Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with rootkit virus(?)


  • This topic is locked This topic is locked
27 replies to this topic

#1 duffsparky

duffsparky

  • Members
  • 267 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:56 AM

Posted 13 February 2012 - 01:32 PM

Hello, it would seem the best thing is to review your logs.
Having run ComboFix we need to see that and a DDS log.

Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
Skip the GMER step and instead post the ComboFix log you have.

Let me know if that went well.


Carrying on from my original post see here attached are the log files as requested plus some other earlier logs. I've run GMER and included it's log as it showed a rootkit problem whereas the previous Combofix did not (well I couldn't see it in the log file) and I also re-ran Combofix to get an up-to-date log file (which I haven't looked at yet)

Thanks in advance for any help.

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:56 PM

Posted 18 February 2012 - 02:36 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 duffsparky

duffsparky
  • Topic Starter

  • Members
  • 267 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:56 AM

Posted 19 February 2012 - 09:41 AM

Hi Gringo, thanks for your help :thumbup2:

I thought I had traced the problem to faulty KVM setup but with no KVM in place the problem still exists only not as bad.

I could not run ComboFix in normal mode from my user account or my admin account or Windows administrator account(?); I had to use the Windows administrator account running in Safe Mode with networking. The problem seemed to be with pev.exe & iexplore.exe - error message said "....has encountered a problem. Process cannot access file...". However, I've just re-tried ComboFix and it seemed to initate OK, however, I did not complete that scan.



Here is the log from the ComboFix run you requested and thanks in advance:-

ComboFix 12-02-02.01 - Administrator 19/02/2012 12:29:23.6.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2047.1576 [GMT 0:00]
Running from: c:\program files\Bleeping Computer Utilities\ComboFix.exe
AV: Sophos Anti-Virus *Disabled/Updated* {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}
.
.
((((((((((((((((((((((((( Files Created from 2012-01-19 to 2012-02-19 )))))))))))))))))))))))))))))))
.
.
2012-02-19 01:53 . 2012-02-19 01:53 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Sophos
2012-02-19 01:23 . 2012-02-19 01:23 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Temp
2012-02-19 01:23 . 2012-02-19 01:23 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2012-02-19 01:05 . 2012-02-19 01:05 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2012-02-18 23:44 . 2012-02-18 23:45 -------- d-----w- c:\documents and settings\Glenn\Application Data\I2P
2012-02-18 22:51 . 2012-02-19 02:21 -------- d-----w- c:\documents and settings\All Users\Application Data\i2p
2012-02-18 22:51 . 2012-02-18 22:51 -------- d-----w- c:\program files\i2p
2012-02-18 12:04 . 2012-02-18 12:04 -------- d-----w- c:\documents and settings\Glenn\Local Settings\Application Data\WinZip
2012-02-16 19:52 . 2012-02-16 21:47 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-02-15 12:12 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-15 12:12 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-14 21:35 . 2003-10-15 17:52 40960 ----a-r- c:\windows\CleanDev.exe
2012-02-13 18:25 . 2012-02-13 18:26 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2012-02-13 15:49 . 2012-02-13 16:01 -------- d-----w- C:\gmer
2012-02-13 15:08 . 2011-12-10 15:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-10 14:57 . 2012-02-10 14:57 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2012-02-10 14:37 . 2012-02-10 14:37 -------- d-----w- c:\documents and settings\Glenn\Application Data\Windows Desktop Search
2012-02-10 00:59 . 2012-02-11 21:13 -------- d-----w- c:\program files\Windows Desktop Search
2012-02-10 00:57 . 2012-02-10 00:57 -------- d-----w- c:\windows\system32\URTTEMP
2012-02-09 22:40 . 2012-02-09 22:40 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Secunia PSI
2012-02-09 22:40 . 2012-02-09 22:40 -------- d-----w- c:\program files\Secunia
2012-02-09 20:47 . 2012-02-02 12:47 4395504 ----a-w- c:\program files\ComboFix.exe
2012-02-09 20:33 . 2012-02-16 18:35 -------- d-----w- c:\program files\Bleeping Computer Utilities
2012-02-09 02:04 . 2012-02-09 02:04 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2012-02-09 00:34 . 2003-06-25 16:05 266360 ----a-w- c:\windows\system32\TweakUI.exe
2012-02-08 23:10 . 2012-02-09 00:46 -------- d-----w- c:\program files\SysInternals
2012-02-08 01:06 . 2003-03-18 20:03 544768 ----a-w- c:\windows\system32\msvcr71d.dll
2012-02-08 01:06 . 2005-10-31 21:28 69632 ----a-w- c:\windows\system32\MobOlExt.dll
2012-02-08 01:06 . 2003-03-18 20:04 765952 ----a-w- c:\windows\system32\msvcp71d.dll
2012-02-08 01:06 . 2012-02-08 01:11 -------- d-----w- c:\program files\Vodafone PC Suite
2012-02-08 00:45 . 2006-09-09 16:46 131072 ----a-w- c:\windows\system32\mtkjpeg.dll
2012-02-02 23:49 . 2012-02-02 23:49 -------- d-----w- c:\program files\MultiHasher
2012-02-02 01:19 . 2012-02-02 01:19 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer
2012-02-01 19:20 . 2012-02-01 19:20 -------- d-----w- c:\program files\DriveRescue
2012-02-01 19:16 . 2012-02-01 19:16 -------- d-----w- c:\program files\PC Inspector File Recovery
2012-02-01 19:16 . 2002-02-18 18:40 6200 ------w- c:\windows\system32\INT13EXT.VXD
2012-02-01 17:31 . 2011-09-09 18:23 2469760 ----a-w- c:\windows\system32\BootMan.exe
2012-02-01 17:31 . 2011-07-29 13:54 86408 ----a-w- c:\windows\system32\setupempdrv03.exe
2012-02-01 17:31 . 2011-07-29 13:54 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys
2012-02-01 17:31 . 2011-07-29 13:54 19840 ----a-w- c:\windows\system32\EuEpmGdi.dll
2012-02-01 17:31 . 2011-07-29 13:54 13192 ----a-w- c:\windows\system32\epmntdrv.sys
2012-02-01 17:31 . 2012-02-01 18:04 -------- d-----w- c:\program files\EASEUS
2012-02-01 15:07 . 2011-12-30 17:03 21336 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-01-31 13:52 . 2012-01-31 13:52 -------- d-----w- c:\documents and settings\Glenn\Application Data\QuickScan
2012-01-28 23:26 . 2012-01-28 23:27 -------- d-----w- c:\program files\LinuxLive USB Creator
2012-01-26 13:19 . 2012-01-26 13:19 -------- d-----w- c:\documents and settings\Glenn\Application Data\Fighters
2012-01-25 23:17 . 2012-01-25 23:17 2247216 ----a-w- c:\program files\spywarefighter.exe
2012-01-25 22:24 . 2012-01-25 22:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Fighters
2012-01-24 21:56 . 2012-02-14 21:23 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2012-01-24 21:56 . 2012-02-14 21:23 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2012-01-24 21:56 . 2012-02-14 21:23 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2012-01-24 21:56 . 2012-02-14 21:23 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2012-01-24 21:56 . 2012-02-14 21:23 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2012-01-24 21:56 . 2012-02-14 21:23 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2012-01-24 21:56 . 2012-02-14 21:23 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2012-01-24 00:18 . 2012-01-24 00:18 -------- d-----w- c:\documents and settings\Guest
2012-01-23 23:56 . 2012-02-16 00:57 -------- d-----w- c:\documents and settings\Glenn2
2012-01-23 08:18 . 2012-01-23 09:44 -------- d-----w- c:\windows\SxsCaPendDel
2012-01-21 13:11 . 2012-01-21 13:11 -------- d-----w- c:\documents and settings\Glenn\Local Settings\Application Data\Sony
2012-01-21 13:10 . 2012-01-21 13:10 -------- d-----w- c:\program files\Common Files\Sony Shared
2012-01-21 13:09 . 2012-01-21 13:09 -------- d-----w- c:\documents and settings\Glenn\Local Settings\Application Data\Downloaded Installations
2012-01-21 13:05 . 2012-01-21 13:05 -------- d-----w- c:\program files\Sony Media Go Install
2012-01-21 13:05 . 2012-01-21 13:10 -------- d-----w- c:\documents and settings\Glenn\Application Data\Sony
2012-01-21 02:25 . 2012-02-19 01:24 -------- d-----w- c:\documents and settings\Glenn\Tracing
2012-01-21 02:24 . 2010-04-28 07:44 54760 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2012-01-21 02:23 . 2012-01-21 02:23 -------- d-----w- c:\program files\Microsoft Sync Framework
2012-01-21 02:22 . 2012-01-21 02:22 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2012-01-21 02:20 . 2012-01-21 02:20 -------- d-----w- c:\program files\Microsoft
2012-01-21 02:20 . 2012-01-21 02:20 -------- d-----w- c:\program files\Windows Live SkyDrive
2012-01-21 02:19 . 2012-01-21 02:24 -------- d-----w- c:\program files\Windows Live
2012-01-21 02:13 . 2012-01-21 02:13 -------- d-----w- c:\program files\Common Files\Windows Live
2012-01-21 01:25 . 2012-01-21 02:05 -------- d-----w- c:\documents and settings\Glenn\Application Data\MSN6
2012-01-21 01:25 . 2012-01-21 01:25 -------- d-----w- c:\documents and settings\All Users\Application Data\MSN6
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-19 01:08 . 2011-05-17 21:04 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-15 23:48 . 2012-01-15 23:48 1726 ----a-w- c:\windows\ndinst.exe
2012-01-15 23:48 . 2012-01-15 23:48 14750 ----a-w- c:\windows\system32\mdc8021x.vxd
2012-01-12 16:53 . 2003-03-31 14:00 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-19 08:53 . 2006-06-23 11:33 667136 ----a-w- c:\windows\system32\wininet.dll
2011-12-19 08:53 . 2003-03-31 14:00 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-12-19 08:53 . 2011-03-09 08:48 81920 ------w- c:\windows\system32\ieencode.dll
2011-12-16 13:16 . 2011-03-09 08:48 369664 ------w- c:\windows\system32\html.iec
2011-11-25 21:57 . 2003-03-31 14:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2012-02-11 14:11 . 2011-03-26 20:27 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-02-16_19.18.02 )))))))))))))))))))))))))))))))))))))))))
.
- 2003-03-31 14:00 . 2012-02-16 18:59 81144 c:\windows\system32\perfc009.dat
+ 2003-03-31 14:00 . 2012-02-19 12:24 81144 c:\windows\system32\perfc009.dat
+ 2011-08-08 20:05 . 2012-02-19 01:10 87942 c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
- 2011-11-02 09:45 . 2011-11-02 09:45 86016 c:\windows\system32\Adobe\Shockwave 11\SwMenu.dll
+ 2012-02-02 13:49 . 2012-02-02 13:49 86016 c:\windows\system32\Adobe\Shockwave 11\SwMenu.dll
- 2011-11-02 09:28 . 2011-11-02 09:28 73408 c:\windows\system32\Adobe\Shockwave 11\gtapi.dll
+ 2012-02-02 13:32 . 2012-02-02 13:32 73408 c:\windows\system32\Adobe\Shockwave 11\gtapi.dll
- 2011-11-02 09:28 . 2011-11-02 09:28 64512 c:\windows\system32\Adobe\Shockwave 11\gcapi_dll.dll
+ 2012-02-02 13:32 . 2012-02-02 13:32 64512 c:\windows\system32\Adobe\Shockwave 11\gcapi_dll.dll
+ 2012-02-02 13:50 . 2012-02-02 13:50 12800 c:\windows\system32\Adobe\Shockwave 11\DynaPlayer.dll
- 2011-11-02 09:47 . 2011-11-02 09:47 12800 c:\windows\system32\Adobe\Shockwave 11\DynaPlayer.dll
- 2003-03-31 14:00 . 2012-02-16 18:59 483072 c:\windows\system32\perfh009.dat
+ 2003-03-31 14:00 . 2012-02-19 12:24 483072 c:\windows\system32\perfh009.dat
+ 2012-02-19 01:08 . 2012-02-19 01:08 250016 c:\windows\system32\Macromed\Flash\FlashUtil11f_Plugin.exe
+ 2012-02-02 13:32 . 2012-02-02 13:32 279992 c:\windows\system32\Adobe\Shockwave 11\SymCCIS.dll
- 2011-11-02 09:28 . 2011-11-02 09:28 279992 c:\windows\system32\Adobe\Shockwave 11\SymCCIS.dll
+ 2012-02-02 13:49 . 2012-02-02 13:49 114176 c:\windows\system32\Adobe\Shockwave 11\SwInit.exe
- 2011-11-02 09:45 . 2011-11-02 09:45 114176 c:\windows\system32\Adobe\Shockwave 11\SwInit.exe
- 2011-11-02 09:47 . 2011-11-02 09:47 434176 c:\windows\system32\Adobe\Shockwave 11\Proj.dll
+ 2012-02-02 13:50 . 2012-02-02 13:50 434176 c:\windows\system32\Adobe\Shockwave 11\Proj.dll
+ 2012-02-02 13:49 . 2012-02-02 13:49 365056 c:\windows\system32\Adobe\Shockwave 11\Plugin.dll
- 2011-11-02 09:45 . 2011-11-02 09:45 365056 c:\windows\system32\Adobe\Shockwave 11\Plugin.dll
+ 2012-02-02 13:36 . 2012-02-02 13:36 990208 c:\windows\system32\Adobe\Shockwave 11\iml32.dll
- 2011-11-02 09:33 . 2011-11-02 09:33 990208 c:\windows\system32\Adobe\Shockwave 11\iml32.dll
+ 2012-02-02 13:49 . 2012-02-02 13:49 543232 c:\windows\system32\Adobe\Shockwave 11\Control.dll
+ 2012-02-02 13:56 . 2012-02-02 13:56 113592 c:\windows\system32\Adobe\Director\SWDNLD.EXE
+ 2012-02-02 13:56 . 2012-02-02 13:56 281016 c:\windows\system32\Adobe\Director\SwDir.dll
+ 2012-02-02 13:49 . 2012-02-02 13:49 145920 c:\windows\system32\Adobe\Director\np32dsw.dll
- 2011-11-02 09:46 . 2011-11-02 09:46 145920 c:\windows\system32\Adobe\Director\np32dsw.dll
+ 2012-02-09 02:05 . 2012-02-19 01:08 8527008 c:\windows\system32\Macromed\Flash\NPSWF32.dll
- 2012-02-09 02:05 . 2012-02-09 02:05 8527008 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2012-02-02 13:56 . 2012-02-02 13:56 1041848 c:\windows\system32\Adobe\Shockwave 11\SwHelper_1164634.exe
+ 2012-02-02 13:32 . 2012-02-02 13:32 2376368 c:\windows\system32\Adobe\Shockwave 11\gt.exe
- 2011-11-02 09:28 . 2011-11-02 09:28 2376368 c:\windows\system32\Adobe\Shockwave 11\gt.exe
+ 2012-02-02 13:32 . 2012-02-02 13:32 1224704 c:\windows\system32\Adobe\Shockwave 11\gi.dll
+ 2012-02-02 13:38 . 2012-02-02 13:38 1742336 c:\windows\system32\Adobe\Shockwave 11\dirapi.dll
- 2011-11-02 09:35 . 2011-11-02 09:35 1742336 c:\windows\system32\Adobe\Shockwave 11\dirapi.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sophos AutoUpdate Monitor"="c:\program files\Sophos\AutoUpdate\almon.exe" [2011-03-29 439536]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^D-Link REG Utility.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\D-Link REG Utility.lnk
backup=c:\windows\pss\D-Link REG Utility.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DWL-G520M Wireless 108G MIMO PCI Adapter Utility.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\DWL-G520M Wireless 108G MIMO PCI Adapter Utility.lnk
backup=c:\windows\pss\DWL-G520M Wireless 108G MIMO PCI Adapter Utility.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Secunia PSI Tray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
backup=c:\windows\pss\Secunia PSI Tray.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Status Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk
backup=c:\windows\pss\Status Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Glenn^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\Glenn\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Glenn^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
path=c:\documents and settings\Glenn\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 13:10 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-01-03 13:10 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 07:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\btbb_McciTrayApp]
2011-05-26 15:04 1590144 ----a-w- c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 05:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GMX_GMX File Storage Manager]
2010-07-15 15:58 943488 ----a-w- c:\program files\GMX\GMX File Storage Manager\DAVSRV.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2011-05-10 02:41 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
2005-02-02 15:44 61440 ----a-w- c:\hp\KBD\kbd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
2008-04-14 05:42 169984 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\msconfig.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 05:42 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2006-10-22 12:22 86016 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-10-22 12:22 1622016 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 14:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task1]
2011-10-24 14:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2007-04-16 14:28 577536 ----a-w- c:\windows\soundman.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 13:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemProtector]
2011-11-09 16:08 10055480 ----a-w- c:\program files\Advanced System Optimizer 3\systemprotector.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"OMSI download service"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
R1 uigcrdr;uigcrdr;c:\windows\system32\drivers\uigcrdr.SYS [12/04/2011 22:05 149120]
R3 adatadrv;Autodata Protection Service;c:\windows\system32\drivers\adatadrv.sys [31/07/2011 19:06 762112]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [08/08/2011 20:15 27632]
S1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [08/02/2011 22:56 153344]
S1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [08/02/2011 22:56 24064]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [20/06/2011 20:17 22504]
S2 i2p;I2P Service;c:\program files\i2p\I2Psvc.exe [18/02/2012 22:51 375576]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [13/02/2012 15:08 652360]
S2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [29/03/2011 15:03 163056]
S2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [29/03/2011 15:03 97520]
S2 swi_service;Sophos Web Intelligence Service;c:\program files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [29/03/2011 15:04 1541360]
S3 AR5513;%ATHER.Service.DispName%;c:\windows\system32\DRIVERS\ar5513.sys --> c:\windows\system32\DRIVERS\ar5513.sys [?]
S3 cpuz134;cpuz134;\??\c:\docume~1\Glenn\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\Glenn\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [01/02/2012 17:31 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [01/02/2012 17:31 8456]
S3 eustub;Usb Stub (Eltima software);c:\windows\system32\drivers\eusbstub.sys [14/01/2012 20:36 12488]
S3 eventloganalyzer;ManageEngine EventLog Analyzer 7.0;f:\manageengine\EventLog\bin\wrapper.exe -s f:\manageengine\EventLog\bin\\..\server\default\conf\wrapper.conf --> f:\manageengine\EventLog\bin\wrapper.exe -s f:\manageengine\EventLog\bin\\..\server\default\conf\wrapper.conf [?]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [21/10/2011 20:48 13224]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [03/07/2011 02:07 136176]
S3 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [30/05/2011 03:38 312152]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [13/02/2012 15:08 20464]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [16/02/2012 19:52 40776]
S3 MonitorMagic;MonitorMagic (1358,48155);c:\program files\MonitorMagicService\NM.EXE [20/06/2011 21:35 1978368]
S3 PROCEXP151;PROCEXP151;\??\c:\windows\system32\Drivers\PROCEXP151.SYS --> c:\windows\system32\Drivers\PROCEXP151.SYS [?]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [01/09/2010 08:30 15544]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [26/03/2011 21:08 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [26/03/2011 21:08 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [26/03/2011 21:08 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [26/03/2011 21:08 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [26/03/2011 21:08 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [26/03/2011 21:08 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [26/03/2011 21:08 115752]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [23/04/2007 13:54 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [23/04/2007 13:54 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [23/04/2007 13:54 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [23/04/2007 13:54 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [23/04/2007 13:54 98568]
S3 sdcfilter;sdcfilter;c:\windows\system32\drivers\sdcfilter.sys [29/03/2011 15:03 23928]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [08/08/2011 12:50 155344]
S3 UMSSSTOR;C-Media Storage;c:\windows\system32\drivers\Umss.SYS [13/07/2004 12:40 48512]
S3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\drivers\vcsvad.sys [06/01/2012 00:36 17792]
S3 vuhub;Virtual Usb Hub;c:\windows\system32\drivers\vuhub.sys [14/01/2012 20:36 51400]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [31/03/2003 14:00 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]
S4 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [01/02/2012 14:56 497496]
S4 ASO3DiskOptimizer;ASO3DiskOptimizer;c:\program files\Advanced System Optimizer 3\ASO3DefragSrv.exe [25/11/2011 14:59 239928]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [03/07/2011 02:07 136176]
S4 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [08/01/2012 17:01 132768]
S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [08/02/2011 22:56 14976]
S4 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2012-02-19 c:\windows\Tasks\FinalTorrent Update Checker.job
- c:\program files\FinalTorrent\FTCheckForUpdates.exe [2011-07-28 14:24]
.
2012-02-19 c:\windows\Tasks\FreeFileViewerUpdateChecker.job
- c:\program files\FreeFileViewer\FFVCheckForUpdates.exe [2011-11-27 15:24]
.
2012-02-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-03 02:07]
.
2012-02-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-03 02:07]
.
2012-02-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-1606980848-725345543-1003Core.job
- c:\documents and settings\Glenn\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-31 13:02]
.
2012-02-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-1606980848-725345543-1003UA.job
- c:\documents and settings\Glenn\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-31 13:02]
.
2012-02-19 c:\windows\Tasks\{DD443378-65C3-4D71-8A46-6F4AE90146D0}_COMPAQ_Glenn.job
- c:\windows\system32\mobsync.exe [2003-03-31 05:42]
.
.
------- Supplementary Scan -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\f06vy8xa.default\
FF - prefs.js: browser.startup.homepage - www.google.co.uk
FF - prefs.js: network.proxy.type - 0
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-19 12:37
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-02-19 12:38:58
ComboFix-quarantined-files.txt 2012-02-19 12:38
ComboFix2.txt 2012-02-16 19:19
ComboFix3.txt 2012-02-13 18:01
ComboFix4.txt 2012-02-02 15:25
ComboFix5.txt 2012-02-19 12:27
.
Pre-Run: 59,941,683,200 bytes free
Post-Run: 59,969,134,592 bytes free
.
- - End Of File - - 9766569AA1D9884ACD5313D2A8FA9462

