapter 2
2010-03-01 06:27:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-03-01 06:27:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-03-01 06:27:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-03-01 06:27:00 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-03-01 06:23:58 -------- d-----w- c:\program files\Telltale Games
2010-02-24 03:53:25 -------- d-----w- c:\documents and settings\matthew\application data\FreeCDRipper
2010-02-22 02:26:10 -------- d-----w- c:\windows\system32\zh-TW
2010-02-19 19:27:36 720384 ----a-w- c:\windows\system32\DivX.dll
2010-02-19 19:27:16 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2010-02-19 19:27:16 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2010-02-19 19:27:16 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2010-02-19 19:27:16 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2010-02-19 19:27:16 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2010-02-12 04:33:11 100864 -c----w- c:\windows\system32\dllcache\6to4svc.dll
2010-01-24 03:15:16 -------- d-----w- c:\windows\pss
2010-01-13 14:01:25 86016 -c----w- c:\windows\system32\dllcache\cabview.dll
2010-01-09 03:23:41 303104 ----a-w- c:\windows\system32\CNC560L.dll
2010-01-09 03:23:41 15872 ----a-w- c:\windows\system32\CNHMCA.dll
2010-01-09 03:23:41 1310720 ----a-w- c:\windows\system32\CNC560C.dll
2010-01-09 03:23:41 110592 ----a-w- c:\windows\system32\CNC560I.dll
2010-01-09 03:23:41 106496 ----a-w- c:\windows\system32\CNC560U.dll
2010-01-09 03:21:46 -------- d-----w- c:\documents and settings\matthew\application data\Canon Easy-WebPrint EX
2010-01-09 03:19:55 -------- d-----w- c:\program files\common files\CANON
2010-01-09 03:14:55 70656 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPPA0.DLL
2010-01-09 03:14:55 27648 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPDA0.DLL
2010-01-09 03:14:53 272384 ----a-w- c:\windows\system32\CNMLMA0.DLL
2010-01-09 03:14:37 178176 ----a-w- c:\windows\system32\CNMIUA0.DLL
2010-01-09 03:14:14 -------- d-----w- c:\windows\system32\STRING
2010-01-09 03:14:13 353792 ----a-w- c:\windows\system32\CNMNPPM.DLL
2010-01-09 03:14:13 137216 ----a-w- c:\windows\system32\CNMNPUI.DLL
2010-01-09 03:14:13 -------- d-----w- c:\windows\system32\CHM
2010-01-09 03:13:54 -------- d-----w- c:\program files\Canon
2010-01-03 07:55:13 -------- d-----w- c:\documents and settings\matthew\local settings\application data\Mozilla
2010-01-03 06:46:19 -------- d-----r- c:\program files\Skype
2009-12-24 06:59:40 177664 -c----w- c:\windows\system32\dllcache\wintrust.dll
2009-12-16 18:43:27 343040 -c----w- c:\windows\system32\dllcache\mspaint.exe
2009-12-14 07:08:23 33280 -c----w- c:\windows\system32\dllcache\csrsrv.dll
2009-11-27 17:11:44 17920 -c----w- c:\windows\system32\dllcache\msyuv.dll
2009-11-27 16:07:35 8704 -c----w- c:\windows\system32\dllcache\tsbyuv.dll
2009-11-27 16:07:34 48128 -c----w- c:\windows\system32\dllcache\iyuv_32.dll
2009-11-27 16:07:34 11264 -c----w- c:\windows\system32\dllcache\msrle32.dll
2009-11-07 06:07:08 49488 ----a-w- c:\windows\system32\netfxperf.dll
2009-11-07 06:07:04 297808 ----a-w- c:\windows\system32\mscoree.dll
2009-11-07 06:06:46 1130824 ----a-w- c:\windows\system32\dfshim.dll
2009-11-04 00:05:01 -------- d-----w- c:\documents and settings\matthew\local settings\application data\Temp
2009-10-26 22:53:44 -------- d-----w- c:\documents and settings\matthew\application data\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
2009-10-26 22:32:17 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2009-10-26 22:32:17 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
2009-10-26 22:32:16 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2009-10-26 22:32:16 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2009-10-26 22:32:00 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2009-10-26 22:31:47 -------- d-----w- c:\windows\Logs
2009-10-26 22:27:53 -------- d-----w- C:\Riot Games
2009-10-22 20:46:56 -------- d-----w- c:\documents and settings\matthew\local settings\application data\Google
2009-10-21 05:38:36 75776 -c----w- c:\windows\system32\dllcache\strmfilt.dll
2009-10-21 05:38:36 25088 -c----w- c:\windows\system32\dllcache\httpapi.dll
2009-10-20 16:20:16 265728 -c----w- c:\windows\system32\dllcache\http.sys
2009-10-13 10:30:16 270336 -c----w- c:\windows\system32\dllcache\oakley.dll
2009-10-12 13:38:19 149504 -c----w- c:\windows\system32\dllcache\rastls.dll
2009-10-12 13:38:18 79872 -c----w- c:\windows\system32\dllcache\raschap.dll
2009-10-10 04:10:46 2594632 ----a-w- c:\program files\common files\microsoft shared\vba\vba6\VBE6.DLL
2009-10-01 22:39:37 -------- d-----w- c:\documents and settings\all users\application data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-15 06:14:06 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-09-04 21:03:36 58880 -c----w- c:\windows\system32\dllcache\msasn1.dll
2009-08-18 04:33:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-13 04:05:51 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-05 09:01:48 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-03 21:07:42 403816 ----a-w- c:\windows\system32\OGACheckControl.dll
2009-08-03 21:07:42 322928 ----a-w- c:\windows\system32\OGAAddin.dll
2009-08-03 21:07:42 230768 ----a-w- c:\windows\system32\OGAEXEC.exe
2009-07-27 23:17:41 135168 -c----w- c:\windows\system32\dllcache\shsvcs.dll
2009-07-21 06:05:40 1348432 ----a-w- c:\windows\system32\msxml4.dll
2009-07-17 19:01:06 58880 -c----w- c:\windows\system32\dllcache\atl.dll
2009-07-17 16:22:18 1435648 -c----w- c:\windows\system32\dllcache\query.dll
2009-07-05 21:35:56 -------- d-----w- c:\documents and settings\all users\application data\Symantec
2009-07-05 21:35:55 -------- d-----w- c:\documents and settings\all users\application data\Norton
2009-07-05 21:34:44 -------- d-----w- c:\documents and settings\all users\application data\NortonInstaller
2009-07-05 21:29:53 -------- d-----w- c:\documents and settings\matthew\local settings\application data\ApplicationHistory
2009-06-25 08:25:26 54272 -c----w- c:\windows\system32\dllcache\wdigest.dll
2009-06-25 08:25:26 301568 -c----w- c:\windows\system32\dllcache\kerberos.dll
2009-06-25 08:25:26 136192 -c----w- c:\windows\system32\dllcache\msv1_0.dll
2009-06-24 11:18:41 92928 -c----w- c:\windows\system32\dllcache\ksecdd.sys
2009-06-16 14:36:30 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2009-06-16 14:36:30 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2009-06-13 06:15:00 1661792 ----a-w- c:\program files\common files\microsoft shared\office12\OGL.DLL
2009-06-12 12:31:40 80896 -c----w- c:\windows\system32\dllcache\tlntsess.exe
2009-06-12 12:31:39 76288 -c----w- c:\windows\system32\dllcache\telnet.exe
2009-06-10 14:13:29 84992 -c----w- c:\windows\system32\dllcache\avifil32.dll
2009-06-10 06:14:49 132096 -c----w- c:\windows\system32\dllcache\wkssvc.dll
2009-06-09 22:52:49 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-09 22:52:49 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-03 22:57:58 -------- d-sh--w- c:\documents and settings\matthew\IECompatCache
2009-05-26 22:27:07 -------- d-----w- c:\documents and settings\all users\application data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-23 05:24:14 -------- d-sh--w- c:\documents and settings\matthew\PrivacIE
2009-05-23 05:17:44 -------- d-sh--w- c:\documents and settings\matthew\IETldCache
2009-05-23 05:07:16 4984 ----a-w- c:\windows\system32\drivers\nvphy.bin
2009-05-23 05:06:56 -------- d-----w- c:\windows\ie8updates
2009-05-23 05:06:43 102400 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-05-23 05:05:04 -------- dc-h--w- c:\windows\ie8
2009-05-23 04:03:54 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2009-05-23 04:03:52 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-05-23 04:02:04 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-05-23 04:02:02 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-05-23 04:02:02 110592 -c----w- c:\windows\system32\dllcache\services.exe
2009-05-23 04:02:00 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-05-23 04:02:00 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-05-23 04:01:59 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-05-23 04:01:58 730112 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2009-05-23 04:01:57 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-05-23 04:01:56 718336 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-05-07 15:32:35 345600 -c----w- c:\windows\system32\dllcache\localspl.dll