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:56 PM

Posted 19 February 2012 - 02:33 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 duffsparky

duffsparky
  • Topic Starter

  • Members
  • 267 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:56 AM

Posted 20 February 2012 - 10:34 AM

Hi Gringo,

Here are the reports requested. The scans were done from the Windows admin account as I had problems running them from my User account. The aswMBR scan took 3 attemps before it ran properly(?). Both scans were done with Sophos AV and Malwarebytes disabled through services.msc

02:39:32.0437 3412 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
02:39:32.0484 3412 ============================================================
02:39:32.0484 3412 Current date / time: 2012/02/20 02:39:32.0484
02:39:32.0484 3412 SystemInfo:
02:39:32.0484 3412
02:39:32.0484 3412 OS Version: 5.1.2600 ServicePack: 3.0
02:39:32.0484 3412 Product type: Workstation
02:39:32.0484 3412 ComputerName: T645
02:39:32.0484 3412 UserName: Administrator
02:39:32.0484 3412 Windows directory: C:\WINDOWS
02:39:32.0484 3412 System windows directory: C:\WINDOWS
02:39:32.0484 3412 Processor architecture: Intel x86
02:39:32.0484 3412 Number of processors: 2
02:39:32.0484 3412 Page size: 0x1000
02:39:32.0484 3412 Boot type: Normal boot
02:39:32.0484 3412 ============================================================
02:39:34.0343 3412 Drive \Device\Harddisk0\DR0 - Size: 0x45DECD2000 (279.48 Gb), SectorSize: 0x200, Cylinders: 0x8E83, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
02:39:34.0343 3412 \Device\Harddisk0\DR0:
02:39:34.0343 3412 MBR used
02:39:34.0343 3412 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x22EEEBC3
02:39:34.0484 3412 Initialize success
02:39:34.0484 3412 ============================================================
02:39:46.0593 1868 ============================================================
02:39:46.0593 1868 Scan started
02:39:46.0593 1868 Mode: Manual;
02:39:46.0593 1868 ============================================================
02:39:46.0843 1868 Abiosdsk - ok
02:39:46.0875 1868 abp480n5 - ok
02:39:46.0968 1868 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
02:39:46.0984 1868 ACPI - ok
02:39:47.0062 1868 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
02:39:47.0062 1868 ACPIEC - ok
02:39:47.0156 1868 adatadrv (5ee8aaa16951e46d197392ba6f2402ea) C:\WINDOWS\system32\DRIVERS\adatadrv.sys
02:39:47.0187 1868 adatadrv - ok
02:39:47.0218 1868 adpu160m - ok
02:39:47.0265 1868 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
02:39:47.0281 1868 aec - ok
02:39:47.0359 1868 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
02:39:47.0375 1868 AFD - ok
02:39:47.0437 1868 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
02:39:47.0437 1868 agp440 - ok
02:39:47.0484 1868 Aha154x - ok
02:39:47.0515 1868 aic78u2 - ok
02:39:47.0546 1868 aic78xx - ok
02:39:47.0718 1868 ALCXWDM (dd8520280304b6145a6be31008748c7c) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
02:39:47.0906 1868 ALCXWDM - ok
02:39:47.0984 1868 AliIde - ok
02:39:48.0015 1868 amsint - ok
02:39:48.0046 1868 AR5513 - ok
02:39:48.0093 1868 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
02:39:48.0093 1868 Arp1394 - ok
02:39:48.0125 1868 asc - ok
02:39:48.0156 1868 asc3350p - ok
02:39:48.0187 1868 asc3550 - ok
02:39:48.0265 1868 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
02:39:48.0265 1868 AsyncMac - ok
02:39:48.0328 1868 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
02:39:48.0328 1868 atapi - ok
02:39:48.0375 1868 Atdisk - ok
02:39:48.0421 1868 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
02:39:48.0437 1868 Atmarpc - ok
02:39:48.0500 1868 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
02:39:48.0500 1868 audstub - ok
02:39:48.0546 1868 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
02:39:48.0546 1868 Beep - ok
02:39:48.0640 1868 catchme - ok
02:39:48.0718 1868 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
02:39:48.0718 1868 cbidf2k - ok
02:39:48.0796 1868 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
02:39:48.0796 1868 CCDECODE - ok
02:39:48.0843 1868 cd20xrnt - ok
02:39:48.0875 1868 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
02:39:48.0875 1868 Cdaudio - ok
02:39:48.0921 1868 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
02:39:48.0921 1868 Cdfs - ok
02:39:48.0968 1868 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
02:39:48.0968 1868 Cdrom - ok
02:39:49.0000 1868 Changer - ok
02:39:49.0031 1868 CmdIde - ok
02:39:49.0078 1868 Cpqarray - ok
02:39:49.0140 1868 cpuz134 - ok
02:39:49.0234 1868 cpuz135 (44a3b9cc0a8e89c11544932b295ea113) C:\WINDOWS\system32\drivers\cpuz135_x32.sys
02:39:49.0234 1868 cpuz135 - ok
02:39:49.0312 1868 dac2w2k - ok
02:39:49.0406 1868 dac960nt - ok
02:39:49.0453 1868 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
02:39:49.0453 1868 Disk - ok
02:39:49.0515 1868 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
02:39:49.0546 1868 dmboot - ok
02:39:49.0593 1868 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
02:39:49.0609 1868 dmio - ok
02:39:49.0625 1868 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
02:39:49.0625 1868 dmload - ok
02:39:49.0671 1868 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
02:39:49.0671 1868 DMusic - ok
02:39:49.0703 1868 dpti2o - ok
02:39:49.0750 1868 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
02:39:49.0750 1868 drmkaud - ok
02:39:49.0843 1868 E100B (ac9cf17ee2ae003c98eb4f5336c38058) C:\WINDOWS\system32\DRIVERS\e100b325.sys
02:39:49.0843 1868 E100B - ok
02:39:49.0921 1868 epmntdrv (f07ba56b0235f15eff8f10dc6389c42e) C:\WINDOWS\system32\epmntdrv.sys
02:39:50.0015 1868 epmntdrv - ok
02:39:50.0093 1868 EuGdiDrv (1f2f4ab15ce03ecc257feb2f6dc5a013) C:\WINDOWS\system32\EuGdiDrv.sys
02:39:50.0093 1868 EuGdiDrv - ok
02:39:50.0171 1868 eustub (473753479088314141aaf28f03c1ca00) C:\WINDOWS\system32\DRIVERS\eusbstub.sys
02:39:50.0171 1868 eustub - ok
02:39:50.0250 1868 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
02:39:50.0265 1868 Fastfat - ok
02:39:50.0328 1868 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
02:39:50.0328 1868 Fdc - ok
02:39:50.0375 1868 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
02:39:50.0390 1868 Fips - ok
02:39:50.0421 1868 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
02:39:50.0437 1868 Flpydisk - ok
02:39:50.0468 1868 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
02:39:50.0468 1868 FltMgr - ok
02:39:50.0546 1868 fssfltr (e0087225b137e57239ff40f8ae82059b) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
02:39:50.0562 1868 fssfltr - ok
02:39:50.0593 1868 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
02:39:50.0593 1868 Fs_Rec - ok
02:39:50.0625 1868 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
02:39:50.0625 1868 Ftdisk - ok
02:39:50.0671 1868 ggflt (007aea2e06e7cef7372e40c277163959) C:\WINDOWS\system32\DRIVERS\ggflt.sys
02:39:50.0671 1868 ggflt - ok
02:39:50.0734 1868 ggsemc (c73de35960ca75c5ab4ae636b127c64e) C:\WINDOWS\system32\DRIVERS\ggsemc.sys
02:39:50.0750 1868 ggsemc - ok
02:39:50.0859 1868 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
02:39:50.0859 1868 Gpc - ok
02:39:50.0953 1868 Hardlock (ed32d389f8b0e74e400932e020bcfbdf) C:\WINDOWS\system32\drivers\hardlock.sys
02:39:50.0984 1868 Hardlock - ok
02:39:51.0031 1868 Haspnt (2dd25f060dc9f79b5cdf33d90ed93669) C:\WINDOWS\system32\drivers\Haspnt.sys
02:39:51.0031 1868 Haspnt - ok
02:39:51.0093 1868 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
02:39:51.0093 1868 hidusb - ok
02:39:51.0156 1868 hpn - ok
02:39:51.0234 1868 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
02:39:51.0234 1868 HTTP - ok
02:39:51.0265 1868 i2omgmt - ok
02:39:51.0296 1868 i2omp - ok
02:39:51.0390 1868 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
02:39:51.0390 1868 i8042prt - ok
02:39:51.0406 1868 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
02:39:51.0421 1868 Imapi - ok
02:39:51.0453 1868 ini910u - ok
02:39:51.0484 1868 IntelIde - ok
02:39:51.0515 1868 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
02:39:51.0515 1868 intelppm - ok
02:39:51.0562 1868 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
02:39:51.0578 1868 ip6fw - ok
02:39:51.0640 1868 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
02:39:51.0640 1868 IpFilterDriver - ok
02:39:51.0703 1868 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
02:39:51.0718 1868 IpInIp - ok
02:39:51.0765 1868 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
02:39:51.0765 1868 IpNat - ok
02:39:51.0843 1868 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
02:39:51.0843 1868 IPSec - ok
02:39:51.0890 1868 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
02:39:51.0890 1868 IRENUM - ok
02:39:51.0984 1868 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
02:39:51.0984 1868 isapnp - ok
02:39:52.0015 1868 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
02:39:52.0015 1868 Kbdclass - ok
02:39:52.0062 1868 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
02:39:52.0078 1868 kmixer - ok
02:39:52.0125 1868 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
02:39:52.0140 1868 KSecDD - ok
02:39:52.0187 1868 lbrtfdc - ok
02:39:52.0250 1868 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
02:39:52.0250 1868 MBAMProtector - ok
02:39:52.0343 1868 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
02:39:52.0343 1868 MBAMSwissArmy - ok
02:39:52.0437 1868 mbmiodrvr (290fb01f7f51eff0960599404a09f8d6) C:\WINDOWS\system32\mbmiodrvr.sys
02:39:52.0453 1868 mbmiodrvr - ok
02:39:52.0531 1868 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\WINDOWS\system32\DRIVERS\mcdbus.sys
02:39:52.0531 1868 mcdbus - ok
02:39:52.0625 1868 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
02:39:52.0625 1868 mnmdd - ok
02:39:52.0718 1868 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
02:39:52.0734 1868 Modem - ok
02:39:52.0765 1868 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
02:39:52.0765 1868 Mouclass - ok
02:39:52.0843 1868 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
02:39:52.0859 1868 mouhid - ok
02:39:52.0890 1868 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
02:39:52.0890 1868 MountMgr - ok
02:39:52.0921 1868 mraid35x - ok
02:39:53.0031 1868 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
02:39:53.0031 1868 MREMP50 - ok
02:39:53.0031 1868 MREMPR5 - ok
02:39:53.0031 1868 MRENDIS5 - ok
02:39:53.0062 1868 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
02:39:53.0062 1868 MRESP50 - ok
02:39:53.0125 1868 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
02:39:53.0140 1868 MRxDAV - ok
02:39:53.0234 1868 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
02:39:53.0250 1868 MRxSmb - ok
02:39:53.0281 1868 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
02:39:53.0281 1868 Msfs - ok
02:39:53.0343 1868 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
02:39:53.0343 1868 MSKSSRV - ok
02:39:53.0390 1868 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
02:39:53.0390 1868 MSPCLOCK - ok
02:39:53.0437 1868 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
02:39:53.0437 1868 MSPQM - ok
02:39:53.0531 1868 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
02:39:53.0531 1868 mssmbios - ok
02:39:53.0578 1868 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
02:39:53.0578 1868 MSTEE - ok
02:39:53.0687 1868 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
02:39:53.0687 1868 Mup - ok
02:39:53.0765 1868 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
02:39:53.0765 1868 NABTSFEC - ok
02:39:53.0828 1868 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
02:39:53.0843 1868 NDIS - ok
02:39:53.0890 1868 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
02:39:53.0890 1868 NdisIP - ok
02:39:53.0968 1868 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
02:39:53.0968 1868 NdisTapi - ok
02:39:54.0015 1868 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
02:39:54.0015 1868 Ndisuio - ok
02:39:54.0046 1868 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
02:39:54.0046 1868 NdisWan - ok
02:39:54.0125 1868 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
02:39:54.0125 1868 NDProxy - ok
02:39:54.0156 1868 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
02:39:54.0156 1868 NetBIOS - ok
02:39:54.0187 1868 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
02:39:54.0203 1868 NetBT - ok
02:39:54.0265 1868 NetworkX (4b078b154fc4d90ecf5d169129afe44d) C:\WINDOWS\system32\ckldrv.sys
02:39:54.0265 1868 NetworkX - ok
02:39:54.0375 1868 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
02:39:54.0375 1868 NIC1394 - ok
02:39:54.0421 1868 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
02:39:54.0437 1868 Npfs - ok
02:39:54.0484 1868 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
02:39:54.0500 1868 Ntfs - ok
02:39:54.0546 1868 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
02:39:54.0546 1868 Null - ok
02:39:54.0718 1868 nv (ba1b732c1a70cfea0c1b64f2850bf44f) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
02:39:54.0859 1868 nv - ok
02:39:54.0984 1868 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
02:39:54.0984 1868 NwlnkFlt - ok
02:39:55.0046 1868 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
02:39:55.0046 1868 NwlnkFwd - ok
02:39:55.0078 1868 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
02:39:55.0093 1868 ohci1394 - ok
02:39:55.0171 1868 ovt519 (4cdadec3dc1300ee1d313ea5494e6472) C:\WINDOWS\system32\Drivers\ov519vid.sys
02:39:55.0203 1868 ovt519 - ok
02:39:55.0234 1868 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
02:39:55.0234 1868 Parport - ok
02:39:55.0265 1868 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
02:39:55.0265 1868 PartMgr - ok
02:39:55.0312 1868 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
02:39:55.0312 1868 ParVdm - ok
02:39:55.0375 1868 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
02:39:55.0375 1868 PCI - ok
02:39:55.0421 1868 PCIDump - ok
02:39:55.0453 1868 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
02:39:55.0453 1868 PCIIde - ok
02:39:55.0515 1868 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
02:39:55.0515 1868 Pcmcia - ok
02:39:55.0562 1868 PDCOMP - ok
02:39:55.0593 1868 PDFRAME - ok
02:39:55.0625 1868 PDRELI - ok
02:39:55.0656 1868 PDRFRAME - ok
02:39:55.0687 1868 perc2 - ok
02:39:55.0718 1868 perc2hib - ok
02:39:55.0859 1868 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
02:39:55.0859 1868 PptpMiniport - ok
02:39:55.0890 1868 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
02:39:55.0906 1868 Processor - ok
02:39:55.0921 1868 PROCEXP151 - ok
02:39:55.0984 1868 Ps2 (390c204ced3785609ab24e9c52054a84) C:\WINDOWS\system32\DRIVERS\PS2.sys
02:39:55.0984 1868 Ps2 - ok
02:39:56.0046 1868 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
02:39:56.0062 1868 PSched - ok
02:39:56.0156 1868 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\WINDOWS\system32\DRIVERS\psi_mf.sys
02:39:56.0156 1868 PSI - ok
02:39:56.0187 1868 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
02:39:56.0187 1868 Ptilink - ok
02:39:56.0218 1868 ql1080 - ok
02:39:56.0265 1868 Ql10wnt - ok
02:39:56.0296 1868 ql12160 - ok
02:39:56.0328 1868 ql1240 - ok
02:39:56.0359 1868 ql1280 - ok
02:39:56.0390 1868 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
02:39:56.0406 1868 RasAcd - ok
02:39:56.0437 1868 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
02:39:56.0437 1868 Rasl2tp - ok
02:39:56.0468 1868 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
02:39:56.0468 1868 RasPppoe - ok
02:39:56.0500 1868 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
02:39:56.0500 1868 Raspti - ok
02:39:56.0546 1868 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
02:39:56.0546 1868 Rdbss - ok
02:39:56.0609 1868 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
02:39:56.0609 1868 RDPCDD - ok
02:39:56.0656 1868 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
02:39:56.0671 1868 rdpdr - ok
02:39:56.0734 1868 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
02:39:56.0750 1868 RDPWD - ok
02:39:56.0843 1868 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
02:39:56.0843 1868 redbook - ok
02:39:56.0937 1868 RTL8023xp (cf84b1f0e8b14d4120aaf9cf35cbb265) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
02:39:56.0937 1868 RTL8023xp - ok
02:39:57.0000 1868 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
02:39:57.0000 1868 rtl8139 - ok
02:39:57.0093 1868 s0016bus (59509ad6cbc28f2c73056268985b3e48) C:\WINDOWS\system32\DRIVERS\s0016bus.sys
02:39:57.0093 1868 s0016bus - ok
02:39:57.0125 1868 s0016mdfl (b98c3a6f91f4fba285af9606a240c6b4) C:\WINDOWS\system32\DRIVERS\s0016mdfl.sys
02:39:57.0125 1868 s0016mdfl - ok
02:39:57.0156 1868 s0016mdm (8a83426f4fb7b5212825d9de76368b1a) C:\WINDOWS\system32\DRIVERS\s0016mdm.sys
02:39:57.0156 1868 s0016mdm - ok
02:39:57.0203 1868 s0016mgmt (7a78bba97feb5e6d24c49e93a3bf7287) C:\WINDOWS\system32\DRIVERS\s0016mgmt.sys
02:39:57.0203 1868 s0016mgmt - ok
02:39:57.0234 1868 s0016nd5 (34ef7b5f611957b73e7219dd5a222ad1) C:\WINDOWS\system32\DRIVERS\s0016nd5.sys
02:39:57.0234 1868 s0016nd5 - ok
02:39:57.0265 1868 s0016obex (36792935847143e4a3cda0dc87248487) C:\WINDOWS\system32\DRIVERS\s0016obex.sys
02:39:57.0265 1868 s0016obex - ok
02:39:57.0296 1868 s0016unic (927208754fb27fc3e7a659e77500c5d1) C:\WINDOWS\system32\DRIVERS\s0016unic.sys
02:39:57.0312 1868 s0016unic - ok
02:39:57.0359 1868 s115bus (e1ab463b36a7ef31d8a73a97a9b57afa) C:\WINDOWS\system32\DRIVERS\s115bus.sys
02:39:57.0375 1868 s115bus - ok
02:39:57.0421 1868 s115mdfl (e24113fc13b8737c94cf4e3415488c76) C:\WINDOWS\system32\DRIVERS\s115mdfl.sys
02:39:57.0421 1868 s115mdfl - ok
02:39:57.0484 1868 s115mdm (4029e49e7c673aa0670bd206b0af1b5b) C:\WINDOWS\system32\DRIVERS\s115mdm.sys
02:39:57.0500 1868 s115mdm - ok
02:39:57.0546 1868 s115mgmt (eb02ab4ca8bccecfde236cad8fc6e135) C:\WINDOWS\system32\DRIVERS\s115mgmt.sys
02:39:57.0562 1868 s115mgmt - ok
02:39:57.0625 1868 s115obex (089869db9ffd2ac807fa87fe82ac7761) C:\WINDOWS\system32\DRIVERS\s115obex.sys
02:39:57.0625 1868 s115obex - ok
02:39:57.0718 1868 SAVOnAccessControl (d9df915972694b5274facc8d00492acd) C:\WINDOWS\system32\DRIVERS\savonaccesscontrol.sys
02:39:57.0734 1868 SAVOnAccessControl - ok
02:39:57.0765 1868 SAVOnAccessFilter (31b35cca652a3553fa4fb99ea79c35bf) C:\WINDOWS\system32\DRIVERS\savonaccessfilter.sys
02:39:57.0765 1868 SAVOnAccessFilter - ok
02:39:57.0875 1868 SbieDrv (3ab6cad1ddfa84cd7bc3d1a759b1e81e) C:\Program Files\Sandboxie\SbieDrv.sys
02:39:57.0875 1868 SbieDrv - ok
02:39:58.0000 1868 sdcfilter (a957fd57a6ae1597943e4590de10669b) C:\WINDOWS\system32\DRIVERS\sdcfilter.sys
02:39:58.0000 1868 sdcfilter - ok
02:39:58.0093 1868 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
02:39:58.0093 1868 Secdrv - ok
02:39:58.0187 1868 seehcri (e5b56569a9f79b70314fede6c953641e) C:\WINDOWS\system32\DRIVERS\seehcri.sys
02:39:58.0187 1868 seehcri - ok
02:39:58.0218 1868 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
02:39:58.0218 1868 serenum - ok
02:39:58.0250 1868 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
02:39:58.0250 1868 Serial - ok
02:39:58.0312 1868 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
02:39:58.0312 1868 Sfloppy - ok
02:39:58.0343 1868 Simbad - ok
02:39:58.0406 1868 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
02:39:58.0406 1868 SLIP - ok
02:39:58.0500 1868 SNTNLUSB (9de6e60ce7fd82b4985de5d9c22265ad) C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS
02:39:58.0500 1868 SNTNLUSB - ok
02:39:58.0562 1868 SophosBootDriver (3bdf94e0827d13e44249a646f6c0eb7c) C:\WINDOWS\system32\DRIVERS\SophosBootDriver.sys
02:39:58.0578 1868 SophosBootDriver - ok
02:39:58.0609 1868 Sparrow - ok
02:39:58.0656 1868 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
02:39:58.0656 1868 splitter - ok
02:39:58.0671 1868 sptd - ok
02:39:58.0718 1868 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
02:39:58.0718 1868 sr - ok
02:39:58.0796 1868 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
02:39:58.0828 1868 Srv - ok
02:39:58.0906 1868 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
02:39:58.0906 1868 StillCam - ok
02:39:58.0984 1868 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
02:39:58.0984 1868 streamip - ok
02:39:59.0031 1868 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
02:39:59.0031 1868 swenum - ok
02:39:59.0062 1868 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
02:39:59.0062 1868 swmidi - ok
02:39:59.0093 1868 symc810 - ok
02:39:59.0125 1868 symc8xx - ok
02:39:59.0171 1868 sym_hi - ok
02:39:59.0203 1868 sym_u3 - ok
02:39:59.0234 1868 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
02:39:59.0234 1868 sysaudio - ok
02:39:59.0359 1868 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
02:39:59.0375 1868 Tcpip - ok
02:39:59.0421 1868 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
02:39:59.0421 1868 TDPIPE - ok
02:39:59.0500 1868 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
02:39:59.0500 1868 TDTCP - ok
02:39:59.0546 1868 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
02:39:59.0546 1868 TermDD - ok
02:39:59.0593 1868 TosIde - ok
02:39:59.0656 1868 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
02:39:59.0656 1868 Udfs - ok
02:39:59.0718 1868 uigcrdr (6a53f947360e00d9318d247571f2e24f) C:\WINDOWS\system32\DRIVERS\uigcrdr.sys
02:39:59.0750 1868 uigcrdr - ok
02:39:59.0812 1868 ultra - ok
02:39:59.0875 1868 UMSSSTOR (d3c985fa303bc571ce36fbd93b5355b5) C:\WINDOWS\system32\DRIVERS\UMSS.SYS
02:39:59.0875 1868 UMSSSTOR - ok
02:39:59.0921 1868 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
02:39:59.0937 1868 Update - ok
02:40:00.0031 1868 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
02:40:00.0031 1868 usbaudio - ok
02:40:00.0125 1868 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
02:40:00.0125 1868 usbccgp - ok
02:40:00.0218 1868 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
02:40:00.0218 1868 usbehci - ok
02:40:00.0265 1868 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
02:40:00.0281 1868 usbhub - ok
02:40:00.0359 1868 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
02:40:00.0359 1868 USBSTOR - ok
02:40:00.0453 1868 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
02:40:00.0453 1868 usbuhci - ok
02:40:00.0500 1868 VCSVADHWSer (b2abab4ca46bad182e27763dc19c780f) C:\WINDOWS\system32\DRIVERS\vcsvad.sys
02:40:00.0500 1868 VCSVADHWSer - ok
02:40:00.0562 1868 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
02:40:00.0562 1868 VgaSave - ok
02:40:00.0609 1868 ViaIde - ok
02:40:00.0687 1868 vmm (e41fef9e3056fe88c71e411f705be41e) C:\WINDOWS\system32\Drivers\vmm.sys
02:40:00.0703 1868 vmm - ok
02:40:00.0750 1868 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
02:40:00.0750 1868 VolSnap - ok
02:40:00.0890 1868 VPCNetS2 (f96a678debdccb0b4bb7f38cb2580589) C:\WINDOWS\system32\DRIVERS\VMNetSrv.sys
02:40:00.0890 1868 VPCNetS2 - ok
02:40:00.0953 1868 vuhub (61c4f92a7d4d98be766dbad780f0c20d) C:\WINDOWS\system32\DRIVERS\vuhub.sys
02:40:00.0953 1868 vuhub - ok
02:40:01.0046 1868 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
02:40:01.0046 1868 Wanarp - ok
02:40:01.0156 1868 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
02:40:01.0171 1868 Wdf01000 - ok
02:40:01.0218 1868 WDICA - ok
02:40:01.0296 1868 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
02:40:01.0296 1868 wdmaud - ok
02:40:01.0406 1868 WpdUsb (c60dc16d4e406810fad54b98dc92d5ec) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
02:40:01.0406 1868 WpdUsb - ok
02:40:01.0500 1868 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
02:40:01.0500 1868 WS2IFSL - ok
02:40:01.0546 1868 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
02:40:01.0546 1868 WSTCODEC - ok
02:40:01.0625 1868 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
02:40:01.0625 1868 WudfPf - ok
02:40:01.0687 1868 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
02:40:01.0687 1868 WudfRd - ok
02:40:01.0734 1868 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
02:40:01.0921 1868 \Device\Harddisk0\DR0 - ok
02:40:01.0953 1868 Boot (0x1200) (f6f7a306881f97056bf7b46ff13bdc7e) \Device\Harddisk0\DR0\Partition0
02:40:01.0953 1868 \Device\Harddisk0\DR0\Partition0 - ok
02:40:01.0953 1868 ============================================================
02:40:01.0953 1868 Scan finished
02:40:01.0953 1868 ============================================================
02:40:01.0968 2240 Detected object count: 0
02:40:01.0968 2240 Actual detected object count: 0