2009-04-21 18:11:31 -------- d-----w- c:\documents and settings\matthew\local settings\application data\Downloaded Installations
2009-04-21 18:11:24 -------- d-sh--w- c:\windows\ftpcache
2009-04-20 17:17:26 45568 -c----w- c:\windows\system32\dllcache\dnsrslvr.dll
2009-04-15 14:51:25 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2009-04-03 23:46:26 97640 ----a-w- c:\program files\common files\microsoft shared\office12\EXP_PDF.DLL
2009-04-03 22:59:44 79728 ----a-w- c:\program files\common files\microsoft shared\office12\1033\xlsrvintl.dll
2009-04-03 07:24:14 -------- d-----w- c:\program files\common files\DivX Shared
2009-04-02 18:07:44 186240 ----a-w- c:\program files\common files\microsoft shared\office12\office setup controller\office.en-us\OSETUPUI.DLL
2009-04-02 18:07:10 6540120 ----a-w- c:\program files\common files\microsoft shared\office12\office setup controller\OSETUP.DLL
2009-04-02 18:06:52 439160 ----a-w- c:\program files\common files\microsoft shared\office12\office setup controller\SETUP.EXE
2009-04-02 18:06:42 231848 ----a-w- c:\program files\common files\microsoft shared\office12\office setup controller\ODEPLOY.EXE
2009-04-02 17:02:04 11632 ----a-w- c:\program files\common files\microsoft shared\office12\1033\OLBINTL.DLL
2009-04-02 17:02:04 10339712 ----a-w- c:\program files\common files\microsoft shared\office12\1033\MSOINTL.DLL
2009-04-02 17:02:02 45968 ----a-w- c:\program files\common files\microsoft shared\office12\office setup controller\OSETUPPS.DLL
2009-04-02 17:02:02 14720 ----a-w- c:\program files\common files\microsoft shared\smart tag\SmartTagInstall.exe
2009-04-02 17:02:00 552816 ----a-w- c:\program files\common files\microsoft shared\office12\OFFLB.EXE
2009-04-02 17:02:00 17792 ----a-w- c:\program files\common files\microsoft shared\office12\OPHPROXY.DLL
2009-04-02 17:02:00 15760 ----a-w- c:\program files\common files\microsoft shared\office12\OPTINPS.DLL
2009-04-02 17:02:00 12616 ----a-w- c:\program files\common files\microsoft shared\office12\OFFREL.DLL
2009-04-02 17:01:58 6637936 ----a-w- c:\program files\common files\microsoft shared\office12\MSORES.DLL
2009-04-02 17:01:58 42864 ----a-w- c:\program files\common files\microsoft shared\office12\MSSH.DLL
2009-04-02 17:01:46 18816 ----a-w- c:\program files\common files\microsoft shared\office12\MSMH.DLL
2009-04-02 17:01:44 70000 ----a-w- c:\program files\common files\microsoft shared\office12\LBGHOST.DLL
2009-04-02 17:01:44 56680 ----a-w- c:\program files\common files\microsoft shared\office12\EXP_XPS.DLL
2009-04-02 17:01:44 177520 ----a-w- c:\program files\common files\microsoft shared\smart tag\IETAG.DLL
2009-03-21 14:06:58 989696 -c----w- c:\windows\system32\dllcache\kernel32.dll
2009-03-20 20:30:28 -------- d-----w- c:\documents and settings\all users\application data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-20 20:26:21 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-03-18 21:35:40 26176 ---ha-w- c:\windows\system32\drivers\hamachi.sys
2009-03-08 19:22:30 49152 ------w- c:\windows\system32\msrating.dll.mui
2009-03-08 19:22:18 2560 ------w- c:\windows\system32\mshta.exe.mui
2009-03-08 19:21:06 4096 ------w- c:\windows\system32\ie4uinit.exe.mui
2009-03-08 19:20:54 81920 ------w- c:\windows\system32\iedkcs32.dll.mui
2009-03-08 09:35:32 743424 ------w- c:\program files\internet explorer\iedvtool.dll
2009-03-08 09:35:12 233984 ------w- c:\program files\internet explorer\jsprofilerui.dll
2009-03-08 09:35:04 144384 ------w- c:\program files\internet explorer\ExtExport.exe
2009-03-08 09:35:04 118272 ------w- c:\program files\internet explorer\JSProfilerCore.dll
2009-03-08 09:35:04 102400 ------w- c:\program files\internet explorer\iecompat.dll
2009-03-08 09:35:02 521216 ------w- c:\program files\internet explorer\jsdbgui.dll
2009-03-08 09:35:02 121344 ------w- c:\program files\internet explorer\jsdebuggeride.dll
2009-03-08 09:33:40 18944 -c----w- c:\windows\system32\dllcache\corpol.dll
2009-03-08 09:33:18 12800 ----a-w- c:\program files\internet explorer\xpshims.dll
2009-03-06 10:10:32 47472 ----a-w- c:\program files\common files\microsoft shared\office12\MSE7.EXE
2009-03-06 07:47:58 575416 ----a-w- c:\program files\common files\microsoft shared\office12\ACEDAO.DLL
2009-03-06 07:47:58 47008 ----a-w- c:\program files\common files\microsoft shared\office12\ACEERR.DLL
2009-03-06 07:47:58 190400 ----a-w- c:\program files\common files\microsoft shared\office12\ACEES.DLL
2009-03-06 07:47:56 1759136 ----a-w- c:\program files\common files\microsoft shared\office12\ACECORE.DLL
2009-02-27 19:13:42 103792 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2009-02-27 19:13:42 103792 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2009-02-19 02:32:16 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2009-02-19 02:12:24 -------- d-----w- c:\program files\Lavasoft
2009-02-17 05:49:30 2829 ----a-w- c:\windows\War3Unin.pif
2009-02-17 05:49:30 139264 ----a-w- c:\windows\War3Unin.exe
2009-02-14 10:04:38 756040 ----a-w- c:\program files\common files\microsoft shared\office12\MSPTLS.DLL
2009-02-14 04:40:22 38160 ----a-w- c:\windows\system32\LMRTREND.dll
2009-02-14 04:40:21 140800 ----a-w- c:\windows\system32\tm20dec.ax
2009-02-14 04:40:20 182032 ----a-w- c:\windows\system32\dxtmsft3.dll
2009-02-14 04:40:04 63488 ----a-w- c:\windows\system32\unam4ie.exe
2009-02-14 04:39:53 5672 ----a-w- c:\windows\system32\quartz.vxd
2009-02-14 04:39:53 194320 ----a-w- c:\windows\system32\qcut.dll
2009-02-14 04:39:53 11776 ----a-w- c:\windows\system32\mciqtz.drv
2009-02-14 04:39:53 10240 ----a-w- c:\windows\system32\vidx16.dll
2009-02-14 04:39:49 4608 ----a-w- c:\windows\system32\w95inf32.dll
2009-02-14 04:39:49 2272 ----a-w- c:\windows\system32\w95inf16.dll
2009-02-14 04:37:28 327168 ----a-w- c:\windows\IsUninst.exe
2009-02-12 03:29:24 -------- d-----w- c:\program files\EPSON
2009-02-10 03:38:11 -------- d-----w- C:\Transfer
2009-02-05 16:37:00 1117568 ----a-w- c:\program files\common files\microsoft shared\filters\offfiltx.dll
2009-02-03 19:59:07 56832 -c----w- c:\windows\system32\dllcache\secur32.dll
2009-01-26 03:03:55 -------- d-----w- c:\program files\1C Company
2009-01-09 07:49:58 -------- d-----w- c:\documents and settings\matthew\local settings\application data\Wizards_of_the_Coast
2009-01-09 07:36:14 -------- d-----w- c:\program files\Wizards of the Coast
2009-01-09 07:28:52 -------- d-----w- c:\windows\system32\XPSViewer
2009-01-09 07:28:29 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2009-01-09 07:28:01 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-01-09 07:28:01 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-01-09 07:28:01 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2009-01-09 07:28:01 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-01-09 07:28:01 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-01-09 07:28:01 117760 ------w- c:\windows\system32\prntvpt.dll
2009-01-09 07:28:00 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-01-09 07:28:00 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-01-07 23:20:54 134144 -c----w- c:\windows\system32\dllcache\sqmapi.dll
2009-01-07 23:20:54 134144 ------w- c:\program files\internet explorer\sqmapi.dll
2009-01-07 23:20:52 474112 -c----w- c:\windows\system32\dllcache\shlwapi.dll
2009-01-07 23:20:52 1497088 -c----w- c:\windows\system32\dllcache\shdocvw.dll
2009-01-07 23:20:52 1022976 -c----w- c:\windows\system32\dllcache\browseui.dll
2009-01-07 23:20:18 355832 ------w- c:\program files\internet explorer\pdm.dll
2009-01-07 23:20:18 265720 ----a-w- c:\windows\system32\msdbg2.dll
2008-12-29 04:44:51 7680 ----a-w- c:\windows\system32\CNMVS69.DLL
2008-12-29 04:44:51 54272 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPP69.DLL
2008-12-29 04:44:51 17920 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPD69.DLL
2008-12-29 04:44:50 116736 ----a-w- c:\windows\system32\CNMLM69.DLL
2008-12-29 04:25:25 -------- d-----w- C:\OEMSettings
2008-12-29 04:09:30 438891 ----a-w- c:\windows\system32\drivers\ar5211.sys
2008-12-16 12:30:34 354816 -c----w- c:\windows\system32\dllcache\winhttp.dll
2008-12-05 06:54:55 151552 -c----w- c:\windows\system32\dllcache\schannel.dll
2008-12-04 10:00:58 969552 ----a-r- c:\program files\common files\microsoft shared\textconv\wkcvqd01.dll
2008-12-04 10:00:58 279904 ----a-r- c:\program files\common files\microsoft shared\textconv\wkls31.dll
2008-12-04 10:00:58 162640 ----a-r- c:\program files\common files\microsoft shared\textconv\wkcvqr01.dll
2008-11-25 03:17:18 983944 ----a-w- c:\program files\common files\microsoft shared\web server extensions\12\bin\FPWEC.DLL
2008-11-21 05:02:30 988040 ----a-w- c:\program files\common files\microsoft shared\office12\msoshext.dll
2008-11-21 04:58:22 972632 ----a-w- c:\program files\common files\microsoft shared\web folders\MSONSEXT.DLL
2008-11-21 04:58:20 1011544 ----a-w- c:\program files\common files\system\ole db\MSDAIPP.DLL
2008-11-17 05:46:24 -------- d-----w- c:\documents and settings\matthew\application data\WinWay
2008-11-17 05:39:32 -------- d-----w- c:\program files\WinWay Resume
2008-11-12 21:21:15 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 21:20:54 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2008-11-10 16:38:42 27000 ----a-w- c:\program files\common files\microsoft shared\euro\MSOEURO.DLL
2008-11-10 07:27:52 31592 ----a-w- c:\program files\common files\microsoft shared\filters\msgfilt.dll
2008-11-10 01:49:19 5632 ----a-w- c:\windows\system32\ptpusb.dll
2008-11-10 01:49:18 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2008-11-10 01:49:18 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2008-11-10 01:49:17 159232 ----a-w- c:\windows\system32\ptpusd.dll
2008-11-07 19:21:00 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2008-11-07 19:21:00 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2008-11-07 19:19:45 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2008-11-04 09:06:08 208816 ----a-w- c:\program files\common files\microsoft shared\office12\ACEWSS.DLL
2008-11-04 08:49:02 66424 ----a-w- c:\program files\common files\microsoft shared\office12\MSOMSE.DLL
2008-11-04 08:49:02 460680 ----a-w- c:\program files\common files\microsoft shared\office12\MODHELP.DLL
2008-11-04 08:09:04 77200 ----a-w- c:\program files\common files\microsoft shared\modi\12.0\TWSTRUCT.DLL
2008-11-04 08:09:04 532872 ----a-w- c:\program files\common files\microsoft shared\modi\12.0\XPAGE3C.DLL
2008-11-04 08:09:04 19840 ----a-w- c:\program files\common files\microsoft shared\modi\12.0\TWRECS.DLL
2008-11-04 08:09:04 1196944 ----a-w- c:\program files\common files\microsoft shared\modi\12.0\XIMAGE3B.DLL
2008-11-04 08:09:02 58224 ----a-w- c:\program files\common files\microsoft shared\modi\12.0\TWLAY32.DLL
2008-11-04 08:09:02 51576 ----a-w- c:\program files\common files\microsoft shared\modi\12.0\TWRECE.DLL
2008-11-04 08:09:02 33656 ----a-w- c:\program files\common files\microsoft shared\modi\12.0\TWRECC.DLL
2008-11-04 08:09:02 27520 ----a-w- c:\program files\common files\microsoft shared\modi\12.0\TWORIENT.DLL
2008-11-04 08:09:00 87928 ----a-w- c:\program files\common files\microsoft shared\modi\12.0\TWCUTLIN.DLL
2008-11-04 08:09:00 127360 ----a-w- c:\program files\common files\microsoft shared\modi\12.0\TWCUTCHR.DLL
2008-11-04 08:08:58 77208 ----a-w- c:\program files\common files\microsoft shared\modi\12.0\PSOM.DLL
2008-11-04 08:08:58 76152 ----a-w- c:\program files\common files\microsoft shared\modi\12.0\FORM.DLL
2008-11-04 08:08:58 30032 ----a-w- c:\program files\common files\microsoft shared\modi\12.0\THOCRAPI.DLL
2008-11-04 08:08:58 20360 ----a-w- c:\program files\common files\microsoft shared\modi\12.0\BINDER.DLL
2008-11-04 08:08:58 19840 ----a-w- c:\program files\common files\microsoft shared\modi\12.0\REVERSE.DLL
2008-11-04 06:44:24 814464 ----a-w- c:\program files\common files\microsoft shared\dw\DW20.EXE
2008-11-04 06:44:24 439632 ----a-w- c:\program files\common files\microsoft shared\dw\DWDCW20.DLL
2008-11-04 06:44:24 435096 ----a-w- c:\program files\common files\microsoft shared\dw\DWTRIG20.EXE
2008-11-04 06:06:30 2872688 ----a-w- c:\program files\common files\microsoft shared\office12\OFFDIAG.EXE
2008-11-04 06:06:28 441712 ----a-w- c:\program files\common files\microsoft shared\office12\ODSERV.EXE
2008-11-04 04:39:44 179128 ----a-w- c:\program files\common files\microsoft shared\office12\1033\ACEINTL.DLL
2008-11-04 03:37:08 50040 ----a-w- c:\program files\common files\system\msmapi\1033\MSMAPI32.DLL
2008-10-26 10:42:18 16216 ----a-w- c:\program files\common files\microsoft shared\portal\1033\PortalConnect.dll
2008-10-26 10:42:16 482656 ----a-w- c:\program files\common files\microsoft shared\portal\PortalConnectCore.dll
2008-10-25 18:39:38 290632 ----a-w- c:\program files\common files\microsoft shared\msclientdatamgr\MSCDM.DLL
2008-10-25 14:27:54 44408 ----a-w- c:\program files\common files\microsoft shared\office12\MSOXMLMF.DLL
2008-10-25 11:38:38 145224 ----a-w- c:\program files\common files\microsoft shared\office12\1033\ALRTINTL.DLL
2008-10-25 11:18:52 89464 ----a-w- c:\program files\common files\microsoft shared\smart tag\METCONV.DLL
2008-10-25 10:31:28 15224 ----a-w- c:\program files\common files\microsoft shared\office12\ACEODTXT.DLL
2008-10-25 10:31:28 15224 ----a-w- c:\program files\common files\microsoft shared\office12\ACEODPDX.DLL
2008-10-25 10:31:28 15224 ----a-w- c:\program files\common files\microsoft shared\office12\ACEODEXL.DLL
2008-10-25 10:31:28 15224 ----a-w- c:\program files\common files\microsoft shared\office12\ACEODDBS.DLL
2008-10-25 08:38:36 1682800 ----a-w- c:\program files\common files\microsoft shared\web server extensions\12\bin\FPSRVUTL.DLL
2008-10-25 03:50:52 436584 ----a-w- c:\program files\common files\microsoft shared\msorun\MSORUN.DLL
2008-10-25 03:21:26 505192 ----a-w- c:\program files\common files\microsoft shared\office12\MSSOAP30.DLL
2008-10-24 06:59:27 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2008-10-23 12:36:14 286720 -c----w- c:\windows\system32\dllcache\gdi32.dll
2008-10-15 08:50:41 357888 -c----w- c:\windows\system32\dllcache\srv.sys
2008-10-15 08:50:20 1857920 -c----w- c:\windows\system32\dllcache\win32k.sys
2008-10-15 08:50:19 2148864 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-15 08:50:18 2192768 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-15 08:50:17 2069376 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-15 08:50:17 2027008 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-15 06:59:16 -------- d-----w- c:\documents and settings\all users\application data\Blizzard
2008-09-18 04:17:08 1425912 ----a-w- c:\program files\common files\microsoft shared\office11\msxml5.dll
2008-08-26 03:50:22 155648 ----a-w- c:\program files\common files\microsoft shared\vba\vba6\1033\VBE6INTL.DLL
2008-08-13 20:45:39 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2008-08-13 20:45:04 692736 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2008-08-05 05:57:04 -------- d-----w- C:\Logs
2008-07-31 08:02:21 9464 ------w- c:\windows\system32\drivers\cdralw2k.sys
2008-07-31 08:02:21 9336 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2008-07-31 08:02:20 133616 ------w- c:\windows\system32\pxafs.dll
2008-07-30 03:10:04 73720 ----a-w- c:\windows\system32\dxva2.dll
2008-07-30 03:10:04 493048 ----a-w- c:\windows\system32\evr.dll
2008-07-30 03:10:04 26112 ----a-w- c:\windows\system32\TsWpfWrp.exe
2008-07-30 01:59:58 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2008-07-30 01:59:58 161296 ----a-w- c:\windows\system32\UIAutomationCore.dll
2008-07-30 01:59:58 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2008-07-30 01:24:50 97800 ----a-w- c:\windows\system32\infocardapi.dll
2008-07-30 01:24:50 622080 ----a-w- c:\windows\system32\icardagt.exe
2008-07-30 01:24:50 37384 ----a-w- c:\windows\system32\infocardcpl.cpl
2008-07-30 01:24:50 11264 ----a-w- c:\windows\system32\icardres.dll
2008-07-29 11:49:58 586240 ----a-w- c:\windows\system32\icardres.dll.mui
2008-07-25 17:16:58 83968 ----a-w- c:\windows\system32\mscories.dll
2008-07-25 17:16:58 158720 ----a-w- c:\windows\system32\mscorier.dll
2008-07-25 17:16:58 158720 ----a-w- c:\program files\internet explorer\mui\0409\mscorier.dll
2008-07-07 20:26:58 253952 -c----w- c:\windows\system32\dllcache\es.dll
2008-06-24 16:43:16 74240 -c----w- c:\windows\system32\dllcache\mscms.dll
2008-06-20 17:46:57 245248 -c----w- c:\windows\system32\dllcache\mswsock.dll
2008-06-20 17:46:57 149504 -c----w- c:\windows\system32\dllcache\dnsapi.dll
2008-06-20 11:51:12 361600 -c----w- c:\windows\system32\dllcache\tcpip.sys
2008-06-20 11:40:08 138496 -c----w- c:\windows\system32\dllcache\afd.sys
2008-06-20 11:08:27 226880 -c----w- c:\windows\system32\dllcache\tcpip6.sys
2008-06-17 19:02:19 8462336 -c----w- c:\windows\system32\dllcache\shell32.dll
2008-06-12 14:23:32 956928 -c----w- c:\windows\system32\dllcache\msdtctm.dll
2008-06-12 14:23:32 91648 -c----w- c:\windows\system32\dllcache\mtxoci.dll
2008-06-12 14:23:32 66560 -c----w- c:\windows\system32\dllcache\mtxclu.dll
2008-06-12 14:23:32 58880 -c----w- c:\windows\system32\dllcache\msdtclog.dll