aswMBR version 0.9.9.1618 Copyright© 2011 AVAST Software
Run date: 2012-02-20 02:42:26
-----------------------------
02:42:26.562 OS Version: Windows 5.1.2600 Service Pack 3
02:42:26.562 Number of processors: 2 586 0x304
02:42:26.562 ComputerName: T645 UserName:
02:42:27.203 Initialize success
02:42:40.453 AVAST engine defs: 12021901
02:43:04.093 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-10
02:43:04.093 Disk 0 Vendor: Maxtor_6L300S0 BACE1G20 Size: 286188MB BusType: 3
02:43:04.109 Disk 0 MBR read successfully
02:43:04.109 Disk 0 MBR scan
02:43:04.156 Disk 0 Windows XP default MBR code
02:43:04.156 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 286173 MB offset 63
02:43:04.171 Disk 0 scanning sectors +586083330
02:43:04.265 Disk 0 scanning C:\WINDOWS\system32\drivers
02:43:17.062 Service scanning
02:43:36.234 Modules scanning
02:43:41.531 Disk 0 trace - called modules:
02:43:41.546 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
02:43:41.546 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a676ab8]
02:43:41.546 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-10[0x8a61bb00]
02:43:42.093 AVAST engine scan C:\WINDOWS
02:43:48.828 AVAST engine scan C:\WINDOWS\system32
02:47:02.375 AVAST engine scan C:\WINDOWS\system32\drivers
02:47:28.531 AVAST engine scan C:\Documents and Settings\Administrator
02:47:51.078 AVAST engine scan C:\Documents and Settings\All Users
02:50:54.843 Scan finished successfully
02:53:37.343 Disk 0 MBR has been saved successfully to "C:\Program Files\Bleeping Computer Utilities\Utility logs\MBR.dat"
02:53:37.343 The log file has been saved successfully to "C:\Program Files\Bleeping Computer Utilities\Utility logs\aswMBR 20Feb2012-0242AM.txt"


Thanks.

Edited by duffsparky, 20 February 2012 - 10:36 AM.


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:56 PM

Posted 20 February 2012 - 03:52 PM

Hello


something is not right as these reports are coming back very clean.

I want you to make a new admin account and see if you still have the same problems (let me know if you need instructions for this)


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 duffsparky

duffsparky
  • Topic Starter

  • Members
  • 267 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:56 AM

Posted 20 February 2012 - 06:50 PM

Hi Gringo,

I created a new admin account, went to my web based email, tried multiple selection of messages (using the Ctrl & left mouse button) and he problem still exists, it also disconnected me from the Internet. I then and tried multiple selection of folders in Windows explorer and encountered the same issue.

When the problem starts, with the speakers on, the opening and closing issues sounds like a machine gun going off.

I don't know if it will help but Malwarebytes 1.6.1.1000 (trial) is frequently web blocking outbound traffic to same IP addresses.

In a previous post I attached some logs, one of them was from a GMER scan that showed hidden files and a rootkit(?) threat, which was highlighted in red, however this log no longer seems to be attached.

Cheers.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:56 PM

Posted 20 February 2012 - 08:50 PM

I did not see it try to copy and paste the report here


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 duffsparky

duffsparky
  • Topic Starter

  • Members
  • 267 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:56 AM

Posted 21 February 2012 - 08:12 PM

Hi Gringo,

Sorry for the delay, both PC's playing up big time. Spent all day just trying to get connected to the Internet, even had problems with new machine setup yesterday. Don't know if this is all part of the same issue but I've now got 3 PC's all with issues and hard to connect to internet. I'm wondering if I know have network infection (if that is possible). Is it possible for my modem/router to get infected in some way?

Below is the GMER log requested that I posted as an attachement in my first post of this thread.

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-02-13 17:39:06
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-10 Maxtor_6L300S0 rev.BACE1G20
Running: gmer.exe; Driver: C:\DOCUME~1\Glenn2\LOCALS~1\Temp\pxtdipod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\DRIVERS\savonaccesscontrol.sys (SAV On-access and HIPS for Windows XP (x86)/Sophos Plc) ZwCreateKey [0xB6FDC3BA]
SSDT \SystemRoot\System32\DRIVERS\savonaccesscontrol.sys (SAV On-access and HIPS for Windows XP (x86)/Sophos Plc) ZwCreateThread [0xB6FDC8A4]
SSDT \SystemRoot\System32\DRIVERS\savonaccesscontrol.sys (SAV On-access and HIPS for Windows XP (x86)/Sophos Plc) ZwDeleteKey [0xB6FDC510]
SSDT sptd.sys ZwEnumerateKey [0xF7532018]
SSDT sptd.sys ZwEnumerateValueKey [0xF75323A6]
SSDT sptd.sys ZwOpenKey [0xF74FDF80]
SSDT sptd.sys ZwQueryKey [0xF753247E]
SSDT sptd.sys ZwQueryValueKey [0xF75322FE]
SSDT \SystemRoot\System32\DRIVERS\savonaccesscontrol.sys (SAV On-access and HIPS for Windows XP (x86)/Sophos Plc) ZwSetSystemInformation [0xB6FDCBCE]
SSDT \SystemRoot\System32\DRIVERS\savonaccesscontrol.sys (SAV On-access and HIPS for Windows XP (x86)/Sophos Plc) ZwSetValueKey [0xB6FDC576]

INT 0x06 \??\C:\WINDOWS\system32\drivers\Haspnt.sys (HASP Kernel Device Driver for Windows NT/Aladdin Knowledge Systems) B6E7816D
INT 0x0E \??\C:\WINDOWS\system32\drivers\Haspnt.sys (HASP Kernel Device Driver for Windows NT/Aladdin Knowledge Systems) B6E77FC2
INT 0x62 ? 8A5C9CB8
INT 0x73 ? 8A5C9CB8
INT 0x73 ? 8A5C9CB8
INT 0x73 ? 8A450CB8
INT 0x73 ? 8A5C9CB8
INT 0x82 ? 8A5C9CB8
INT 0x94 ? 8A450CB8
INT 0xA4 ? 8A450CB8
INT 0xB4 ? 8A450CB8
INT 0xB4 ? 8A450CB8

Code F7A60C9C ZwRequestPort
Code F7A60D3C ZwRequestWaitReplyPort
Code F7A60BFC ZwTraceEvent
Code F7A60C9B NtRequestPort
Code F7A60D3B NtRequestWaitReplyPort
Code F7A60BFB NtTraceEvent