2008-06-12 14:23:32 428032 -c----w- c:\windows\system32\dllcache\msdtcprx.dll
2008-06-12 14:23:32 161792 -c----w- c:\windows\system32\dllcache\msdtcuiu.dll
2008-06-10 20:56:34 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2008-06-10 20:56:09 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2008-06-05 23:32:35 -------- d-----w- C:\BJPrinter
2008-06-01 17:24:43 17801 ----a-w- c:\windows\system32\drivers\AegisP.sys
2008-06-01 17:24:31 -------- d-----w- c:\program files\NETGEAR
2008-05-31 02:29:53 593920 ------w- c:\windows\system32\ati2sgag.exe
2008-05-29 06:38:20 221184 ----a-w- c:\windows\system32\wmpns.dll
2008-05-29 06:23:46 -------- d-----w- c:\windows\system32\scripting
2008-05-29 06:23:45 -------- d-----w- c:\windows\system32\en
2008-05-29 06:23:45 -------- d-----w- c:\windows\system32\bits
2008-05-29 06:23:45 -------- d-----w- c:\windows\l2schemas
2008-05-29 06:20:35 -------- d-----w- c:\windows\ServicePackFiles
2008-05-29 03:50:57 59136 ------w- c:\windows\system32\drivers\rfcomm.sys
2008-05-29 03:49:51 33792 ------w- c:\windows\system32\mmcperf.exe
2008-05-29 03:48:54 1041536 ------w- c:\windows\system32\drivers\hsfdpsp2.sys
2008-05-12 15:56:04 397312 ----a-w- c:\windows\system32\ATIDEMGX.dll
2008-05-12 15:53:34 307200 ----a-w- c:\windows\system32\atiiiexx.dll
2008-05-12 15:45:37 180224 ----a-w- c:\windows\system32\atipdlxx.dll
2008-05-12 15:45:23 139264 ----a-w- c:\windows\system32\Oemdspif.dll
2008-05-12 15:45:14 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2008-05-12 15:45:05 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2008-05-12 15:44:50 139264 ----a-w- c:\windows\system32\ati2evxx.dll
2008-05-12 15:43:18 540672 ----a-w- c:\windows\system32\ati2evxx.exe
2008-05-12 15:43:14 10153984 ----a-w- c:\windows\system32\atioglx2.dll
2008-05-12 15:41:56 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2008-05-12 15:09:20 47104 ----a-w- c:\windows\system32\amdpcom32.dll
2008-05-12 15:05:19 327680 ----a-w- c:\windows\system32\atikvmag.dll
2008-05-12 15:05:13 5439488 ----a-w- c:\windows\system32\atioglxx.dll
2008-05-12 15:03:56 19968 ----a-w- c:\windows\system32\atiadlxx.dll
2008-05-12 15:03:46 17408 ----a-w- c:\windows\system32\atitvo32.dll
2008-05-12 15:02:59 49152 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2008-05-12 15:02:31 241664 ----a-w- c:\windows\system32\atiok3x2.dll
2008-05-09 10:53:40 90112 -c----w- c:\windows\system32\dllcache\wshext.dll
2008-05-09 10:53:40 420864 -c--a-w- c:\windows\system32\dllcache\vbscript.dll
2008-05-09 10:53:40 172032 -c----w- c:\windows\system32\dllcache\scrrun.dll
2008-05-09 10:53:39 726528 -c--a-w- c:\windows\system32\dllcache\jscript.dll
2008-05-09 10:53:39 180224 -c----w- c:\windows\system32\dllcache\scrobj.dll
2008-05-08 11:24:44 155648 -c----w- c:\windows\system32\dllcache\wscript.exe
2008-05-07 09:07:23 135168 -c----w- c:\windows\system32\dllcache\cscript.exe
2008-05-07 05:12:40 1291776 -c----w- c:\windows\system32\dllcache\quartz.dll
2008-03-01 23:16:08 21840 ----atw- c:\windows\system32\SIntfNT.dll
2008-03-01 23:16:08 17212 ----atw- c:\windows\system32\SIntf32.dll
2008-03-01 23:16:08 12067 ----atw- c:\windows\system32\SIntf16.dll
2008-03-01 23:09:28 94208 ----a-w- c:\windows\DIIUnin.exe
2008-03-01 23:09:28 2829 ----a-w- c:\windows\DIIUnin.pif
2008-03-01 23:02:16 -------- d-----w- c:\program files\Diablo II
2008-02-27 02:14:33 -------- d-----w- c:\documents and settings\matthew\local settings\application data\AOL OCP
2008-02-27 02:14:29 -------- d-----w- c:\documents and settings\matthew\local settings\application data\AOL
2008-02-27 02:13:48 -------- d-----w- c:\documents and settings\all users\application data\Viewpoint
2008-02-27 02:13:45 -------- d-----w- c:\program files\Viewpoint
2008-02-27 02:13:16 -------- d-----w- c:\program files\common files\AOL
2008-02-27 02:12:47 -------- d-----w- c:\program files\AIM6
2008-02-14 22:47:34 -------- d-----w- c:\documents and settings\all users\application data\Age of Empires 3
2008-02-14 22:33:12 -------- d-----w- c:\program files\Microsoft Games
2008-02-08 14:22:28 -------- d-----w- c:\program files\LucasArts
2008-02-08 14:22:11 314368 ----a-w- c:\windows\uninst.exe
2008-02-08 14:15:30 -------- d-----w- c:\program files\DAEMON Tools Lite
2008-02-08 14:12:16 716272 ----a-w- c:\windows\system32\drivers\sptd.sys
2008-02-07 19:13:56 401484 ----a-w- c:\windows\system32\msvcrtd.dll
2008-02-07 03:42:55 -------- d-----w- c:\program files\THQ
2008-02-07 03:41:38 -------- d-----w- c:\documents and settings\matthew\local settings\application data\Help
2008-02-05 00:32:55 -------- d-----w- c:\documents and settings\matthew\application data\EuroTalk
2008-02-05 00:32:53 -------- d-----w- c:\program files\EuroTalk
2008-02-01 21:41:25 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2008-02-01 21:22:06 11264 ----a-r- c:\documents and settings\matthew\application data\microsoft\installer\{dd8408e9-9421-484f-979d-db6361e3e828}\IconDD8408E96.exe
2008-02-01 21:22:05 15360 ----a-r- c:\documents and settings\matthew\application data\microsoft\installer\{dd8408e9-9421-484f-979d-db6361e3e828}\IconDD8408E910.exe
2008-02-01 21:17:44 -------- d-----w- C:\DirectX9
2008-02-01 21:04:39 6144 ----a-r- c:\documents and settings\matthew\application data\microsoft\installer\{83f12f73-d52e-40c0-93b1-463c311c4e17}\Icon83F12F734.exe
2008-02-01 21:04:39 15360 ----a-r- c:\documents and settings\matthew\application data\microsoft\installer\{83f12f73-d52e-40c0-93b1-463c311c4e17}\Icon83F12F738.exe
2008-02-01 21:04:39 10752 ----a-r- c:\documents and settings\matthew\application data\microsoft\installer\{83f12f73-d52e-40c0-93b1-463c311c4e17}\Icon8255BBAC1.exe
2008-02-01 20:54:37 -------- d-----w- C:\Extras
2008-02-01 20:54:37 -------- d-----w- C:\Autorun
2008-01-28 02:08:34 -------- d-----w- c:\documents and settings\matthew\local settings\application data\Steam
2008-01-25 09:01:16 -------- d-----w- c:\program files\MSXML 4.0
2008-01-25 03:48:20 -------- d-----w- c:\program files\BitLord
2008-01-24 19:46:09 -------- d-----w- c:\program files\Ventrilo
2008-01-24 19:45:52 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2008-01-24 19:41:16 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2008-01-23 00:38:59 -------- d-----w- c:\documents and settings\matthew\local settings\application data\Identities
2008-01-23 00:38:38 -------- d-----w- c:\documents and settings\matthew\local settings\application data\Ahead
2008-01-23 00:29:22 -------- d-----w- c:\program files\Nero
2008-01-23 00:29:22 -------- d-----w- c:\documents and settings\all users\application data\Nero
2008-01-22 14:08:48 -------- d-----w- C:\My Games
2008-01-22 13:51:45 73728 ----a-w- c:\windows\system32\javacpl.cpl
2008-01-22 05:15:07 -------- d-----w- c:\documents and settings\matthew\application data\ATI MMC
2008-01-22 05:14:59 -------- d-----w- c:\documents and settings\all users\application data\ATI MMC
2008-01-22 05:03:55 -------- d-----w- c:\windows\system32\appmgmt
2008-01-22 04:55:26 -------- d-----w- c:\documents and settings\matthew\local settings\application data\Apple
2008-01-22 04:53:15 -------- d-----w- c:\documents and settings\matthew\local settings\application data\Apple Computer
2008-01-22 04:14:36 143360 ----a-w- c:\windows\system32\dunzip32.dll
2008-01-22 03:15:47 -------- d-----w- c:\documents and settings\matthew\local settings\application data\Adobe
2008-01-22 02:43:19 -------- d-----w- c:\program files\common files\Blizzard Entertainment
2008-01-22 02:43:18 -------- d-----w- C:\Games
2008-01-22 02:37:48 274288 ----a-w- c:\windows\system32\mucltui.dll
2008-01-22 02:37:48 215920 ----a-w- c:\windows\system32\muweb.dll
2008-01-22 02:37:48 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2008-01-22 02:35:22 33104 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll
2008-01-22 02:35:22 32656 ----a-w- c:\windows\system32\msonpmon.dll
2008-01-22 02:32:16 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2008-01-22 02:31:45 -------- d-----w- c:\windows\SHELLNEW
2008-01-22 02:31:34 -------- d-----w- c:\documents and settings\matthew\local settings\application data\Microsoft Help
2008-01-22 02:31:30 -------- d-----w- C:\Microsoft Office
2008-01-22 02:28:31 -------- d-----w- c:\program files\ATI Multimedia
2008-01-22 02:27:41 -------- d-----w- c:\windows\Downloaded Installations
2008-01-22 02:25:26 -------- d-----w- c:\program files\common files\ATI Technologies
2008-01-22 02:24:31 -------- d-----w- c:\program files\common files\ATI
2008-01-22 02:24:30 -------- d-----w- c:\program files\common files\CyberLink