---- Kernel code sections - GMER 1.0.15 ----

.text sptd.sys F74C1000 28 Bytes [30, 28, 70, 80, A6, 7B, 70, ...]
.text sptd.sys F74C101D 3 Bytes [29, 70, 80] {SUB [EAX-0x80], ESI}
.text sptd.sys F74C1024 8 Bytes [CA, 94, 50, 80, 05, 10, 55, ...]
.text sptd.sys F74C102D 63 Bytes [20, 5D, 80, A5, A2, 4D, 80, ...]
.text sptd.sys F74C106D 39 Bytes [91, 58, 80, 6D, A2, 4D, 80, ...]
.text ...
.sptd2 C:\WINDOWS\system32\drivers\sptd.sys entry point in ".sptd2" section [0xF756B9E3]
? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB92EB360, 0x24BB1D, 0xE8000020]
.text USBPORT.SYS!DllUnload B92CB8AC 5 Bytes JMP 8A4501C8
.text C:\WINDOWS\system32\drivers\hardlock.sys section is writeable [0xB571A400, 0x82482, 0xE8000020]
.protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xB57BA420] C:\WINDOWS\system32\drivers\hardlock.sys entry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xB57BA420]
.protectÿÿÿÿhardlockunknown last code section [0xB57BA200, 0x5105, 0xE0000020] C:\WINDOWS\system32\drivers\hardlock.sys unknown last code section [0xB57BA200, 0x5105, 0xE0000020]
? C:\DOCUME~1\Glenn2\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1760] USER32.dll!GetWindowInfo 7E42C49C 5 Bytes JMP 1045142A C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1760] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 104519DE C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3412] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 012164D0 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8A5C81E8

AttachedDevice \FileSystem\Ntfs \Ntfs savonaccessfilter.sys (SAV On-access and HIPS for Windows XP (x86)/Sophos Plc)

Device \FileSystem\Fastfat \FatCdrom 8A22D430
Device \Driver\usbuhci \Device\USBPDO-0 8A3771E8
Device \Driver\usbuhci \Device\USBPDO-1 8A3771E8
Device \Driver\usbuhci \Device\USBPDO-2 8A3771E8
Device \Driver\usbuhci \Device\USBPDO-3 8A3771E8
Device \Driver\usbehci \Device\USBPDO-4 8A4381E8

AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

Device \Driver\Cdrom \Device\CdRom0 8A3511E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F7833B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [F7833B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F7833B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [F7833B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 [F7833B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-10 [F7833B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Cdrom \Device\CdRom1 8A3511E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{2E7519CB-1A63-4D3B-A636-588B92B68144} 8A12E430
Device \Driver\NetBT \Device\NetBt_Wins_Export 8A12E430
Device \Driver\NetBT \Device\NetbiosSmb 8A12E430
Device \Driver\usbuhci \Device\USBFDO-0 8A3771E8
Device \Driver\usbuhci \Device\USBFDO-1 8A3771E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A184430
Device \Driver\usbuhci \Device\USBFDO-2 8A3771E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A184430
Device \Driver\usbuhci \Device\USBFDO-3 8A3771E8
Device \Driver\usbehci \Device\USBFDO-4 8A4381E8
Device \FileSystem\Fastfat \Fat 8A22D430

AttachedDevice \FileSystem\Fastfat \Fat savonaccessfilter.sys (SAV On-access and HIPS for Windows XP (x86)/Sophos Plc)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs 8A1A6430
---- Processes - GMER 1.0.15 ----

Library C:\Program (*** hidden *** ) @ C:\Program [544] 0x00400000
Library C:\Program (*** hidden *** ) @ C:\Program [3672] 0x00400000

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\Glenn2\Recent\license.txt.lnk 696 bytes

---- EOF - GMER 1.0.15 ----


xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Edit 10:56 22Feb2012

My internet connection is working perfectly OK this morning so maybe the problem was with my ISP or some external force............. 2 days wasted, what a bummer. PC still has the original automatic opening and closing of programs, menu's etc issue. though.

Edited by duffsparky, 22 February 2012 - 06:00 AM.


#10 duffsparky

duffsparky
  • Topic Starter

  • Members
  • 267 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:56 AM

Posted 24 February 2012 - 08:25 AM

Bumped for Gringo

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:56 PM

Posted 24 February 2012 - 12:41 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 duffsparky

duffsparky
  • Topic Starter

  • Members
  • 267 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:56 AM

Posted 24 February 2012 - 04:17 PM

Hi Gringo,

We have made reference to two seperate PC's so to keep them identifiable the first PC you have been helping with I'll call Play(1) and the second PC Study(2).

I've re-run Combofix with the additional script as requested on the Play(1) PC which froze when I first ran Combofix but I think that was my fault coz I tried to turn my anti-virus off after I had launched Combofix. The second run ran OK.

Malwarebytes on the Play(1) PC keeps blocking outgoing access to IP 217.23.3.146 and SysInternals TCPview shows a lot of connection activity with several fleeting connections and attempted connections.

The Play(1)PC itself seems ok at the moment.

The Study(2) PC has some serious issues, the first being that I am unable to disable the Sophos Endpoint Security and Control version 9.5, even though it shows as being disabled in the services.msc applet. I am also unable to access the Sophos configuration even through an admin account that has Sophos admin rights. To make things worse Study(2) PC keeps freezing with no option but to switch it off and restart thus making it difficult to sort out the Sophos configuration access issue.

The Study(2) PC has a new admin account see here for further details.

Below is the latest Combofix log from the Play(1) PC.