2008-01-22 02:23:38 -------- d-----w- c:\program files\TitanTV
2008-01-22 02:23:27 -------- d-----w- c:\program files\msaccrt
2008-01-22 02:23:15 -------- d-----w- c:\windows\system32\windows media
2008-01-22 02:23:11 -------- d--h--w- c:\windows\msdownld.tmp
2008-01-22 02:23:11 -------- d-----w- c:\windows\RegisteredPackages
2008-01-22 02:23:09 -------- d-----w- c:\program files\Windows Media Components
2008-01-22 02:21:56 -------- d-----w- c:\documents and settings\matthew\local settings\application data\ATI
2008-01-22 02:21:42 0 ----a-w- c:\windows\ativpsrm.bin
2008-01-22 02:20:07 -------- d-----w- c:\program files\ATI Technologies
2008-01-22 02:19:01 212992 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ILog.dll
2008-01-22 02:18:49 -------- d-----w- C:\ATI
2008-01-22 02:04:23 -------- d-----w- c:\windows\network diagnostic
2008-01-22 01:55:58 -------- d-----w- c:\program files\Windows Media Connect 2
2008-01-22 01:49:18 -------- d-----w- c:\windows\system32\URTTemp
2008-01-22 01:38:18 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2008-01-22 01:38:18 -------- d-----w- c:\windows\system32\PreInstall
2008-01-22 01:37:08 21728 ----a-w- c:\windows\system32\wucltui.dll.mui
2008-01-22 01:37:08 17632 ----a-w- c:\windows\system32\wuaueng.dll.mui
2008-01-22 01:37:08 15072 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2008-01-22 01:37:07 15064 ----a-w- c:\windows\system32\wuapi.dll.mui
2008-01-22 01:37:07 -------- d-----w- c:\windows\system32\SoftwareDistribution
2008-01-22 01:36:46 -------- d-----w- c:\windows\system32\LogFiles
2008-01-22 01:36:44 -------- d-sh--w- c:\documents and settings\matthew\UserData
2008-01-22 01:34:57 5376 ----a-w- c:\windows\system32\drivers\mspclock.sys
2008-01-22 01:34:37 176128 ----a-w- c:\windows\system32\nvuaudio.exe
2008-01-22 01:34:36 4096 ----a-w- c:\windows\system32\ksuser.dll
2008-01-22 01:34:36 146048 -c--a-w- c:\windows\system32\dllcache\portcls.sys
2008-01-22 01:34:36 146048 ----a-w- c:\windows\system32\drivers\portcls.sys
2008-01-22 01:34:35 60160 -c--a-w- c:\windows\system32\dllcache\drmk.sys
2008-01-22 01:34:35 60160 ----a-w- c:\windows\system32\drivers\drmk.sys
2008-01-22 01:34:35 129536 ----a-w- c:\windows\system32\ksproxy.ax
2008-01-22 01:34:32 208896 ------w- c:\windows\system32\nvuide.exe
2008-01-22 01:34:20 101888 ----a-w- c:\windows\system32\nvtcp.sys
2008-01-22 01:34:19 -------- d-----w- c:\windows\system32\ReinstallBackups
2008-01-22 01:34:18 208896 ----a-w- c:\windows\system32\nvusmb.exe
2008-01-22 01:32:55 311428 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\setup.dll
2008-01-22 01:32:55 188548 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iGdi.dll
2008-01-22 01:32:41 778752 ------w- c:\windows\system32\autorun.exe
2008-01-22 01:30:18 -------- d-----w- C:\Downloads
2008-01-22 01:01:44 -------- d-s---w- c:\windows\system32\Microsoft
.
==================== Find3M ====================
.
2011-06-29 02:26:33 24064 ----a-w- c:\windows\system32\ctfmon.exe
2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25:27 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11:11 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11:11 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01:22 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-17 13:18:03 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-16 13:22:48 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33:55 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33:55 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 17:32:15 551936 ----a-w- c:\windows\system32\oleaut32.dll
2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-09 15:15:09 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30:22 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:38:47 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07:05 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52:35 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-02 15:17:02 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-16 12:05:55 1288192 ----a-w- c:\windows\system32\ole32.dll
2010-07-12 18:36:10 45648 ------w- c:\windows\system32\drivers\PxHelp20.sys
2010-07-12 18:36:10 126448 ------w- c:\windows\system32\pxinsi64.exe
2010-07-12 18:36:10 123888 ------w- c:\windows\system32\pxcpyi64.exe
2010-06-18 17:45:17 293376 ----a-w- c:\windows\system32\winsrv.dll
2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-15 16:17:24 143422 ----a-w- c:\windows\system32\l3codecx.ax
2010-06-14 14:31:20 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-04-16 15:36:56 406016 ----a-w- c:\windows\system32\usp10.dll
2010-03-30 17:24:40 317440 ------w- c:\windows\system32\mp4sdecd.dll
2010-03-30 05:52:26 262416 ----a-w- c:\windows\system32\mpg4ds32.ax
2010-03-05 14:37:40 65536 ----a-w- c:\windows\system32\asycfilt.dll
2010-02-12 04:33:11 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02:15 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-05 18:27:45 1291776 ----a-w- c:\windows\system32\quartz.dll
2010-01-29 14:43:39 307260 ----a-w- c:\windows\system32\l3codeca.acm
2010-01-13 14:01:25 86016 ----a-w- c:\windows\system32\cabview.dll
2009-12-24 06:59:40 177664 ----a-w- c:\windows\system32\wintrust.dll
2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-11-27 17:11:44 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:07:35 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07:35 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07:34 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07:34 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:07:34 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-21 15:51:04 471552 ----a-w- c:\windows\apppatch\aclayers.dll
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20:16 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-15 16:28:26 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 23:44:40 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-09-04 23:44:40 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-09-04 23:44:40 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-09-04 23:29:34 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-09-04 23:29:34 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-09-04 23:29:32 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-09-04 23:29:32 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-09-04 23:29:30 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-01 14:46:07 282654 ----a-w- c:\windows\system32\msaud32.acm
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-25 09:17:27 354816 ----a-w- c:\windows\system32\winhttp.dll
2009-08-07 00:24:10 217816 ----a-w- c:\windows\system32\wuaucpl.cpl
2009-08-05 09:01:48 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-31 16:05:44 1372672 ----a-w- c:\windows\system32\msxml6.dll
2009-07-17 19:01:06 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-17 16:22:18 1435648 ----a-w- c:\windows\system32\query.dll
2009-07-14 04:43:24 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-06-25 08:25:26 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25:26 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-24 11:18:41 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-12 12:31:40 80896 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-12 12:31:39 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 06:14:49 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-05-07 15:32:35 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-20 17:17:26 45568 ----a-w- c:\windows\system32\dnsrslvr.dll
2009-04-02 04:02:22 604160 ----a-w- c:\windows\system32\wmspdmod.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: Maxtor_6L200M0 rev.BACE1G20 -> Harddisk0\DR0 -> \Device\00000077
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86CAA4D0]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x86cb07f0]; MOV EAX, [0x86cb086c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\Harddisk0\DR0[0x86C7BAB8]
3 CLASSPNP[0xF74E7FD7] -> ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\00000078[0x86C4BF18]
5 ACPI[0xF7249620] -> ntkrnlpa!IofCallDriver[0x804EE130] -> [0x86C7B030]
\Driver\nvata[0x86DE43C8] -> IRP_MJ_CREATE -> 0x86CAA4D0
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\00000076 -> \??\IDE#DiskMaxtor_6L200M0__________________________BACE1G20#344C503241334744202020202020202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user != kernel MBR !!!
error: Read The parameter is incorrect.
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
.
============= FINISH: 22:52:24.76 ===============