ComboFix 12-02-02.01 - Administrator 24/02/2012 19:52:49.7.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2047.1447 [GMT 0:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: Sophos Anti-Virus *Disabled/Updated* {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}
.
.
((((((((((((((((((((((((( Files Created from 2012-01-24 to 2012-02-24 )))))))))))))))))))))))))))))))
.
.
2012-02-23 00:55 . 2012-02-23 00:55 -------- d-sh--w- c:\documents and settings\Glenn2\PrivacIE
2012-02-23 00:43 . 2012-02-23 00:43 -------- d-----w- c:\program files\Common Files\McAfee
2012-02-23 00:43 . 2012-02-23 10:09 -------- d-----w- c:\program files\McAfee
2012-02-22 00:35 . 2012-02-22 00:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-22 00:35 . 2011-12-10 15:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-21 01:31 . 2012-02-21 01:31 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2012-02-21 01:31 . 2012-02-21 01:31 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2012-02-21 01:18 . 2012-02-21 01:18 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2012-02-21 01:14 . 2012-02-21 01:14 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2012-02-21 01:08 . 2012-02-21 01:08 -------- d-sh--w- c:\documents and settings\Glenn2\IETldCache
2012-02-21 00:58 . 2012-02-21 00:58 -------- d-sh--w- c:\documents and settings\Glenn\IETldCache
2012-02-21 00:19 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2012-02-21 00:18 . 2011-12-17 19:46 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2012-02-21 00:18 . 2011-12-18 14:46 11082240 -c----w- c:\windows\system32\dllcache\ieframe.dll
2012-02-21 00:18 . 2011-12-17 19:46 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2012-02-21 00:18 . 2011-12-17 19:46 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2012-02-21 00:18 . 2011-12-17 19:46 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2012-02-21 00:18 . 2011-12-17 19:46 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2012-02-21 00:18 . 2011-12-17 19:46 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll
2012-02-21 00:16 . 2012-02-21 00:17 -------- dc-h--w- c:\windows\ie8
2012-02-20 22:25 . 2012-02-21 13:42 -------- d-----w- c:\documents and settings\newadmin
2012-02-19 20:20 . 2012-02-19 20:20 -------- d-----w- c:\documents and settings\Glenn2\Application Data\FTPGetter
2012-02-19 20:20 . 2012-02-19 20:20 -------- d-----w- c:\documents and settings\All Users\Application Data\FTPGetter
2012-02-19 01:53 . 2012-02-19 01:53 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Sophos
2012-02-19 01:23 . 2012-02-19 01:23 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Temp
2012-02-19 01:23 . 2012-02-19 01:23 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2012-02-19 01:05 . 2012-02-19 01:05 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2012-02-18 23:44 . 2012-02-18 23:45 -------- d-----w- c:\documents and settings\Glenn\Application Data\I2P
2012-02-18 22:51 . 2012-02-24 19:40 -------- d-----w- c:\documents and settings\All Users\Application Data\i2p
2012-02-18 22:51 . 2012-02-20 22:28 -------- d-----w- c:\program files\i2p
2012-02-18 12:04 . 2012-02-18 12:04 -------- d-----w- c:\documents and settings\Glenn\Local Settings\Application Data\WinZip
2012-02-15 12:12 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-15 12:12 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-14 21:35 . 2003-10-15 17:52 40960 ----a-r- c:\windows\CleanDev.exe
2012-02-14 13:14 . 2012-02-14 13:14 -------- d-----w- c:\documents and settings\Glenn2\Local Settings\Application Data\Temp
2012-02-14 13:14 . 2012-02-14 13:14 -------- d-----w- c:\documents and settings\Glenn2\Local Settings\Application Data\Adobe
2012-02-09 22:40 . 2012-02-09 22:40 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Secunia PSI
2012-02-09 22:40 . 2012-02-09 22:40 -------- d-----w- c:\program files\Secunia
2012-02-09 20:47 . 2012-02-02 12:47 4395504 ----a-w- c:\program files\ComboFix.exe
2012-02-09 20:33 . 2012-02-20 02:38 -------- d-----w- c:\program files\Bleeping Computer Utilities
2012-02-09 14:34 . 2012-02-09 14:47 -------- d-----w- c:\documents and settings\Glenn2\Application Data\MyPhoneExplorer
2012-02-09 02:04 . 2012-02-23 00:43 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2012-02-09 00:34 . 2003-06-25 16:05 266360 ----a-w- c:\windows\system32\TweakUI.exe
2012-02-08 23:10 . 2012-02-09 00:46 -------- d-----w- c:\program files\SysInternals
2012-02-08 01:06 . 2003-03-18 20:03 544768 ----a-w- c:\windows\system32\msvcr71d.dll
2012-02-08 01:06 . 2003-03-18 20:04 765952 ----a-w- c:\windows\system32\msvcp71d.dll
2012-02-08 01:06 . 2012-02-21 01:21 -------- d-----w- c:\program files\Vodafone PC Suite
2012-02-08 00:45 . 2006-09-09 16:46 131072 ----a-w- c:\windows\system32\mtkjpeg.dll
2012-02-02 23:49 . 2012-02-02 23:49 -------- d-----w- c:\program files\MultiHasher
2012-02-02 01:19 . 2012-02-02 01:19 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer
2012-02-01 19:20 . 2012-02-01 19:20 -------- d-----w- c:\program files\DriveRescue
2012-02-01 19:16 . 2012-02-01 19:16 -------- d-----w- c:\program files\PC Inspector File Recovery
2012-02-01 19:16 . 2002-02-18 18:40 6200 ------w- c:\windows\system32\INT13EXT.VXD
2012-02-01 19:07 . 2012-02-01 19:07 -------- d-----w- c:\documents and settings\Glenn2\Application Data\Kernel for Windows Data Recovery
2012-02-01 18:01 . 2012-02-01 18:01 -------- d-----w- c:\documents and settings\Glenn2\Application Data\Systweak
2012-02-01 17:58 . 2012-02-01 17:58 -------- d-----w- c:\documents and settings\Glenn2\Application Data\HpUpdate
2012-02-01 17:31 . 2011-09-09 18:23 2469760 ----a-w- c:\windows\system32\BootMan.exe
2012-02-01 17:31 . 2011-07-29 13:54 86408 ----a-w- c:\windows\system32\setupempdrv03.exe
2012-02-01 17:31 . 2011-07-29 13:54 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys
2012-02-01 17:31 . 2011-07-29 13:54 19840 ----a-w- c:\windows\system32\EuEpmGdi.dll
2012-02-01 17:31 . 2011-07-29 13:54 13192 ----a-w- c:\windows\system32\epmntdrv.sys
2012-02-01 17:31 . 2012-02-01 18:04 -------- d-----w- c:\program files\EASEUS
2012-02-01 15:07 . 2011-12-30 17:03 21336 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-02-01 14:36 . 2012-02-01 14:36 -------- d--h--w- c:\documents and settings\Glenn2\InstallAnywhere
2012-02-01 14:32 . 2012-02-01 14:57 -------- d-----w- c:\documents and settings\Glenn2\Application Data\IObit
2012-02-01 14:05 . 2012-02-01 14:05 -------- d-----w- c:\documents and settings\Glenn2\Application Data\Sony
2012-01-31 21:17 . 2012-02-02 23:49 -------- d-----w- c:\documents and settings\Glenn2\Application Data\abelhadigital.com
2012-01-31 13:52 . 2012-01-31 13:52 -------- d-----w- c:\documents and settings\Glenn\Application Data\QuickScan
2012-01-28 23:26 . 2012-01-28 23:27 -------- d-----w- c:\program files\LinuxLive USB Creator
2012-01-28 22:48 . 2012-01-28 22:48 -------- d-----w- c:\documents and settings\Glenn2\Local Settings\Application Data\Identities
2012-01-28 02:34 . 2012-01-28 02:34 -------- d-----w- c:\documents and settings\Glenn2\Local Settings\Application Data\Sophos
2012-01-28 02:34 . 2012-01-28 02:34 -------- d-----w- c:\documents and settings\Glenn2\Application Data\wsInspector
2012-01-27 19:05 . 2012-01-27 19:05 -------- d-----w- c:\documents and settings\Glenn2\Application Data\GMX
2012-01-27 19:05 . 2012-01-27 19:05 -------- d-----w- c:\documents and settings\Glenn2\Local Settings\Application Data\GMX
2012-01-26 13:19 . 2012-01-26 13:19 -------- d-----w- c:\documents and settings\Glenn\Application Data\Fighters
2012-01-26 13:07 . 2012-01-26 13:07 -------- d-----w- c:\documents and settings\Glenn2\Application Data\OpenOffice.org
2012-01-26 00:58 . 2012-01-26 00:58 -------- d-----w- c:\documents and settings\Glenn2\Local Settings\Application Data\Mozilla
2012-01-25 23:17 . 2012-01-25 23:17 2247216 ----a-w- c:\program files\spywarefighter.exe
2012-01-25 22:33 . 2012-01-25 22:33 -------- d-----w- c:\documents and settings\Glenn2\Application Data\Fighters
2012-01-25 22:28 . 2012-02-14 21:24 -------- d-----w- c:\documents and settings\Glenn2\Application Data\Apple Computer
2012-01-25 22:24 . 2012-01-25 22:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Fighters
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-19 01:08 . 2011-05-17 21:04 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-15 23:48 . 2012-01-15 23:48 1726 ----a-w- c:\windows\ndinst.exe
2012-01-15 23:48 . 2012-01-15 23:48 14750 ----a-w- c:\windows\system32\mdc8021x.vxd
2012-01-12 16:53 . 2003-03-31 14:00 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:46 . 2006-06-23 11:33 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46 . 2003-03-31 14:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46 . 2003-03-31 14:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22 . 2011-03-09 08:48 385024 ------w- c:\windows\system32\html.iec
2012-02-20 04:21 . 2011-03-26 20:27 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-02-16_19.18.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-24 19:43 . 2012-02-24 19:43 16384 c:\windows\temp\Perflib_Perfdata_200.dat
+ 2011-03-08 23:06 . 2009-01-07 18:21 26144 c:\windows\system32\spupdsvc.exe
- 2011-03-08 23:06 . 2009-05-12 15:12 26144 c:\windows\system32\spupdsvc.exe
+ 2011-03-13 01:11 . 2009-01-07 18:20 16928 c:\windows\system32\spmsg.dll
- 2011-03-13 01:11 . 2009-05-12 15:12 16928 c:\windows\system32\spmsg.dll
+ 2003-03-31 14:00 . 2009-03-08 04:31 46592 c:\windows\system32\pngfilt.dll
+ 2003-03-31 14:00 . 2012-02-24 19:43 83284 c:\windows\system32\perfc009.dat
+ 2009-01-07 18:20 . 2009-01-07 18:20 23552 c:\windows\system32\normaliz.dll
+ 2009-01-07 18:20 . 2009-01-07 18:20 24576 c:\windows\system32\nlsdl.dll
+ 2003-03-31 14:00 . 2009-03-08 04:31 48128 c:\windows\system32\mshtmler.dll
+ 2003-03-31 14:00 . 2011-12-17 19:46 66560 c:\windows\system32\mshtmled.dll
+ 2003-03-31 14:00 . 2009-03-08 04:31 45568 c:\windows\system32\mshta.exe
+ 2009-03-08 04:31 . 2009-03-08 04:31 13312 c:\windows\system32\msfeedssync.exe
+ 2009-03-08 04:31 . 2011-12-17 19:46 55296 c:\windows\system32\msfeedsbs.dll
+ 2003-03-31 14:00 . 2011-12-17 19:46 25600 c:\windows\system32\jsproxy.dll
+ 2003-03-31 14:00 . 2009-03-08 04:32 94720 c:\windows\system32\inseng.dll
+ 2003-03-31 14:00 . 2009-03-08 04:31 34816 c:\windows\system32\imgutil.dll
+ 2009-03-08 04:32 . 2009-03-08 04:32 36864 c:\windows\system32\ieudinit.exe
+ 2003-03-31 14:00 . 2009-03-08 04:32 71680 c:\windows\system32\iesetup.dll
+ 2003-03-31 14:00 . 2009-03-08 04:32 55808 c:\windows\system32\iernonce.dll
+ 2009-01-07 18:20 . 2009-01-07 18:20 26112 c:\windows\system32\idndl.dll
+ 2009-03-08 04:31 . 2009-03-08 04:31 59904 c:\windows\system32\icardie.dll
+ 2003-03-31 14:00 . 2009-03-08 04:31 46592 c:\windows\system32\dllcache\pngfilt.dll
+ 2003-03-31 14:00 . 2009-03-08 04:31 48128 c:\windows\system32\dllcache\mshtmler.dll
+ 2003-03-31 14:00 . 2011-12-17 19:46 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2003-03-31 14:00 . 2009-03-08 04:31 45568 c:\windows\system32\dllcache\mshta.exe
+ 2003-03-31 14:00 . 2011-12-17 19:46 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2003-03-31 14:00 . 2011-12-17 19:46 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2003-03-31 14:00 . 2009-03-08 04:32 94720 c:\windows\system32\dllcache\inseng.dll
+ 2003-03-31 14:00 . 2009-03-08 04:31 34816 c:\windows\system32\dllcache\imgutil.dll
+ 2003-03-31 14:00 . 2009-03-08 04:32 71680 c:\windows\system32\dllcache\iesetup.dll
+ 2003-03-31 14:00 . 2009-03-08 04:32 55808 c:\windows\system32\dllcache\iernonce.dll
+ 2011-02-08 22:27 . 2009-03-08 04:24 68608 c:\windows\system32\dllcache\hmmapi.dll
+ 2003-03-31 14:00 . 2009-03-08 04:33 18944 c:\windows\system32\dllcache\corpol.dll
+ 2003-03-31 14:00 . 2009-03-08 04:32 72704 c:\windows\system32\dllcache\admparse.dll
+ 2003-03-31 14:00 . 2009-03-08 04:33 18944 c:\windows\system32\corpol.dll
+ 2011-02-08 22:30 . 2012-02-22 20:00 49152 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2011-02-08 22:30 . 2011-03-09 19:16 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2011-02-08 22:30 . 2012-02-22 20:00 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2012-02-22 00:52 . 2011-04-22 11:22 87552 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\BingBar\Apps\Translator_f5cbd3ef4c144434b17913278004e270\7.0.615\LanguageDetector.dll
+ 2012-02-22 00:52 . 2011-04-22 11:10 38912 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\BingBar\Apps\Translator_f5cbd3ef4c144434b17913278004e270\7.0.615\ElsCore.dll
+ 2012-02-21 23:42 . 2011-10-21 15:10 91744 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\BingBar\Apps\Jewel_ba5643622e3a457cb0746595f638d9f6\7.0.850\JewelExtension.dll
+ 2012-02-21 23:42 . 2011-10-21 15:13 92256 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\BingBar\Apps\GeoService Application_9fe4b7bf745a416c9858724091e7b720\7.0.850\LocationDetection.dll