Attached Files



#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,449 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:30 PM

Posted 12 July 2011 - 03:01 AM

Hi again,

BACKDOOR WARNING
------------------------------
One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.


Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#5 ComputerGeek101

ComputerGeek101
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:30 AM

Posted 12 July 2011 - 02:29 PM

Thank you for your reply.

I would like to proceed and try and get this fixed and I am aware of the risks involved.

I ran the tool TDSSKiller.exe from the desktop. It took about 1 minute to run and here is the results.

2005/10/04 19:21:42.0468 3920 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2005/10/04 19:21:42.0562 3920 ================================================================================
2005/10/04 19:21:42.0562 3920 SystemInfo:
2005/10/04 19:21:42.0562 3920
2005/10/04 19:21:42.0562 3920 OS Version: 5.1.2600 ServicePack: 3.0
2005/10/04 19:21:42.0562 3920 Product type: Workstation
2005/10/04 19:21:42.0562 3920 ComputerName: MATTHEW-D9B95A7
2005/10/04 19:21:42.0562 3920 UserName: Matthew
2005/10/04 19:21:42.0562 3920 Windows directory: C:\WINDOWS
2005/10/04 19:21:42.0562 3920 System windows directory: C:\WINDOWS
2005/10/04 19:21:42.0562 3920 Processor architecture: Intel x86
2005/10/04 19:21:42.0562 3920 Number of processors: 1
2005/10/04 19:21:42.0562 3920 Page size: 0x1000
2005/10/04 19:21:42.0562 3920 Boot type: Normal boot
2005/10/04 19:21:42.0562 3920 ================================================================================
2005/10/04 19:21:44.0562 3920 Initialize success
2005/10/04 19:21:47.0812 2680 ================================================================================
2005/10/04 19:21:47.0812 2680 Scan started
2005/10/04 19:21:47.0812 2680 Mode: Manual;
2005/10/04 19:21:47.0812 2680 ================================================================================
2005/10/04 19:21:49.0203 2680 Aavmker4 (3f6884eff406238d39aaa892218f1df7) C:\WINDOWS\system32\drivers\Aavmker4.sys
2005/10/04 19:21:50.0171 2680 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2005/10/04 19:21:50.0421 2680 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2005/10/04 19:21:50.0640 2680 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2005/10/04 19:21:51.0109 2680 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2005/10/04 19:21:51.0328 2680 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2005/10/04 19:21:53.0000 2680 ALCXWDM (dd8520280304b6145a6be31008748c7c) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2005/10/04 19:21:54.0109 2680 AmdK8 (efbb0956baed786e137351b5ca272aef) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
2005/10/04 19:21:54.0468 2680 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
2005/10/04 19:21:55.0000 2680 AR5211 (08e03e8ab837dc9dd2737930ecd19fbc) C:\WINDOWS\system32\DRIVERS\WPN311.sys
2005/10/04 19:21:55.0234 2680 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2005/10/04 19:21:56.0265 2680 aswFsBlk (7f08d9c504b015d81a8abd75c80028c5) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2005/10/04 19:21:56.0562 2680 aswMon2 (c2181ef6b54752273a0759a968c59279) C:\WINDOWS\system32\drivers\aswMon2.sys
2005/10/04 19:21:56.0906 2680 aswRdr (ac48bdd4cd5d44af33087c06d6e9511c) C:\WINDOWS\system32\drivers\aswRdr.sys
2005/10/04 19:21:57.0078 2680 aswSnx (b64134316fcd1f20e0f10ef3e65bd522) C:\WINDOWS\system32\drivers\aswSnx.sys
2005/10/04 19:21:57.0296 2680 aswSP (d6788e3211afa9951ed7a4d617f68a4f) C:\WINDOWS\system32\drivers\aswSP.sys
2005/10/04 19:21:57.0578 2680 aswTdi (4d100c45517809439c7b6dd98997fa00) C:\WINDOWS\system32\drivers\aswTdi.sys
2005/10/04 19:21:57.0937 2680 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2005/10/04 19:21:58.0234 2680 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2005/10/04 19:21:59.0218 2680 ati2mtag (b63516824da0d8b9ad136e6e044a795f) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2005/10/04 19:21:59.0578 2680 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2005/10/04 19:22:00.0000 2680 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2005/10/04 19:22:00.0265 2680 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2005/10/04 19:22:00.0828 2680 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2005/10/04 19:22:01.0390 2680 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2005/10/04 19:22:01.0484 2680 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2005/10/04 19:22:01.0562 2680 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2005/10/04 19:22:02.0421 2680 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2005/10/04 19:22:02.0531 2680 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2005/10/04 19:22:02.0703 2680 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2005/10/04 19:22:02.0781 2680 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2005/10/04 19:22:02.0906 2680 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2005/10/04 19:22:03.0156 2680 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2005/10/04 19:22:03.0265 2680 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2005/10/04 19:22:03.0359 2680 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2005/10/04 19:22:03.0437 2680 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2005/10/04 19:22:03.0531 2680 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2005/10/04 19:22:03.0640 2680 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2005/10/04 19:22:03.0765 2680 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2005/10/04 19:22:03.0906 2680 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2005/10/04 19:22:04.0062 2680 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2005/10/04 19:22:04.0296 2680 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2005/10/04 19:22:04.0375 2680 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2005/10/04 19:22:04.0531 2680 hamachi (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\system32\DRIVERS\hamachi.sys
2005/10/04 19:22:04.0703 2680 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2005/10/04 19:22:04.0921 2680 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2005/10/04 19:22:05.0421 2680 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2005/10/04 19:22:05.0531 2680 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2005/10/04 19:22:05.0781 2680 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2005/10/04 19:22:06.0046 2680 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2005/10/04 19:22:06.0187 2680 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2005/10/04 19:22:06.0265 2680 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2005/10/04 19:22:06.0359 2680 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2005/10/04 19:22:06.0484 2680 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2005/10/04 19:22:06.0656 2680 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2005/10/04 19:22:06.0765 2680 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2005/10/04 19:22:06.0812 2680 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2005/10/04 19:22:06.0890 2680 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2005/10/04 19:22:07.0093 2680 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2005/10/04 19:22:07.0406 2680 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2005/10/04 19:22:07.0515 2680 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2005/10/04 19:22:07.0656 2680 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2005/10/04 19:22:07.0812 2680 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2005/10/04 19:22:07.0890 2680 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2005/10/04 19:22:08.0171 2680 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2005/10/04 19:22:08.0359 2680 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2005/10/04 19:22:08.0515 2680 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2005/10/04 19:22:08.0625 2680 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2005/10/04 19:22:08.0765 2680 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2005/10/04 19:22:08.0937 2680 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2005/10/04 19:22:09.0031 2680 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2005/10/04 19:22:09.0109 2680 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2005/10/04 19:22:09.0218 2680 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2005/10/04 19:22:09.0390 2680 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2005/10/04 19:22:09.0437 2680 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2005/10/04 19:22:09.0484 2680 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2005/10/04 19:22:09.0578 2680 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2005/10/04 19:22:09.0750 2680 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2005/10/04 19:22:09.0796 2680 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2005/10/04 19:22:09.0921 2680 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2005/10/04 19:22:10.0156 2680 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2005/10/04 19:22:10.0265 2680 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2005/10/04 19:22:10.0359 2680 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2005/10/04 19:22:11.0187 2680 nv (8b2c874897ea498da012284e12f9db2b) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2005/10/04 19:22:12.0046 2680 nvata (c03e15101f6d9e82cd9b0e7d715f5de3) C:\WINDOWS\system32\DRIVERS\nvata.sys
2005/10/04 19:22:12.0109 2680 nvax (f3d3015e52f2732042197d4edcaac2cb) C:\WINDOWS\system32\drivers\nvax.sys
2005/10/04 19:22:12.0187 2680 NVENETFD (7d275ecda4628318912f6c945d5cf963) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
2005/10/04 19:22:12.0234 2680 nvnetbus (b64aacefad2be5bff5353fe681253c67) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
2005/10/04 19:22:12.0312 2680 nvnforce (6d6fd2b7035d415621acaf1e555c8b90) C:\WINDOWS\system32\drivers\nvapu.sys
2005/10/04 19:22:12.0546 2680 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2005/10/04 19:22:12.0656 2680 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2005/10/04 19:22:12.0750 2680 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2005/10/04 19:22:12.0968 2680 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2005/10/04 19:22:13.0046 2680 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2005/10/04 19:22:13.0109 2680 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2005/10/04 19:22:13.0203 2680 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2005/10/04 19:22:13.0406 2680 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2005/10/04 19:22:13.0515 2680 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2005/10/04 19:22:14.0093 2680 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2005/10/04 19:22:14.0218 2680 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2005/10/04 19:22:14.0328 2680 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2005/10/04 19:22:14.0390 2680 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2005/10/04 19:22:14.0484 2680 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2005/10/04 19:22:14.0921 2680 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2005/10/04 19:22:15.0125 2680 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2005/10/04 19:22:15.0218 2680 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2005/10/04 19:22:15.0312 2680 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2005/10/04 19:22:15.0390 2680 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2005/10/04 19:22:15.0500 2680 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2005/10/04 19:22:15.0625 2680 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2005/10/04 19:22:15.0765 2680 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2005/10/04 19:22:15.0984 2680 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2005/10/04 19:22:16.0171 2680 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\DOCUME~1\Matthew\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS
2005/10/04 19:22:16.0187 2680 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\DOCUME~1\Matthew\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS
2005/10/04 19:22:16.0359 2680 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2005/10/04 19:22:16.0453 2680 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2005/10/04 19:22:16.0500 2680 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2005/10/04 19:22:16.0578 2680 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2005/10/04 19:22:16.0765 2680 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2005/10/04 19:22:16.0968 2680 sptd (7f1b7c4d446cd3f926af45b8c48bd593) C:\WINDOWS\system32\Drivers\sptd.sys
2005/10/04 19:22:16.0968 2680 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 7f1b7c4d446cd3f926af45b8c48bd593
2005/10/04 19:22:16.0968 2680 sptd - detected LockedFile.Multi.Generic (1)
2005/10/04 19:22:17.0046 2680 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2005/10/04 19:22:17.0125 2680 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2005/10/04 19:22:17.0312 2680 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2005/10/04 19:22:17.0359 2680 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2005/10/04 19:22:17.0640 2680 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2005/10/04 19:22:17.0828 2680 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2005/10/04 19:22:17.0937 2680 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2005/10/04 19:22:18.0046 2680 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2005/10/04 19:22:18.0187 2680 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2005/10/04 19:22:18.0296 2680 TfFsMon (a56ec942ecabfb7849bfa76060f929fb) C:\WINDOWS\system32\drivers\TfFsMon.sys
2005/10/04 19:22:18.0359 2680 TfNetMon (917ef522563f6047685486efa486fb3c) C:\WINDOWS\system32\drivers\TfNetMon.sys
2005/10/04 19:22:18.0437 2680 TfSysMon (57edbb5fe7ff09bb21121d13bb950ba5) C:\WINDOWS\system32\drivers\TfSysMon.sys
2005/10/04 19:22:18.0687 2680 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2005/10/04 19:22:18.0796 2680 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2005/10/04 19:22:18.0937 2680 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
2005/10/04 19:22:19.0203 2680 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2005/10/04 19:22:19.0265 2680 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2005/10/04 19:22:19.0375 2680 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2005/10/04 19:22:19.0468 2680 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2005/10/04 19:22:19.0578 2680 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2005/10/04 19:22:19.0687 2680 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2005/10/04 19:22:19.0812 2680 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2005/10/04 19:22:19.0937 2680 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2005/10/04 19:22:20.0109 2680 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2005/10/04 19:22:20.0296 2680 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2005/10/04 19:22:20.0406 2680 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2005/10/04 19:22:20.0593 2680 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2005/10/04 19:22:20.0812 2680 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2005/10/04 19:22:20.0859 2680 MBR (0x1B8) (2839639fa37b8353e792a2a30a12ced3) \Device\Harddisk0\DR0
2005/10/04 19:22:20.0875 2680 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2005/10/04 19:22:20.0875 2680 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
2005/10/04 19:22:20.0968 2680 Boot (0x1200) (889be9ea5e61e367549eee5727d868d3) \Device\Harddisk0\DR0\Partition0
2005/10/04 19:22:20.0968 2680 Boot (0x1200) (f3a99271394fdceecd47cb20b5953de8) \Device\Harddisk1\DR1\Partition0
2005/10/04 19:22:20.0984 2680 ================================================================================
2005/10/04 19:22:20.0984 2680 Scan finished
2005/10/04 19:22:20.0984 2680 ================================================================================
2005/10/04 19:22:21.0000 2688 Detected object count: 2
2005/10/04 19:22:21.0000 2688 Actual detected object count: 2
2005/10/04 19:22:34.0546 2688 LockedFile.Multi.Generic(sptd) - User select action: Skip
2005/10/04 19:22:34.0578 2688 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2005/10/04 19:22:34.0578 2688 \Device\Harddisk0\DR0 - ok
2005/10/04 19:22:34.0578 2688 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
2005/10/04 19:22:44.0437 3636 Deinitialize success