+ 2012-02-21 23:42 . 2012-02-22 20:00 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2011-08-08 20:05 . 2012-02-19 01:10 87942 c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
- 2011-11-02 09:45 . 2011-11-02 09:45 86016 c:\windows\system32\Adobe\Shockwave 11\SwMenu.dll
+ 2012-02-02 13:49 . 2012-02-02 13:49 86016 c:\windows\system32\Adobe\Shockwave 11\SwMenu.dll
+ 2012-02-02 13:32 . 2012-02-02 13:32 73408 c:\windows\system32\Adobe\Shockwave 11\gtapi.dll
- 2011-11-02 09:28 . 2011-11-02 09:28 73408 c:\windows\system32\Adobe\Shockwave 11\gtapi.dll
+ 2012-02-02 13:32 . 2012-02-02 13:32 64512 c:\windows\system32\Adobe\Shockwave 11\gcapi_dll.dll
- 2011-11-02 09:28 . 2011-11-02 09:28 64512 c:\windows\system32\Adobe\Shockwave 11\gcapi_dll.dll
- 2011-11-02 09:47 . 2011-11-02 09:47 12800 c:\windows\system32\Adobe\Shockwave 11\DynaPlayer.dll
+ 2012-02-02 13:50 . 2012-02-02 13:50 12800 c:\windows\system32\Adobe\Shockwave 11\DynaPlayer.dll
+ 2003-03-31 14:00 . 2009-03-08 04:32 72704 c:\windows\system32\admparse.dll
+ 2012-02-21 00:18 . 2009-03-08 04:33 12288 c:\windows\ie8updates\KB982381-IE8\xpshims.dll
+ 2012-02-21 00:18 . 2009-03-08 04:31 55296 c:\windows\ie8updates\KB982381-IE8\msfeedsbs.dll
+ 2012-02-21 00:18 . 2009-03-08 04:33 25600 c:\windows\ie8updates\KB982381-IE8\jsproxy.dll
+ 2012-02-21 00:20 . 2011-11-04 19:20 12800 c:\windows\ie8updates\KB2647516-IE8\xpshims.dll
+ 2012-02-21 00:20 . 2011-11-04 19:20 66560 c:\windows\ie8updates\KB2647516-IE8\mshtmled.dll
+ 2012-02-21 00:20 . 2011-11-04 19:20 55296 c:\windows\ie8updates\KB2647516-IE8\msfeedsbs.dll
+ 2012-02-21 00:20 . 2011-11-04 19:20 43520 c:\windows\ie8updates\KB2647516-IE8\licmgr10.dll
+ 2012-02-21 00:20 . 2011-11-04 19:20 25600 c:\windows\ie8updates\KB2647516-IE8\jsproxy.dll
+ 2012-02-21 00:19 . 2010-05-06 10:41 12800 c:\windows\ie8updates\KB2618444-IE8\xpshims.dll
+ 2012-02-21 00:19 . 2009-03-08 04:31 66560 c:\windows\ie8updates\KB2618444-IE8\mshtmled.dll
+ 2012-02-21 00:19 . 2010-05-06 10:41 55296 c:\windows\ie8updates\KB2618444-IE8\msfeedsbs.dll
+ 2012-02-21 00:19 . 2009-03-08 04:34 43008 c:\windows\ie8updates\KB2618444-IE8\licmgr10.dll
+ 2012-02-21 00:19 . 2010-05-06 10:41 25600 c:\windows\ie8updates\KB2618444-IE8\jsproxy.dll
+ 2012-02-21 00:16 . 2011-12-19 08:53 37888 c:\windows\ie8\url.dll
+ 2012-02-21 00:17 . 2009-03-08 14:23 58464 c:\windows\ie8\spuninst\iecustom.dll
+ 2012-02-21 00:16 . 2008-04-14 05:42 39424 c:\windows\ie8\pngfilt.dll
+ 2012-02-21 00:16 . 2008-04-14 05:42 96256 c:\windows\ie8\occache.dll
+ 2012-02-21 00:16 . 2008-04-13 21:56 56832 c:\windows\ie8\mshtmler.dll
+ 2012-02-21 00:16 . 2008-04-14 05:42 29184 c:\windows\ie8\mshta.exe
+ 2012-02-21 00:16 . 2008-04-14 05:41 22016 c:\windows\ie8\licmgr10.dll
+ 2012-02-21 00:16 . 2008-04-14 05:41 15872 c:\windows\ie8\jsproxy.dll
+ 2012-02-21 00:16 . 2008-04-14 05:41 96256 c:\windows\ie8\inseng.dll
+ 2012-02-21 00:16 . 2008-04-14 05:41 35840 c:\windows\ie8\imgutil.dll
+ 2012-02-21 00:16 . 2008-04-14 05:42 93184 c:\windows\ie8\iexplore.exe
+ 2012-02-21 00:16 . 2008-04-14 05:41 62976 c:\windows\ie8\iesetup.dll
+ 2012-02-21 00:16 . 2008-04-14 05:41 48640 c:\windows\ie8\iernonce.dll
+ 2012-02-21 00:16 . 2011-12-19 08:53 81920 c:\windows\ie8\ieencode.dll
+ 2012-02-21 00:16 . 2008-04-14 05:42 34304 c:\windows\ie8\ie4uinit.exe
+ 2012-02-21 00:16 . 2008-04-14 05:41 38912 c:\windows\ie8\hmmapi.dll
+ 2012-02-21 00:16 . 2008-04-14 05:41 35328 c:\windows\ie8\corpol.dll
+ 2012-02-21 00:16 . 2008-04-14 05:41 99840 c:\windows\ie8\advpack.dll
+ 2012-02-21 00:16 . 2008-04-14 05:41 61440 c:\windows\ie8\admparse.dll
+ 2012-02-21 00:19 . 2009-03-08 04:35 2048 c:\windows\ie8updates\KB2598845-IE8\iecompat.dll
- 2011-03-09 08:48 . 2008-04-14 05:42 121856 c:\windows\system32\xmllite.dll
+ 2011-03-09 08:48 . 2009-01-07 18:21 121856 c:\windows\system32\xmllite.dll
+ 2009-03-08 04:34 . 2009-03-08 04:34 208384 c:\windows\system32\WinFXDocObj.exe
+ 2003-03-31 14:00 . 2009-03-08 04:34 236544 c:\windows\system32\webcheck.dll
+ 2003-03-31 14:00 . 2011-03-04 06:37 420864 c:\windows\system32\vbscript.dll
+ 2003-03-31 14:00 . 2011-12-17 19:46 105984 c:\windows\system32\url.dll
+ 2003-03-31 14:00 . 2012-02-24 19:43 486156 c:\windows\system32\perfh009.dat
+ 2003-03-31 14:00 . 2011-12-17 19:46 206848 c:\windows\system32\occache.dll
+ 2003-03-31 14:00 . 2011-12-17 19:46 611840 c:\windows\system32\mstime.dll
+ 2003-03-31 14:00 . 2009-03-08 04:34 193536 c:\windows\system32\msrating.dll
+ 2003-03-31 14:00 . 2009-03-08 04:22 156160 c:\windows\system32\msls31.dll
+ 2009-03-08 04:32 . 2011-12-17 19:46 602112 c:\windows\system32\msfeeds.dll
+ 2009-01-07 18:20 . 2009-01-07 18:20 265720 c:\windows\system32\msdbg2.dll
+ 2012-02-19 01:08 . 2012-02-19 01:08 250016 c:\windows\system32\Macromed\Flash\FlashUtil11f_Plugin.exe
+ 2006-05-18 05:58 . 2011-03-04 06:37 726528 c:\windows\system32\jscript.dll
+ 2009-03-08 04:22 . 2009-03-08 04:22 164352 c:\windows\system32\ieui.dll
+ 2006-02-24 15:24 . 2011-12-17 19:46 184320 c:\windows\system32\iepeers.dll
+ 2003-03-31 14:00 . 2011-12-17 19:46 387584 c:\windows\system32\iedkcs32.dll
+ 2009-03-08 04:11 . 2009-03-08 04:11 445952 c:\windows\system32\ieapfltr.dll
+ 2003-03-31 14:00 . 2009-03-08 04:32 163840 c:\windows\system32\ieakui.dll
+ 2003-03-31 14:00 . 2009-03-08 04:33 229376 c:\windows\system32\ieaksie.dll
+ 2003-03-31 14:00 . 2009-03-08 04:33 125952 c:\windows\system32\ieakeng.dll
+ 2003-03-31 14:00 . 2011-12-16 12:23 174080 c:\windows\system32\ie4uinit.exe
+ 2006-06-09 14:35 . 2009-03-08 04:31 216064 c:\windows\system32\dxtrans.dll
+ 2006-06-09 14:35 . 2009-03-08 04:31 348160 c:\windows\system32\dxtmsft.dll
+ 2006-06-23 11:33 . 2011-12-17 19:46 916992 c:\windows\system32\dllcache\wininet.dll
+ 2003-03-31 14:00 . 2009-03-08 04:34 236544 c:\windows\system32\dllcache\webcheck.dll
+ 2011-02-08 22:27 . 2011-04-30 03:01 758784 c:\windows\system32\dllcache\vgx.dll
+ 2003-03-31 14:00 . 2011-03-04 06:37 420864 c:\windows\system32\dllcache\vbscript.dll
+ 2003-03-31 14:00 . 2011-12-17 19:46 105984 c:\windows\system32\dllcache\url.dll
+ 2009-01-07 18:20 . 2009-01-07 18:20 134144 c:\windows\system32\dllcache\sqmapi.dll
+ 2003-03-31 14:00 . 2011-12-17 19:46 206848 c:\windows\system32\dllcache\occache.dll
+ 2003-03-31 14:00 . 2011-12-17 19:46 611840 c:\windows\system32\dllcache\mstime.dll
+ 2003-03-31 14:00 . 2009-03-08 04:34 193536 c:\windows\system32\dllcache\msrating.dll
+ 2003-03-31 14:00 . 2009-03-08 04:22 156160 c:\windows\system32\dllcache\msls31.dll
+ 2006-05-18 05:58 . 2011-03-04 06:37 726528 c:\windows\system32\dllcache\jscript.dll
+ 2011-02-08 22:27 . 2009-03-08 14:09 638816 c:\windows\system32\dllcache\iexplore.exe
+ 2006-02-24 15:24 . 2011-12-17 19:46 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2003-03-31 14:00 . 2011-12-17 19:46 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2003-03-31 14:00 . 2009-03-08 04:32 163840 c:\windows\system32\dllcache\ieakui.dll
+ 2003-03-31 14:00 . 2009-03-08 04:33 229376 c:\windows\system32\dllcache\ieaksie.dll
+ 2003-03-31 14:00 . 2009-03-08 04:33 125952 c:\windows\system32\dllcache\ieakeng.dll
+ 2003-03-31 14:00 . 2011-12-16 12:23 174080 c:\windows\system32\dllcache\ie4uinit.exe
+ 2006-06-09 14:35 . 2009-03-08 04:31 216064 c:\windows\system32\dllcache\dxtrans.dll
+ 2006-06-09 14:35 . 2009-03-08 04:31 348160 c:\windows\system32\dllcache\dxtmsft.dll
+ 2003-03-31 14:00 . 2009-03-08 04:32 128512 c:\windows\system32\dllcache\advpack.dll
+ 2012-02-22 00:52 . 2011-04-22 11:10 551424 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\BingBar\Apps\Translator_f5cbd3ef4c144434b17913278004e270\7.0.615\elslad.dll
+ 2012-02-21 23:42 . 2011-10-21 15:13 179808 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\BingBar\Apps\Search_6f21d9007fa34bc78d94309126de58f5\7.0.850\SearchHistoryStore.dll
+ 2012-02-21 23:42 . 2011-10-21 15:13 153184 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\BingBar\Apps\Search_6f21d9007fa34bc78d94309126de58f5\7.0.850\SearchGhosting.dll
+ 2012-02-21 23:42 . 2011-10-21 15:13 178784 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\BingBar\Apps\Mail_15642ee020d2449d86382022aa6f2548\7.0.850\mailcomm.dll
+ 2003-03-31 14:00 . 2009-03-08 04:32 128512 c:\windows\system32\advpack.dll
+ 2012-02-02 13:32 . 2012-02-02 13:32 279992 c:\windows\system32\Adobe\Shockwave 11\SymCCIS.dll
- 2011-11-02 09:28 . 2011-11-02 09:28 279992 c:\windows\system32\Adobe\Shockwave 11\SymCCIS.dll
+ 2012-02-02 13:49 . 2012-02-02 13:49 114176 c:\windows\system32\Adobe\Shockwave 11\SwInit.exe
- 2011-11-02 09:45 . 2011-11-02 09:45 114176 c:\windows\system32\Adobe\Shockwave 11\SwInit.exe
- 2011-11-02 09:47 . 2011-11-02 09:47 434176 c:\windows\system32\Adobe\Shockwave 11\Proj.dll
+ 2012-02-02 13:50 . 2012-02-02 13:50 434176 c:\windows\system32\Adobe\Shockwave 11\Proj.dll
- 2011-11-02 09:45 . 2011-11-02 09:45 365056 c:\windows\system32\Adobe\Shockwave 11\Plugin.dll
+ 2012-02-02 13:49 . 2012-02-02 13:49 365056 c:\windows\system32\Adobe\Shockwave 11\Plugin.dll
- 2011-11-02 09:33 . 2011-11-02 09:33 990208 c:\windows\system32\Adobe\Shockwave 11\iml32.dll
+ 2012-02-02 13:36 . 2012-02-02 13:36 990208 c:\windows\system32\Adobe\Shockwave 11\iml32.dll
+ 2012-02-02 13:49 . 2012-02-02 13:49 543232 c:\windows\system32\Adobe\Shockwave 11\Control.dll
+ 2012-02-02 13:56 . 2012-02-02 13:56 113592 c:\windows\system32\Adobe\Director\SWDNLD.EXE
+ 2012-02-02 13:56 . 2012-02-02 13:56 281016 c:\windows\system32\Adobe\Director\SwDir.dll
- 2011-11-02 09:46 . 2011-11-02 09:46 145920 c:\windows\system32\Adobe\Director\np32dsw.dll
+ 2012-02-02 13:49 . 2012-02-02 13:49 145920 c:\windows\system32\Adobe\Director\np32dsw.dll
+ 2012-02-21 00:18 . 2009-03-08 04:34 914944 c:\windows\ie8updates\KB982381-IE8\wininet.dll
+ 2012-02-21 00:18 . 2010-02-22 14:23 382840 c:\windows\ie8updates\KB982381-IE8\spuninst\updspapi.dll
+ 2012-02-21 00:18 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB982381-IE8\spuninst\spuninst.exe
+ 2012-02-21 00:18 . 2009-03-08 04:34 109568 c:\windows\ie8updates\KB982381-IE8\occache.dll
+ 2012-02-21 00:18 . 2009-03-08 04:32 611840 c:\windows\ie8updates\KB982381-IE8\mstime.dll
+ 2012-02-21 00:18 . 2009-03-08 04:32 594432 c:\windows\ie8updates\KB982381-IE8\msfeeds.dll
+ 2012-02-21 00:18 . 2009-03-08 04:33 246784 c:\windows\ie8updates\KB982381-IE8\ieproxy.dll
+ 2012-02-21 00:18 . 2009-03-08 04:31 183808 c:\windows\ie8updates\KB982381-IE8\iepeers.dll
+ 2012-02-21 00:18 . 2009-03-08 04:35 742912 c:\windows\ie8updates\KB982381-IE8\iedvtool.dll
+ 2012-02-21 00:18 . 2009-03-08 14:09 391536 c:\windows\ie8updates\KB982381-IE8\iedkcs32.dll
+ 2012-02-21 00:18 . 2009-03-08 04:32 173056 c:\windows\ie8updates\KB982381-IE8\ie4uinit.exe
+ 2012-02-21 00:20 . 2011-11-04 19:20 916992 c:\windows\ie8updates\KB2647516-IE8\wininet.dll
+ 2012-02-21 00:20 . 2011-11-04 19:20 105984 c:\windows\ie8updates\KB2647516-IE8\url.dll
+ 2012-02-21 00:20 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2647516-IE8\spuninst\updspapi.dll
+ 2012-02-21 00:20 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2647516-IE8\spuninst\spuninst.exe
+ 2012-02-21 00:20 . 2011-11-04 19:20 206848 c:\windows\ie8updates\KB2647516-IE8\occache.dll
+ 2012-02-21 00:20 . 2011-11-04 19:20 611840 c:\windows\ie8updates\KB2647516-IE8\mstime.dll
+ 2012-02-21 00:20 . 2011-11-04 19:20 602112 c:\windows\ie8updates\KB2647516-IE8\msfeeds.dll
+ 2012-02-21 00:20 . 2011-11-04 19:20 247808 c:\windows\ie8updates\KB2647516-IE8\ieproxy.dll
+ 2012-02-21 00:20 . 2011-11-04 19:20 184320 c:\windows\ie8updates\KB2647516-IE8\iepeers.dll
+ 2012-02-21 00:20 . 2011-11-04 19:20 743424 c:\windows\ie8updates\KB2647516-IE8\iedvtool.dll
+ 2012-02-21 00:20 . 2011-11-04 19:20 387584 c:\windows\ie8updates\KB2647516-IE8\iedkcs32.dll
+ 2012-02-21 00:20 . 2011-11-04 11:24 174080 c:\windows\ie8updates\KB2647516-IE8\ie4uinit.exe
+ 2012-02-21 00:19 . 2010-05-06 10:41 916480 c:\windows\ie8updates\KB2618444-IE8\wininet.dll
+ 2012-02-21 00:19 . 2009-03-08 04:34 105984 c:\windows\ie8updates\KB2618444-IE8\url.dll
+ 2012-02-21 00:19 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2618444-IE8\spuninst\updspapi.dll
+ 2012-02-21 00:19 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2618444-IE8\spuninst\spuninst.exe
+ 2012-02-21 00:19 . 2010-05-06 10:41 206848 c:\windows\ie8updates\KB2618444-IE8\occache.dll
+ 2012-02-21 00:19 . 2010-05-06 10:41 611840 c:\windows\ie8updates\KB2618444-IE8\mstime.dll
+ 2012-02-21 00:19 . 2010-05-06 10:41 599040 c:\windows\ie8updates\KB2618444-IE8\msfeeds.dll
+ 2012-02-21 00:19 . 2010-05-06 10:41 247808 c:\windows\ie8updates\KB2618444-IE8\ieproxy.dll
+ 2012-02-21 00:19 . 2010-05-06 10:41 184320 c:\windows\ie8updates\KB2618444-IE8\iepeers.dll
+ 2012-02-21 00:19 . 2010-05-06 10:41 743424 c:\windows\ie8updates\KB2618444-IE8\iedvtool.dll
+ 2012-02-21 00:19 . 2010-05-06 10:41 387584 c:\windows\ie8updates\KB2618444-IE8\iedkcs32.dll
+ 2012-02-21 00:19 . 2010-05-05 13:30 173056 c:\windows\ie8updates\KB2618444-IE8\ie4uinit.exe
+ 2012-02-21 00:19 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2598845-IE8\spuninst\updspapi.dll
+ 2012-02-21 00:19 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2598845-IE8\spuninst\spuninst.exe
+ 2012-02-21 17:50 . 2009-03-08 04:33 759296 c:\windows\ie8updates\KB2544521-IE8\vgx.dll
+ 2012-02-21 17:50 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2544521-IE8\spuninst\updspapi.dll
+ 2012-02-21 17:50 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2544521-IE8\spuninst\spuninst.exe
+ 2012-02-21 17:50 . 2009-03-08 04:33 420352 c:\windows\ie8updates\KB2510531-IE8\vbscript.dll
+ 2012-02-21 17:50 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2510531-IE8\spuninst\updspapi.dll
+ 2012-02-21 17:50 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2510531-IE8\spuninst\spuninst.exe
+ 2012-02-21 17:50 . 2009-03-08 04:33 726528 c:\windows\ie8updates\KB2510531-IE8\jscript.dll
+ 2012-02-21 00:16 . 2011-12-19 08:53 667136 c:\windows\ie8\wininet.dll
+ 2012-02-21 00:16 . 2008-04-14 05:42 276480 c:\windows\ie8\webcheck.dll
+ 2012-02-21 00:16 . 2011-04-29 19:07 852480 c:\windows\ie8\vgx.dll
+ 2012-02-21 00:16 . 2011-03-04 06:45 434176 c:\windows\ie8\vbscript.dll
+ 2012-02-21 00:16 . 2011-12-19 08:53 633344 c:\windows\ie8\urlmon.dll
+ 2012-02-21 00:17 . 2009-01-07 18:21 382496 c:\windows\ie8\spuninst\updspapi.dll
+ 2012-02-21 00:17 . 2009-01-07 18:20 231456 c:\windows\ie8\spuninst\spuninst.exe
+ 2012-02-21 00:16 . 2011-12-19 08:53 532480 c:\windows\ie8\mstime.dll
+ 2012-02-21 00:16 . 2008-04-14 05:42 146432 c:\windows\ie8\msrating.dll
+ 2012-02-21 00:16 . 2003-03-31 14:00 146432 c:\windows\ie8\msls31.dll
+ 2012-02-21 00:16 . 2011-12-19 08:53 449536 c:\windows\ie8\mshtmled.dll
+ 2012-02-21 00:16 . 2011-03-04 06:45 512000 c:\windows\ie8\jscript.dll
+ 2012-02-21 00:16 . 2011-12-19 08:53 251904 c:\windows\ie8\iepeers.dll
+ 2012-02-21 00:16 . 2008-04-14 05:41 323584 c:\windows\ie8\iedkcs32.dll
+ 2012-02-21 00:16 . 2003-03-31 14:00 221184 c:\windows\ie8\ieakui.dll
+ 2012-02-21 00:16 . 2008-04-14 05:41 216576 c:\windows\ie8\ieaksie.dll
+ 2012-02-21 00:16 . 2008-04-14 05:41 143360 c:\windows\ie8\ieakeng.dll
+ 2012-02-21 00:16 . 2008-04-14 05:41 205312 c:\windows\ie8\dxtrans.dll
+ 2012-02-21 00:16 . 2008-04-14 05:41 357888 c:\windows\ie8\dxtmsft.dll
+ 2006-08-30 20:42 . 2011-12-17 19:46 1212416 c:\windows\system32\urlmon.dll
+ 2006-06-30 10:28 . 2011-12-17 19:46 5979136 c:\windows\system32\mshtml.dll
- 2012-02-09 02:05 . 2012-02-09 02:05 8527008 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2012-02-09 02:05 . 2012-02-19 01:08 8527008 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2009-03-08 04:32 . 2011-12-17 19:46 2000384 c:\windows\system32\iertutil.dll
+ 2009-02-06 21:07 . 2009-02-06 21:07 3698584 c:\windows\system32\ieapfltr.dat
+ 2006-08-30 20:42 . 2011-12-17 19:46 1212416 c:\windows\system32\dllcache\urlmon.dll
+ 2006-06-30 10:28 . 2011-12-17 19:46 5979136 c:\windows\system32\dllcache\mshtml.dll
+ 2012-02-21 23:42 . 2012-02-21 23:42 1000000 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\BingBar\Apps\Search_6f21d9007fa34bc78d94309126de58f5\VersionIndependent\searchhs.dat
+ 2012-02-02 13:56 . 2012-02-02 13:56 1041848 c:\windows\system32\Adobe\Shockwave 11\SwHelper_1164634.exe
+ 2012-02-02 13:32 . 2012-02-02 13:32 2376368 c:\windows\system32\Adobe\Shockwave 11\gt.exe
- 2011-11-02 09:28 . 2011-11-02 09:28 2376368 c:\windows\system32\Adobe\Shockwave 11\gt.exe
+ 2012-02-02 13:32 . 2012-02-02 13:32 1224704 c:\windows\system32\Adobe\Shockwave 11\gi.dll
- 2011-11-02 09:35 . 2011-11-02 09:35 1742336 c:\windows\system32\Adobe\Shockwave 11\dirapi.dll
+ 2012-02-02 13:38 . 2012-02-02 13:38 1742336 c:\windows\system32\Adobe\Shockwave 11\dirapi.dll
+ 2012-02-21 00:18 . 2009-03-08 04:34 1206784 c:\windows\ie8updates\KB982381-IE8\urlmon.dll
+ 2012-02-21 00:18 . 2009-03-08 04:41 5937152 c:\windows\ie8updates\KB982381-IE8\mshtml.dll
+ 2012-02-21 00:18 . 2009-03-08 04:32 1985024 c:\windows\ie8updates\KB982381-IE8\iertutil.dll
+ 2012-02-21 00:20 . 2011-11-04 19:20 1212416 c:\windows\ie8updates\KB2647516-IE8\urlmon.dll
+ 2012-02-21 00:20 . 2011-11-04 19:20 5978112 c:\windows\ie8updates\KB2647516-IE8\mshtml.dll
+ 2012-02-21 00:20 . 2011-11-04 19:20 2000384 c:\windows\ie8updates\KB2647516-IE8\iertutil.dll
+ 2012-02-21 00:19 . 2010-05-06 10:41 1209344 c:\windows\ie8updates\KB2618444-IE8\urlmon.dll
+ 2012-02-21 00:19 . 2010-05-06 10:41 5950976 c:\windows\ie8updates\KB2618444-IE8\mshtml.dll
+ 2012-02-21 00:19 . 2010-05-06 10:41 1985536 c:\windows\ie8updates\KB2618444-IE8\iertutil.dll
+ 2012-02-21 00:16 . 2011-12-19 08:53 3087360 c:\windows\ie8\mshtml.dll
+ 2009-03-08 04:39 . 2011-12-18 14:46 11082240 c:\windows\system32\ieframe.dll
+ 2012-02-21 00:18 . 2009-03-08 04:39 11063808 c:\windows\ie8updates\KB982381-IE8\ieframe.dll
+ 2012-02-21 00:20 . 2011-11-04 19:20 11081728 c:\windows\ie8updates\KB2647516-IE8\ieframe.dll
+ 2012-02-21 00:19 . 2010-05-06 10:41 11076096 c:\windows\ie8updates\KB2618444-IE8\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"Sophos AutoUpdate Monitor"="c:\program files\Sophos\AutoUpdate\almon.exe" [2011-03-29 439536]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^D-Link REG Utility.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\D-Link REG Utility.lnk
backup=c:\windows\pss\D-Link REG Utility.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DWL-G520M Wireless 108G MIMO PCI Adapter Utility.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\DWL-G520M Wireless 108G MIMO PCI Adapter Utility.lnk
backup=c:\windows\pss\DWL-G520M Wireless 108G MIMO PCI Adapter Utility.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Secunia PSI Tray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
backup=c:\windows\pss\Secunia PSI Tray.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Status Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk
backup=c:\windows\pss\Status Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Glenn^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\Glenn\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Glenn^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
path=c:\documents and settings\Glenn\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 13:10 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-01-03 13:10 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 07:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\btbb_McciTrayApp]
2011-05-26 15:04 1590144 ----a-w- c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 05:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GMX_GMX File Storage Manager]
2010-07-15 15:58 943488 ----a-w- c:\program files\GMX\GMX File Storage Manager\DAVSRV.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-01-31 13:02 136176 ----atw- c:\documents and settings\Glenn\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2011-05-10 02:41 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
2005-02-02 15:44 61440 ----a-w- c:\hp\KBD\kbd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
2008-04-14 05:42 169984 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\msconfig.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 05:42 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 22:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2006-10-22 12:22 86016 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-10-22 12:22 1622016 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 14:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task1]
2011-10-24 14:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandboxieControl]
2011-11-23 13:17 442640 ----a-w- c:\program files\Sandboxie\SbieCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2007-04-16 14:28 577536 ----a-w- c:\windows\soundman.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 13:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemProtector]
2011-11-09 16:08 10055480 ----a-w- c:\program files\Advanced System Optimizer 3\systemprotector.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"OMSI download service"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [08/02/2011 22:56 153344]
R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [08/02/2011 22:56 24064]
R1 uigcrdr;uigcrdr;c:\windows\system32\drivers\uigcrdr.SYS [12/04/2011 22:05 149120]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [20/06/2011 20:17 22504]
R3 adatadrv;Autodata Protection Service;c:\windows\system32\drivers\adatadrv.sys [31/07/2011 19:06 762112]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [22/02/2012 00:35 20464]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [08/08/2011 20:15 27632]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\drivers\vcsvad.sys [06/01/2012 00:36 17792]
S3 AR5513;%ATHER.Service.DispName%;c:\windows\system32\DRIVERS\ar5513.sys --> c:\windows\system32\DRIVERS\ar5513.sys [?]
S3 cpuz134;cpuz134;\??\c:\docume~1\Glenn\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\Glenn\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [01/02/2012 17:31 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [01/02/2012 17:31 8456]
S3 eustub;Usb Stub (Eltima software);c:\windows\system32\drivers\eusbstub.sys [14/01/2012 20:36 12488]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [21/10/2011 20:48 13224]
S3 PROCEXP151;PROCEXP151;\??\c:\windows\system32\Drivers\PROCEXP151.SYS --> c:\windows\system32\Drivers\PROCEXP151.SYS [?]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [01/09/2010 08:30 15544]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [26/03/2011 21:08 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [26/03/2011 21:08 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [26/03/2011 21:08 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [26/03/2011 21:08 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [26/03/2011 21:08 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [26/03/2011 21:08 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [26/03/2011 21:08 115752]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [23/04/2007 13:54 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [23/04/2007 13:54 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [23/04/2007 13:54 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [23/04/2007 13:54 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [23/04/2007 13:54 98568]
S3 sdcfilter;sdcfilter;c:\windows\system32\drivers\sdcfilter.sys [29/03/2011 15:03 23928]
S3 UMSSSTOR;C-Media Storage;c:\windows\system32\drivers\Umss.SYS [13/07/2004 12:40 48512]
S3 vuhub;Virtual Usb Hub;c:\windows\system32\drivers\vuhub.sys [14/01/2012 20:36 51400]
S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [08/02/2011 22:56 14976]
S4 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2012-02-24 c:\windows\Tasks\FinalTorrent Update Checker.job
- c:\program files\FinalTorrent\FTCheckForUpdates.exe [2011-07-28 14:24]
.
2012-02-24 c:\windows\Tasks\FreeFileViewerUpdateChecker.job
- c:\program files\FreeFileViewer\FFVCheckForUpdates.exe [2011-11-27 15:24]
.
2012-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-03 02:07]
.
2012-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-03 02:07]
.
2012-02-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-1606980848-725345543-1003Core.job
- c:\documents and settings\Glenn\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-31 13:02]
.
2012-02-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-1606980848-725345543-1003UA.job
- c:\documents and settings\Glenn\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-31 13:02]
.
2012-02-24 c:\windows\Tasks\{DD443378-65C3-4D71-8A46-6F4AE90146D0}_COMPAQ_Glenn.job
- c:\windows\system32\mobsync.exe [2003-03-31 05:42]
.
.
------- Supplementary Scan -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\f06vy8xa.default\
FF - prefs.js: browser.startup.homepage - www.google.co.uk
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-24 19:58
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ad,05,f7,38,97,2a,58,4c,92,e3,4c,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ad,05,f7,38,97,2a,58,4c,92,e3,4c,\
.
[HKEY_USERS\S-1-5-21-1390067357-1606980848-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a2,18,32,bd,64,99,40,4d,b1,3d,ca,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a2,18,32,bd,64,99,40,4d,b1,3d,ca,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1016)
c:\windows\system32\WININET.dll
c:\progra~1\mcafee\sitead~1\saHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\System32\uigcnp.dll
.
Completion time: 2012-02-24 20:05:48
ComboFix-quarantined-files.txt 2012-02-24 20:02
ComboFix2.txt 2012-02-16 19:19
ComboFix3.txt 2012-02-13 18:01
ComboFix4.txt 2012-02-02 15:25
ComboFix5.txt 2012-02-19 12:27
.
Pre-Run: 59,218,526,208 bytes free
Post-Run: 59,472,658,432 bytes free
.
- - End Of File - - E35AFFD56F465580153CF4759212DA4B