I then ran is a second time just to be sure and here are the scans for the second round.

2005/10/04 19:34:43.0890 0764 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2005/10/04 19:34:43.0953 0764 ================================================================================
2005/10/04 19:34:43.0953 0764 SystemInfo:
2005/10/04 19:34:43.0953 0764
2005/10/04 19:34:43.0953 0764 OS Version: 5.1.2600 ServicePack: 3.0
2005/10/04 19:34:43.0953 0764 Product type: Workstation
2005/10/04 19:34:43.0953 0764 ComputerName: MATTHEW-D9B95A7
2005/10/04 19:34:43.0953 0764 UserName: Matthew
2005/10/04 19:34:43.0953 0764 Windows directory: C:\WINDOWS
2005/10/04 19:34:43.0953 0764 System windows directory: C:\WINDOWS
2005/10/04 19:34:43.0953 0764 Processor architecture: Intel x86
2005/10/04 19:34:43.0953 0764 Number of processors: 1
2005/10/04 19:34:43.0953 0764 Page size: 0x1000
2005/10/04 19:34:43.0953 0764 Boot type: Normal boot
2005/10/04 19:34:43.0953 0764 ================================================================================
2005/10/04 19:34:45.0250 0764 Initialize success
2005/10/04 19:34:46.0593 1656 ================================================================================
2005/10/04 19:34:46.0593 1656 Scan started
2005/10/04 19:34:46.0593 1656 Mode: Manual;
2005/10/04 19:34:46.0593 1656 ================================================================================
2005/10/04 19:34:47.0250 1656 Aavmker4 (3f6884eff406238d39aaa892218f1df7) C:\WINDOWS\system32\drivers\Aavmker4.sys
2005/10/04 19:34:47.0453 1656 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2005/10/04 19:34:47.0531 1656 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2005/10/04 19:34:47.0796 1656 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2005/10/04 19:34:47.0921 1656 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2005/10/04 19:34:48.0078 1656 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2005/10/04 19:34:48.0546 1656 ALCXWDM (dd8520280304b6145a6be31008748c7c) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2005/10/04 19:34:48.0937 1656 AmdK8 (efbb0956baed786e137351b5ca272aef) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
2005/10/04 19:34:49.0093 1656 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
2005/10/04 19:34:49.0296 1656 AR5211 (08e03e8ab837dc9dd2737930ecd19fbc) C:\WINDOWS\system32\DRIVERS\WPN311.sys
2005/10/04 19:34:49.0437 1656 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2005/10/04 19:34:49.0703 1656 aswFsBlk (7f08d9c504b015d81a8abd75c80028c5) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2005/10/04 19:34:49.0796 1656 aswMon2 (c2181ef6b54752273a0759a968c59279) C:\WINDOWS\system32\drivers\aswMon2.sys
2005/10/04 19:34:49.0953 1656 aswRdr (ac48bdd4cd5d44af33087c06d6e9511c) C:\WINDOWS\system32\drivers\aswRdr.sys
2005/10/04 19:34:50.0125 1656 aswSnx (b64134316fcd1f20e0f10ef3e65bd522) C:\WINDOWS\system32\drivers\aswSnx.sys
2005/10/04 19:34:50.0265 1656 aswSP (d6788e3211afa9951ed7a4d617f68a4f) C:\WINDOWS\system32\drivers\aswSP.sys
2005/10/04 19:34:50.0390 1656 aswTdi (4d100c45517809439c7b6dd98997fa00) C:\WINDOWS\system32\drivers\aswTdi.sys
2005/10/04 19:34:50.0500 1656 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2005/10/04 19:34:50.0609 1656 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2005/10/04 19:34:50.0937 1656 ati2mtag (b63516824da0d8b9ad136e6e044a795f) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2005/10/04 19:34:51.0125 1656 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2005/10/04 19:34:51.0234 1656 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2005/10/04 19:34:51.0312 1656 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2005/10/04 19:34:51.0593 1656 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2005/10/04 19:34:51.0718 1656 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2005/10/04 19:34:51.0812 1656 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2005/10/04 19:34:52.0093 1656 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2005/10/04 19:34:52.0531 1656 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2005/10/04 19:34:52.0718 1656 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2005/10/04 19:34:52.0828 1656 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2005/10/04 19:34:53.0031 1656 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2005/10/04 19:34:53.0109 1656 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2005/10/04 19:34:53.0250 1656 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2005/10/04 19:34:53.0625 1656 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2005/10/04 19:34:53.0812 1656 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2005/10/04 19:34:53.0906 1656 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2005/10/04 19:34:54.0015 1656 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2005/10/04 19:34:54.0078 1656 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2005/10/04 19:34:54.0140 1656 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2005/10/04 19:34:54.0203 1656 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2005/10/04 19:34:54.0250 1656 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2005/10/04 19:34:54.0328 1656 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2005/10/04 19:34:54.0390 1656 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2005/10/04 19:34:54.0578 1656 hamachi (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\system32\DRIVERS\hamachi.sys
2005/10/04 19:34:54.0890 1656 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2005/10/04 19:34:55.0218 1656 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2005/10/04 19:34:55.0703 1656 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2005/10/04 19:34:55.0781 1656 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2005/10/04 19:34:56.0078 1656 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2005/10/04 19:34:56.0234 1656 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2005/10/04 19:34:56.0343 1656 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2005/10/04 19:34:56.0406 1656 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2005/10/04 19:34:56.0484 1656 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2005/10/04 19:34:56.0546 1656 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2005/10/04 19:34:56.0703 1656 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2005/10/04 19:34:56.0828 1656 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2005/10/04 19:34:56.0953 1656 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2005/10/04 19:34:57.0062 1656 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2005/10/04 19:34:57.0234 1656 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2005/10/04 19:34:57.0515 1656 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2005/10/04 19:34:57.0687 1656 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2005/10/04 19:34:57.0734 1656 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2005/10/04 19:34:57.0843 1656 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2005/10/04 19:34:57.0968 1656 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2005/10/04 19:34:58.0093 1656 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2005/10/04 19:34:58.0390 1656 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2005/10/04 19:34:59.0140 1656 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2005/10/04 19:34:59.0281 1656 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2005/10/04 19:34:59.0328 1656 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2005/10/04 19:34:59.0375 1656 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2005/10/04 19:34:59.0453 1656 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2005/10/04 19:34:59.0578 1656 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2005/10/04 19:34:59.0781 1656 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2005/10/04 19:34:59.0875 1656 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2005/10/04 19:34:59.0953 1656 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2005/10/04 19:35:00.0000 1656 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2005/10/04 19:35:00.0062 1656 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2005/10/04 19:35:00.0125 1656 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2005/10/04 19:35:00.0578 1656 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2005/10/04 19:35:01.0093 1656 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2005/10/04 19:35:01.0328 1656 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2005/10/04 19:35:01.0421 1656 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2005/10/04 19:35:01.0500 1656 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2005/10/04 19:35:02.0328 1656 nv (8b2c874897ea498da012284e12f9db2b) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2005/10/04 19:35:03.0156 1656 nvata (c03e15101f6d9e82cd9b0e7d715f5de3) C:\WINDOWS\system32\DRIVERS\nvata.sys