Cheers Gringo.

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:56 PM

Posted 24 February 2012 - 05:00 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo

Edited by gringo_pr, 24 February 2012 - 05:02 PM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 duffsparky

duffsparky
  • Topic Starter

  • Members
  • 267 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:56 AM

Posted 24 February 2012 - 08:58 PM

Gringo

Here is the report requested;

Thanks.

100% Free Chess 7.42
Adobe Acrobat - Reader 6.0.2 Update
Adobe Acrobat 6.0.1 Professional
Adobe Acrobat and Reader 6.0.3 Update
Adobe Acrobat and Reader 6.0.4 Update
Adobe Acrobat and Reader 6.0.5 Update
Adobe Acrobat and Reader 6.0.6 Update
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.2)
Adobe Shockwave Player 11.6
Advanced System Optimizer
Advanced SystemCare 5
Apple Application Support
Apple Software Update
Arena 3.0
BitTorrent
BitZipper 2010
Brother MFL-Pro Suite
BT Broadband Desktop Help
C-Media USB Mass Storage Driver
CCleaner
Chess Titans
Compiled Driver Disk (Sony Ericsson) 0.99
CPUID HWMonitor 1.17
CPUID HWMonitor Pro 1.11
D-Link VGA Webcam
EASEUS Data Recovery Wizard Free Edition 5.5.1
EASEUS Partition Master 9.1.0 Home Edition
Enhanced Multimedia Keyboard Solution
Event Log Explorer 3.3
File Type Assistant
FinalTorrent 2011
Folder Size for Windows
Free File Viewer 2011
Free PDF to Word Doc Converter v1.1
Freecom Network Storage Assistant 1.70
GMX File Storage Manager
GNU Backgammon (MAIN branch, 20111003 code)
Google Earth
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB971276-v3)
Hotfix for Windows XP (KB976002-v5)
HP Product Detection
HP Update
Intel® Network Connections 16.8.46.0
Java Auto Updater
Java™ 6 Update 22
Java™ 6 Update 30
Junk Mail filter update
LinuxLive USB Creator
Magic ISO Maker v5.5 (build 0281)
MagicDisc 2.7.106
Malwarebytes Anti-Malware version 1.60.1.1000
ManageEngine EventLog Analyzer 7
McAfee SiteAdvisor
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Outlook SMS Add-in
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visio 2007 Service Pack 3 (SP3)
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Professional 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Virtual PC 2007
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Motherboard Monitor 5
Mozilla Firefox 10.0.2 (x86 en-GB)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB927977)
MultiHasher 2.1
MyPhoneExplorer
NirSoft IconsExtract
NirSoft RegScanner
NirSoft WirelessNetView
NVIDIA Drivers
OpenOffice.org 3.3
PC Inspector File Recovery
Picasa 3
QuickTime
Realtek AC'97 Audio
REALTEK GbE & FE Ethernet PCI NIC Driver
Reimage Repair
Sandboxie 3.62 (32-bit)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows XP (KB2647516)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB923789)
Segoe UI
Sony Ericsson PC Companion 2.02.015
Sony Ericsson Update Engine
Sony Ericsson Update Service
Sophos Anti-Virus
Sophos AutoUpdate
swMSM
System Requirements Lab
System Requirements Lab for Intel
Tweak UI
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Visio 2007 Help (KB963666)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2467659)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR 4.01 (32-bit)
WinZip 16.0
XPS Essentials Pack
XPS Essentials Pack 1.0

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:56 PM

Posted 24 February 2012 - 09:51 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

BitTorrent
Java™ 6 Update 22
Java™ 6 Update 30
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users