2005/10/04 19:35:03.0250 1656 nvax (f3d3015e52f2732042197d4edcaac2cb) C:\WINDOWS\system32\drivers\nvax.sys
2005/10/04 19:35:03.0328 1656 NVENETFD (7d275ecda4628318912f6c945d5cf963) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
2005/10/04 19:35:03.0390 1656 nvnetbus (b64aacefad2be5bff5353fe681253c67) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
2005/10/04 19:35:03.0500 1656 nvnforce (6d6fd2b7035d415621acaf1e555c8b90) C:\WINDOWS\system32\drivers\nvapu.sys
2005/10/04 19:35:03.0734 1656 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2005/10/04 19:35:03.0812 1656 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2005/10/04 19:35:04.0031 1656 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2005/10/04 19:35:04.0125 1656 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2005/10/04 19:35:04.0312 1656 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2005/10/04 19:35:04.0406 1656 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2005/10/04 19:35:04.0500 1656 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2005/10/04 19:35:04.0750 1656 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2005/10/04 19:35:04.0859 1656 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2005/10/04 19:35:06.0000 1656 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2005/10/04 19:35:06.0125 1656 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2005/10/04 19:35:06.0531 1656 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2005/10/04 19:35:06.0609 1656 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2005/10/04 19:35:06.0703 1656 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2005/10/04 19:35:06.0953 1656 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2005/10/04 19:35:07.0156 1656 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2005/10/04 19:35:07.0281 1656 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2005/10/04 19:35:07.0390 1656 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2005/10/04 19:35:07.0453 1656 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2005/10/04 19:35:07.0546 1656 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2005/10/04 19:35:07.0640 1656 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2005/10/04 19:35:07.0750 1656 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2005/10/04 19:35:07.0859 1656 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2005/10/04 19:35:08.0015 1656 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\DOCUME~1\Matthew\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS
2005/10/04 19:35:08.0031 1656 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\DOCUME~1\Matthew\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS
2005/10/04 19:35:08.0203 1656 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2005/10/04 19:35:08.0359 1656 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2005/10/04 19:35:08.0406 1656 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2005/10/04 19:35:08.0500 1656 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2005/10/04 19:35:08.0640 1656 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2005/10/04 19:35:08.0843 1656 sptd (7f1b7c4d446cd3f926af45b8c48bd593) C:\WINDOWS\system32\Drivers\sptd.sys
2005/10/04 19:35:08.0843 1656 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 7f1b7c4d446cd3f926af45b8c48bd593
2005/10/04 19:35:08.0843 1656 sptd - detected LockedFile.Multi.Generic (1)
2005/10/04 19:35:08.0953 1656 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2005/10/04 19:35:09.0046 1656 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2005/10/04 19:35:09.0234 1656 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2005/10/04 19:35:09.0328 1656 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2005/10/04 19:35:09.0765 1656 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2005/10/04 19:35:10.0109 1656 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2005/10/04 19:35:10.0687 1656 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2005/10/04 19:35:10.0750 1656 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2005/10/04 19:35:10.0828 1656 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2005/10/04 19:35:10.0890 1656 TfFsMon (a56ec942ecabfb7849bfa76060f929fb) C:\WINDOWS\system32\drivers\TfFsMon.sys
2005/10/04 19:35:11.0015 1656 TfNetMon (917ef522563f6047685486efa486fb3c) C:\WINDOWS\system32\drivers\TfNetMon.sys
2005/10/04 19:35:11.0109 1656 TfSysMon (57edbb5fe7ff09bb21121d13bb950ba5) C:\WINDOWS\system32\drivers\TfSysMon.sys
2005/10/04 19:35:11.0296 1656 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2005/10/04 19:35:11.0500 1656 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2005/10/04 19:35:11.0609 1656 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
2005/10/04 19:35:11.0734 1656 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2005/10/04 19:35:11.0921 1656 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2005/10/04 19:35:11.0968 1656 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2005/10/04 19:35:12.0015 1656 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2005/10/04 19:35:12.0062 1656 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2005/10/04 19:35:12.0125 1656 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2005/10/04 19:35:12.0296 1656 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2005/10/04 19:35:12.0375 1656 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2005/10/04 19:35:12.0437 1656 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2005/10/04 19:35:12.0671 1656 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2005/10/04 19:35:12.0796 1656 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2005/10/04 19:35:13.0031 1656 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2005/10/04 19:35:13.0328 1656 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2005/10/04 19:35:13.0375 1656 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2005/10/04 19:35:13.0484 1656 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
2005/10/04 19:35:13.0546 1656 MBR (0x1B8) (c34811448036c5f55425eb3da70b7389) \Device\Harddisk2\DR4
2005/10/04 19:35:13.0562 1656 Boot (0x1200) (889be9ea5e61e367549eee5727d868d3) \Device\Harddisk0\DR0\Partition0
2005/10/04 19:35:13.0578 1656 Boot (0x1200) (f3a99271394fdceecd47cb20b5953de8) \Device\Harddisk1\DR1\Partition0
2005/10/04 19:35:13.0593 1656 ================================================================================
2005/10/04 19:35:13.0593 1656 Scan finished
2005/10/04 19:35:13.0593 1656 ================================================================================
2005/10/04 19:35:13.0593 0828 Detected object count: 1
2005/10/04 19:35:13.0593 0828 Actual detected object count: 1
2005/10/04 19:35:33.0750 0828 HKLM\SYSTEM\ControlSet001\services\sptd - will be deleted after reboot
2005/10/04 19:35:33.0750 0828 HKLM\SYSTEM\ControlSet002\services\sptd - will be deleted after reboot
2005/10/04 19:35:33.0750 0828 HKLM\SYSTEM\ControlSet003\services\sptd - will be deleted after reboot
2005/10/04 19:35:33.0765 0828 C:\WINDOWS\system32\Drivers\sptd.sys - will be deleted after reboot
2005/10/04 19:35:33.0765 0828 LockedFile.Multi.Generic(sptd) - User select action: Delete
2005/10/04 19:35:51.0203 3584 Deinitialize success

I manually deleted the locked and suspicious file. I hope this was okay to do and I apologize if I over stepped it.

I have noticed in Task Manager that there has been no spiking of memory usage which is a good sign.

Let me know if I need to perform anymore tasks.

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,449 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:30 PM

Posted 13 July 2011 - 02:40 AM

SPTD is a virtual CD driver, and not malicious. It is detected because it is locked, but there was no need to delete it. :)

COMBOFIX
---------------
Please download ComboFix from one of these locations:
Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,449 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:30 PM

Posted 24 July 2011 - 04:59 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users